Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Windows Security and Hardening

You're reading from   Mastering Windows Security and Hardening Secure and protect your Windows environment from cyber threats using zero-trust security principles

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781803236544
Length 816 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Matt Tumbarello Matt Tumbarello
Author Profile Icon Matt Tumbarello
Matt Tumbarello
Mark Dunkerley Mark Dunkerley
Author Profile Icon Mark Dunkerley
Mark Dunkerley
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1: Getting Started and Fundamentals
2. Chapter 1: Fundamentals of Windows Security FREE CHAPTER 3. Chapter 2: Building a Baseline 4. Chapter 3: Hardware and Virtualization 5. Chapter 4: Networking Fundamentals for Hardening Windows 6. Chapter 5: Identity and Access Management 7. Part 2: Applying Security and Hardening
8. Chapter 6: Administration and Policy Management 9. Chapter 7: Deploying Windows Securely 10. Chapter 8: Keeping Your Windows Client Secure 11. Chapter 9: Advanced Hardening for Windows Clients 12. Chapter 10: Mitigating Common Attack Vectors 13. Chapter 11: Server Infrastructure Management 14. Chapter 12: Keeping Your Windows Server Secure 15. Part 3: Protecting, Detecting, and Responding for Windows Environments
16. Chapter 13: Security Monitoring and Reporting 17. Chapter 14: Security Operations 18. Chapter 15: Testing and Auditing 19. Chapter 16: Top 10 Recommendations and the Future 20. Other Books You May Enjoy

Focusing on zero trust

Within only a couple of years since the first edition of the book was released, zero trust has gained tremendous momentum and has become a buzz and marketing term for most security vendors. As a reminder, the zero-trust architecture model was created by John Kindervag while he was at Forrester Research Inc. back in 2009. If you are not clear on what exactly zero trust is, essentially, it is a model where we trust no one until we can validate who they are, who they are meant to be, and whether they are authorized to have access to the system or information. In simple terms, zero trust is well known for the concept of never trust, always verify.

There are a lot of zero trust references from many vendors, and depending on which vendor you work with, there will be slight differences in their approach to zero trust. No matter which vendor you work with or which approach you take, the core of a zero-trust model will always fall back on the principle of never trust, always verify. Effectively implementing a zero-trust model requires a multilayered approach with your security strategy, along with the use of the most current and modern technology available. The method of allowing a user to access the environment with only a username and password is outdated and insecure.

Since we are focusing our security on Microsoft products, we will review zero trust as Microsoft has approached it. With Microsoft’s approach to zero trust, they have created their strategy for customers around six different pillars, as follows:

  1. Identities are the new perimeter of zero trust. An identity is something (typically a user) that needs to access an app, data, or some other form of resource. It is critical that identities have multiple layers of protection to prevent unauthorized access.
  2. Device and endpoint protection is an essential component of zero trust. Whether a mobile device, laptop, server, IoT, and so on, we need to ensure recommended baselines are deployed and that devices stay compliant and are constantly being scanned for vulnerabilities.
  3. Data is at the core of the zero-trust model. It is ultimately data that the intruders are looking to exfiltrate from your environment. This is the true asset that needs to be protected. Because of this, it is critical that you know where all your data lives, who has access to it; whether it’s classified correctly and encrypted, and that you have the correct controls to prevent it from being removed from your environment.
  4. Applications and application programming interfaces (APIs) are gateways to your data. They need to be governed and deployed with best practices to prevent unauthorized access to data, whether intentionally or unintentionally. Ensuring the business is following enterprise standards is critical for preventing shadow IT.
  5. Infrastructure pertains to everything within your environment that provides the means to store your data and/or run applications such as servers, VMs, appliances, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Preventing unwanted access to your infrastructure is crucial by ensuring you have best practices and baselines in place, along with effective monitoring.
  6. A network is a medium where your data travels. Once considered the perimeter for defense, this pillar still holds a critical role as part of zero trust to ensure all data is encrypted during transport, next-generation protection is deployed, micro-segmentation is in place, and ongoing monitoring is taking place to detect unauthorized access to your data in transit.

    Information

    You can read more about the zero-trust Microsoft model here: https://www.microsoft.com/en-us/security/business/zero-trust.

The following screenshot represents the six pillars, with some examples of the technologies and solutions that should be implemented to support your broader zero-trust strategy:

Figure 1.10 – Microsoft’s six pillars of zero trust

Figure 1.10 – Microsoft’s six pillars of zero trust

Now that you have an idea of what zero trust is and the technologies involved, you will need to have a plan in place to ensure success. Zero trust is not going to happen overnight or within a few weeks. Zero trust is a strategy and a foundation that needs to be planned over months or even years, depending on your organization’s maturity. With this, you will need to be able to measure your success, along with your current maturity. Microsoft has a very high-level and simplified maturity model that can help you better understand your current state and what will be needed to obtain zero trust. The following screenshot provides an example of how the Microsoft maturity model is presented:

Figure 1.11 – An example based on Microsoft’s zero-trust maturity model

Figure 1.11 – An example based on Microsoft’s zero-trust maturity model

For more details on the maturity model example, browse to https://download.microsoft.com/download/f/9/2/f92129bc-0d6e-4b8e-a47b-288432bae68e/Zero_Trust_Vision_Paper_Final%2010.28.pdf to view Microsoft’s maturity model with more details across all six pillars.

Once you have a good understanding of the technologies involved in zero trust and how the maturity model works, the next step is to build your strategy around accomplishing this transition. Remember—this transformation isn’t going to happen overnight, so you’ll need to build a roadmap based on where you are today with the technologies you have in place versus where you would like to be. Accomplishing this journey is not going to be easy, but the better you document your strategy and vision, the easier your journey will become. Here is a high-level idea of how you could build out your roadmap:

Figure 1.12 – Example of a zero-trust roadmap

Figure 1.12 – Example of a zero-trust roadmap

There are many variations and vendors providing guidance on how to adopt a zero-trust approach. A couple of additional notable models to review as part of your planning include the NIST zero-trust architecture and the CISA zero-trust maturity model, as listed here:

As you read through this book, you will find that the guidance and instructions provided will ultimately lead to a zero-trust model.

Tip

Microsoft also provides deployment guides to each of its pillars. The following link provides specific guidance to securing endpoints with zero trust. The same Uniform Resource Locator (URL) also has links to the other deployment guidelines for each of the pillars: https://docs.microsoft.com/en-us/security/zero-trust/deploy/endpoints.

You have been reading a chapter from
Mastering Windows Security and Hardening - Second Edition
Published in: Aug 2022
Publisher: Packt
ISBN-13: 9781803236544
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image