Mastering Windows Security and Hardening

Book description

Enhance Windows security and protect your systems and servers from various cyber attacks

Key Features

  • Protect your device using a zero-trust approach and advanced security techniques
  • Implement efficient security measures using Microsoft Intune, Configuration Manager, and Azure solutions
  • Understand how to create cyber-threat defense solutions effectively

Book Description

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users?

Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions.

We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you'll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations.

By the end of this book, you'll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.

What you will learn

  • Understand baselining and learn the best practices for building a baseline
  • Get to grips with identity management and access management on Windows-based systems
  • Delve into the device administration and remote management of Windows-based systems
  • Explore security tips to harden your Windows server and keep clients secure
  • Audit, assess, and test to ensure controls are successfully applied and enforced
  • Monitor and report activities to stay on top of vulnerabilities

Who this book is for

This book is for system administrators, cybersecurity and technology professionals, solutions architects, or anyone interested in learning how to secure their Windows-based systems. A basic understanding of Windows security concepts, Intune, Configuration Manager, Windows PowerShell, and Microsoft Azure will help you get the best out of this book.

Publisher resources

Download Example Code

Table of contents

  1. Mastering Windows Security and Hardening
  2. Why subscribe?
  3. Contributors
  4. About the authors
  5. About the reviewer
  6. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Code in Action
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  8. Section 1: Getting Started
  9. Chapter 1: Fundamentals of Windows Security
    1. Understanding the security transformation
    2. Living in today's digital world
    3. Today's threats
    4. Identifying vulnerabilities
    5. Recognizing breaches
    6. Current security challenges
    7. Implementing a Zero Trust approach
    8. Summary
  10. Chapter 2: Building a Baseline
    1. Introduction to baselining
    2. Policies, standards, procedures, and guidelines
      1. Defining policies
      2. Setting standards
      3. Creating procedures
      4. Recommending guidelines
    3. Incorporating change management
    4. Implementing a security framework
    5. Building baseline controls
      1. CIS
      2. Windows security baselines
    6. Implementing a baseline
      1. CIS
      2. Microsoft SCT
    7. Incorporating best practices
    8. Summary
  11. Chapter 3: Server Infrastructure Management
    1. Technical requirements
    2. Overview of the data center and the cloud
      1. Types of data center
        1. On-premise
        2. Cloud
        3. Hybrid
    3. Implementing access management in Windows servers
      1. Physical and user access security
      2. Privileged Access Management, Just-in-Time Access, and Privileged Identity Management
      3. Using a tiered model for privileged access
        1. Tier 0
        2. Tier 1
        3. Tier 2
        4. Important considerations
      4. Enhanced security administrative environment
      5. Access management best practices
    4. Understanding Windows Server management tools
      1. Introducing Server Manager
        1. Using the Best Practices Analyzer (BPA)
      2. Looking at Event Viewer
      3. Using Windows Server Update Services
      4. Introducing Windows Admin Center
    5. Using Azure services to manage Windows servers
      1. The Azure portal and Marketplace
        1. Using the Azure Marketplace
      2. Implementing role-based access control
      3. Azure Resource Manager
      4. Understanding Azure Backup
        1. Securing Azure Backup
      5. Introducing Azure Update Management
      6. Leveraging Azure Site Recovery
    6. Summary
  12. Chapter 4: End User Device Management
    1. Technical requirements
    2. Device management evolution
    3. Device Imaging and Windows Autopilot
      1. Windows Assessment and Deployment Kit (Windows ADK)
      2. Windows Configuration Designer
      3. Microsoft Deployment Toolkit
      4. Windows Deployment Services
      5. MDT and Configuration Manager
      6. Windows Autopilot
    4. Microsoft Endpoint Configuration Manager
      1. Securely deploying clients for Configuration Manager
      2. Client collections, settings, and communications
        1. Client settings
        2. Client communication
    5. Intune Mobile Device Management (MDM)
      1. Configuration Service Provider
      2. Mobile Device Management versus Mobile Application Management
      3. Windows enrollment methods
    6. Introducing Microsoft Endpoint Manager
    7. Summary
  13. Section 2: Applying Security and Hardening
  14. Chapter 5: Hardware and Virtualization
    1. Technical requirements
    2. Physical servers and virtualization
      1. Microsoft virtualization
        1. Hyper-V
        2. Azure virtual machines
        3. Windows Virtual Desktop
      2. Hardware security concerns
      3. Virtualization security concerns
      4. Cloud hardware and virtualization
    3. Introduction to hardware certification
    4. BIOS and UEFI, TPM 2.0, and Secure Boot
      1. Unified Extensible Firmware Interface
      2. UEFI Secure Boot
      3. Trusted Platform Module (TPM 2.0)
    5. Advanced protection with VBS
      1. Credential Guard
        1. Enabling Credential Guard with MDM (Intune)
        2. Enabling Credential Guard with Group Policy
      2. Device Guard
        1. Enabling Device Guard and Windows Defender Application Control with Group Policy
      3. Windows Defender Application Guard
      4. Hypervisor-Protected Code Integrity
        1. Enabling HVCI
      5. Windows Defender System Guard
    6. Hardware security recommendations and best practices
    7. Summary
  15. Chapter 6: Network Fundamentals for Hardening Windows
    1. Technical requirements
    2. Network security fundamentals
    3. Understanding Windows Network Security
      1. Network baselining
      2. Windows 10
        1. Wireless Local Area Network (WLAN)/Wi-Fi
        2. Bluetooth
        3. Virtual Private Networks (VPNs)
      3. Windows Server
        1. Local Area Network (LAN)/Ethernet
        2. Server roles and features
      4. Networking and Hyper-V
      5. Network troubleshooting
    4. Windows Defender Firewall and Advanced Security
      1. Configuring a firewall rule with Group Policy
      2. Windows Defender Exploit Guard Network Protection
        1. Configuring Windows Defender Exploit Guard Network Protection using Group Policy
    5. Introducing Azure network security
      1. Network Security Groups (NSGs)
        1. Service tags
        2. Application Security Groups (ASGs)
        3. Creating a network security group in Azure
    6. Summary
  16. Chapter 7: Identity and Access Management
    1. Technical requirements
    2. Identity and access management overview
      1. Identity
      2. Authentication
      3. Authorization
      4. Accountability
    3. Implementing account and access management
      1. HR and identity management
      2. Integrating directory services
      3. Using local administrative accounts
      4. Managing Azure external user access (B2B)
      5. Understanding the Azure cloud administrative roles
        1. The Office 365 admin and Azure AD roles
        2. Using Intune roles
        3. Security and compliance admins
      6. Implementing PAM security tools (PAM, PIM, and JIT)
        1. Using PAM
        2. Connecting with JIT access
        3. Enabling admins with Azure AD PIM
      7. Using Azure RBAC
    4. Understanding authentication, MFA, and going passwordless
      1. Securing your passwords
      2. Introducing SSPR
        1. Implementing SSPR for Windows 10 login
      3. Using Azure AD Seamless SSO
      4. Configuring Azure SSO
      5. Configuring MFA
      6. Introducing Windows Hello
      7. Understanding going passwordless
    5. Using Conditional Access and Identity Protection
    6. Summary
  17. Chapter 8: Administration and Remote Management
    1. Technical requirements
    2. Understanding device administration
      1. Differences between domain join, hybrid, and Azure AD joined devices
    3. Enforcing policies with MDM
      1. Creating compliance settings with Configuration Manager
        1. Introduction to Configuration Items
        2. Creating a Configuration Item
        3. Building a Configuration Baseline
        4. Reporting on a Configuration Baseline
        5. Assigning Endpoint Protection
      2. Creating Policies with Intune
        1. Configuring a device compliance policy
        2. Configuring a device configuration profile
        3. Deploying PowerShell scripts
        4. Using Administrative Templates
        5. Enforcing Intune security baselines
    4. Building security baselines
      1. Using the Microsoft Security Compliance Toolkit
        1. Comparing policies with Policy Analyzer
        2. Creating a GPO from the baseline recommendation
      2. Creating a Configuration Baseline from a GPO
    5. Connecting securely to servers remotely
      1. Remote management and support tools
      2. Using Azure Security Center Just-in-Time access
      3. Connecting with Azure Bastion
    6. Introducing PowerShell security
      1. Configuring PowerShell logging
      2. Using PowerShell Constrained Language Mode
      3. Enabling script execution
    7. Summary
  18. Chapter 9: Keeping Your Windows Client Secure
    1. Technical requirements
    2. Securing your Windows clients
    3. Introducing Windows Update for Business
      1. Configuring Windows updates in Intune
        1. Managing update deployments
        2. Monitoring update deployments
    4. Advanced Windows hardening configurations
      1. Enabling Windows Hello for Business
      2. Managing BitLocker encryption
      3. Configuring Windows Defender AV
      4. Enabling Microsoft Defender SmartScreen
      5. Preventing name resolution poisoning
        1. Link-Local Multicast Name Resolution
        2. NetBIOS Name Service (NBT-NS)
        3. Disabling Google Chrome mDNS
      6. Disabling the Web Proxy Autodiscovery Protocol (WPAD)
      7. Configuring Office security baselines
        1. Deploying user-based office policies
      8. Hardening Google Chrome
        1. Whitelisting extensions
      9. Preventing user access to the registry
      10. Windows Defender Application Control
        1. Considerations for WDAC or AppLocker
    5. Windows 10 privacy
      1. Controlling the privacy settings for each app
      2. Additional privacy settings
      3. Privacy settings for Microsoft Edge
    6. Summary
  19. Chapter 10: Keeping Your Windows Server Secure
    1. Technical requirements
    2. Windows Server versions
    3. Installing Windows Server roles and features
      1. Reducing the Windows Server footprint
      2. Installing Nano Server 2019
    4. Configuring Windows updates
      1. Implementing Windows Server Update Services (WSUS)
      2. Deploying Azure Update Management
    5. Connecting to Microsoft Defender ATP
      1. Onboarding with Group Policy
      2. Onboarding with Configuration Manager
    6. Hardening Windows Server
      1. Implementing a security baseline
        1. Controlling User Rights Assignment
        2. Configuring Accounts settings
        3. Configuring Interactive Logon
        4. Setting Remote Desktop Protocol session time limits
        5. Configuring account policies
        6. Implementing fine-grained password policies
        7. Securing the logon process
      2. Using Azure Disk Encryption
        1. Creating an Azure Key Vault
        2. Creating a key encryption key (KEK)
        3. Enabling Azure Disk Encryption on a virtual machine
    7. Deploying Windows Defender Application Control
    8. Summary
  20. Section 3: Protecting, Detecting, and Responding for Windows Environments
  21. Chapter 11: Security Monitoring and Reporting
    1. Technical requirements
    2. Monitoring with MDATP
      1. Investigating an alert
        1. The Threat analytics dashboard
        2. The Threat & Vulnerability Management dashboard
        3. Machine health and compliance
        4. Software inventory report
      2. Onboarding workstations to the MDATP service 
      3. Enabling the Microsoft Intune connection
      4. Creating a machine risk compliance policy
      5. Enabling advanced features
    3. Deploying Log Analytics
      1. Installing gallery solutions
        1. Update Compliance for Windows 10
        2. Deploying ChangeTracking
        3. Using ServiceMap
        4. Using Wire Data 2.0
    4. Monitoring with Azure Monitor and activity logs
      1. Secure access to Azure Monitor
      2. Monitoring Azure activity logs
    5. Configuring ASC
    6. Creating performance baselines
    7. Summary
  22. Chapter 12: Security Operations
    1. Technical requirements
    2. Introducing the SOC
    3. Using the M365 security portal
      1. Understanding Microsoft Secure Score
      2. Classifying your data
        1. DLP
        2. AIP
        3. WIP
    4. Using MCAS
      1. Reviewing the activity log
      2. Looking at a user’s activity
    5. Configuring Azure ATP
      1. Planning for Azure ATP
      2. Activating your instance
      3. Understanding the kill chain
      4. Looking at alerts
    6. Investigating threats with Azure Security Center
    7. Introducing Azure Sentinel
      1. Creating the connection
    8. Microsoft Defender Security Center
      1. Assigning permissions and machine groups
      2. Reviewing the alerts queue
      3. Automated Investigations
    9. Planning for business continuity and DR
    10. Summary
  23. Chapter 13: Testing and Auditing
    1. Technical requirements
    2. Validating controls
    3. Vulnerability scanning
      1. Preparing for a vulnerability scan
    4. Planning for penetration testing
      1. Executing a penetration test
      2. Reviewing the findings
    5. Security awareness and training
    6. Summary
  24. Chapter 14: Top 10 Recommendations and the Future
    1. The 10 most important to-dos
      1. Implementing identity protection and privileged access
      2. Enact a Zero Trust access model
      3. Define a security framework
      4. Get current and stay current
      5. Make use of modern management tools
      6. Certify your physical hardware devices
      7. Administer network security
      8. Always encrypt your devices
      9. Enable endpoint protection
      10. Deploy security monitoring solutions
      11. Other important items
        1. Stay educated
        2. Validate controls
        3. Application controls
        4. Security baselines and hardening
        5. Business continuity and disaster recovery
    2. The future of device security and management
    3. Security and the future
    4. Summary
  25. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Mastering Windows Security and Hardening
  • Author(s): Mark Dunkerley, Matt Tumbarello
  • Release date: August 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781839216411