book

Mastering Windows Security and Hardening

by Mark Dunkerley, Matt Tumbarello

July 2020

Intermediate to advanced

572 pages

12h 40m

English

Packt Publishing

Read now

Unlock full access

Why subscribe?ContributorsAbout the authorsAbout the reviewerPackt is searching for authors like you
Who this book is forWhat this book coversTo get the most out of this bookCode in ActionDownload the color imagesConventions usedGet in touchReviews
Understanding the security transformationLiving in today's digital worldToday's threatsIdentifying vulnerabilitiesRecognizing breachesCurrent security challengesImplementing a Zero Trust approachSummary
Introduction to baseliningPolicies, standards, procedures, and guidelinesDefining policiesSetting standardsCreating proceduresRecommending guidelinesIncorporating change managementImplementing a security frameworkBuilding baseline controlsCISWindows security baselinesImplementing a baselineCISMicrosoft SCTIncorporating best practicesSummary
Technical requirementsOverview of the data center and the cloudTypes of data centerOn-premiseCloudHybridImplementing access management in Windows serversPhysical and user access securityPrivileged Access Management, Just-in-Time Access, and Privileged Identity ManagementUsing a tiered model for privileged access Tier 0Tier 1Tier 2Important considerationsEnhanced security administrative environmentAccess management best practicesUnderstanding Windows Server management toolsIntroducing Server ManagerUsing the Best Practices Analyzer (BPA)Looking at Event ViewerUsing Windows Server Update Services Introducing Windows Admin CenterUsing Azure services to manage Windows serversThe Azure portal and MarketplaceUsing the Azure MarketplaceImplementing role-based access control Azure Resource ManagerUnderstanding Azure BackupSecuring Azure Backup Introducing Azure Update ManagementLeveraging Azure Site RecoverySummary
Technical requirementsDevice management evolutionDevice Imaging and Windows AutopilotWindows Assessment and Deployment Kit (Windows ADK)Windows Configuration DesignerMicrosoft Deployment ToolkitWindows Deployment ServicesMDT and Configuration ManagerWindows AutopilotMicrosoft Endpoint Configuration ManagerSecurely deploying clients for Configuration ManagerClient collections, settings, and communicationsClient settingsClient communicationIntune Mobile Device Management (MDM)Configuration Service ProviderMobile Device Management versus Mobile Application ManagementWindows enrollment methodsIntroducing Microsoft Endpoint ManagerSummary
Technical requirementsPhysical servers and virtualizationMicrosoft virtualizationHyper-VAzure virtual machinesWindows Virtual DesktopHardware security concernsVirtualization security concernsCloud hardware and virtualizationIntroduction to hardware certificationBIOS and UEFI, TPM 2.0, and Secure BootUnified Extensible Firmware InterfaceUEFI Secure BootTrusted Platform Module (TPM 2.0)Advanced protection with VBSCredential GuardEnabling Credential Guard with MDM (Intune)Enabling Credential Guard with Group PolicyDevice GuardEnabling Device Guard and Windows Defender Application Control with Group PolicyWindows Defender Application GuardHypervisor-Protected Code IntegrityEnabling HVCIWindows Defender System GuardHardware security recommendations and best practicesSummary
Technical requirementsNetwork security fundamentalsUnderstanding Windows Network SecurityNetwork baseliningWindows 10Wireless Local Area Network (WLAN)/Wi-FiBluetoothVirtual Private Networks (VPNs)Windows ServerLocal Area Network (LAN)/EthernetServer roles and featuresNetworking and Hyper-VNetwork troubleshootingWindows Defender Firewall and Advanced SecurityConfiguring a firewall rule with Group PolicyWindows Defender Exploit Guard Network ProtectionConfiguring Windows Defender Exploit Guard Network Protection using Group PolicyIntroducing Azure network security Network Security Groups (NSGs)Service tagsApplication Security Groups (ASGs)Creating a network security group in AzureSummary

Technical requirementsIdentity and access management overviewIdentityAuthenticationAuthorizationAccountabilityImplementing account and access managementHR and identity managementIntegrating directory servicesUsing local administrative accountsManaging Azure external user access (B2B)Understanding the Azure cloud administrative rolesThe Office 365 admin and Azure AD rolesUsing Intune rolesSecurity and compliance adminsImplementing PAM security tools (PAM, PIM, and JIT)Using PAMConnecting with JIT accessEnabling admins with Azure AD PIMUsing Azure RBACUnderstanding authentication, MFA, and going passwordlessSecuring your passwordsIntroducing SSPRImplementing SSPR for Windows 10 loginUsing Azure AD Seamless SSOConfiguring Azure SSOConfiguring MFAIntroducing Windows HelloUnderstanding going passwordlessUsing Conditional Access and Identity ProtectionSummary
Technical requirementsUnderstanding device administrationDifferences between domain join, hybrid, and Azure AD joined devicesEnforcing policies with MDMCreating compliance settings with Configuration ManagerIntroduction to Configuration ItemsCreating a Configuration ItemBuilding a Configuration BaselineReporting on a Configuration BaselineAssigning Endpoint ProtectionCreating Policies with IntuneConfiguring a device compliance policyConfiguring a device configuration profileDeploying PowerShell scriptsUsing Administrative TemplatesEnforcing Intune security baselinesBuilding security baselinesUsing the Microsoft Security Compliance ToolkitComparing policies with Policy AnalyzerCreating a GPO from the baseline recommendationCreating a Configuration Baseline from a GPOConnecting securely to servers remotelyRemote management and support toolsUsing Azure Security Center Just-in-Time accessConnecting with Azure BastionIntroducing PowerShell securityConfiguring PowerShell loggingUsing PowerShell Constrained Language ModeEnabling script executionSummary
Technical requirementsSecuring your Windows clientsIntroducing Windows Update for BusinessConfiguring Windows updates in IntuneManaging update deploymentsMonitoring update deploymentsAdvanced Windows hardening configurationsEnabling Windows Hello for BusinessManaging BitLocker encryptionConfiguring Windows Defender AVEnabling Microsoft Defender SmartScreenPreventing name resolution poisoningLink-Local Multicast Name ResolutionNetBIOS Name Service (NBT-NS)Disabling Google Chrome mDNSDisabling the Web Proxy Autodiscovery Protocol (WPAD)Configuring Office security baselinesDeploying user-based office policiesHardening Google ChromeWhitelisting extensionsPreventing user access to the registryWindows Defender Application ControlConsiderations for WDAC or AppLockerWindows 10 privacyControlling the privacy settings for each appAdditional privacy settingsPrivacy settings for Microsoft EdgeSummary
Technical requirementsWindows Server versionsInstalling Windows Server roles and featuresReducing the Windows Server footprintInstalling Nano Server 2019Configuring Windows updatesImplementing Windows Server Update Services (WSUS)Deploying Azure Update ManagementConnecting to Microsoft Defender ATPOnboarding with Group PolicyOnboarding with Configuration Manager Hardening Windows Server Implementing a security baselineControlling User Rights AssignmentConfiguring Accounts settingsConfiguring Interactive LogonSetting Remote Desktop Protocol session time limitsConfiguring account policiesImplementing fine-grained password policiesSecuring the logon processUsing Azure Disk EncryptionCreating an Azure Key VaultCreating a key encryption key (KEK)Enabling Azure Disk Encryption on a virtual machineDeploying Windows Defender Application ControlSummary
Technical requirementsMonitoring with MDATPInvestigating an alertThe Threat analytics dashboardThe Threat & Vulnerability Management dashboardMachine health and complianceSoftware inventory reportOnboarding workstations to the MDATP service Enabling the Microsoft Intune connectionCreating a machine risk compliance policyEnabling advanced featuresDeploying Log AnalyticsInstalling gallery solutionsUpdate Compliance for Windows 10Deploying ChangeTrackingUsing ServiceMapUsing Wire Data 2.0Monitoring with Azure Monitor and activity logsSecure access to Azure MonitorMonitoring Azure activity logsConfiguring ASCCreating performance baselinesSummary
Technical requirementsIntroducing the SOCUsing the M365 security portalUnderstanding Microsoft Secure ScoreClassifying your dataDLPAIPWIPUsing MCASReviewing the activity logLooking at a user’s activityConfiguring Azure ATPPlanning for Azure ATPActivating your instanceUnderstanding the kill chainLooking at alertsInvestigating threats with Azure Security Center Introducing Azure SentinelCreating the connectionMicrosoft Defender Security CenterAssigning permissions and machine groupsReviewing the alerts queueAutomated InvestigationsPlanning for business continuity and DRSummary
Technical requirementsValidating controlsVulnerability scanningPreparing for a vulnerability scanPlanning for penetration testingExecuting a penetration testReviewing the findingsSecurity awareness and trainingSummary
The 10 most important to-dosImplementing identity protection and privileged accessEnact a Zero Trust access modelDefine a security frameworkGet current and stay currentMake use of modern management toolsCertify your physical hardware devicesAdminister network securityAlways encrypt your devicesEnable endpoint protectionDeploy security monitoring solutionsOther important itemsStay educatedValidate controlsApplication controlsSecurity baselines and hardeningBusiness continuity and disaster recoveryThe future of device security and managementSecurity and the futureSummary
Leave a review - let other readers know what you think

Content preview from Mastering Windows Security and Hardening

Chapter 13: Testing and Auditing

In this chapter, we will provide the details around testing and auditing your environment that will help validate and ensure that due diligence has been executed within your security program. The challenge we face when deploying recommendations, hardening, and baselines is proving that they are in place and doing what they are designed to do. The IT department as a program may have obligations to leadership, board stakeholders, shareholders, and regulators to prove that you have implemented the recommended controls depending on your business or industry. Helping with providing evidence is where testing and auditing comes into play. To prove that controls are in place is why we audit, and it is even better to ...