Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Windows Security and Hardening

You're reading from   Mastering Windows Security and Hardening Secure and protect your Windows environment from cyber threats using zero-trust security principles

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781803236544
Length 816 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Matt Tumbarello Matt Tumbarello
Author Profile Icon Matt Tumbarello
Matt Tumbarello
Mark Dunkerley Mark Dunkerley
Author Profile Icon Mark Dunkerley
Mark Dunkerley
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1: Getting Started and Fundamentals
2. Chapter 1: Fundamentals of Windows Security FREE CHAPTER 3. Chapter 2: Building a Baseline 4. Chapter 3: Hardware and Virtualization 5. Chapter 4: Networking Fundamentals for Hardening Windows 6. Chapter 5: Identity and Access Management 7. Part 2: Applying Security and Hardening
8. Chapter 6: Administration and Policy Management 9. Chapter 7: Deploying Windows Securely 10. Chapter 8: Keeping Your Windows Client Secure 11. Chapter 9: Advanced Hardening for Windows Clients 12. Chapter 10: Mitigating Common Attack Vectors 13. Chapter 11: Server Infrastructure Management 14. Chapter 12: Keeping Your Windows Server Secure 15. Part 3: Protecting, Detecting, and Responding for Windows Environments
16. Chapter 13: Security Monitoring and Reporting 17. Chapter 14: Security Operations 18. Chapter 15: Testing and Auditing 19. Chapter 16: Top 10 Recommendations and the Future 20. Other Books You May Enjoy

Living in today’s digital world

Today, we are more reliant on technology than ever and live in a world where businesses cannot survive without it. As our younger generations grow up, there is greater demand for the use of advanced technology. One scary thought is how fast the world has grown within the previous 100 years compared to the overall history of mankind. Technology continues to push the boundaries of innovation, and a significant portion of that change must include the securing of this technology, especially since the world has become a more connected place with the advancement of the internet.

To give you a rough idea of technology usage today, let’s take a look at the current desktop usage throughout the world. For these statistics, we will reference an online service called StatCounter GlobalStats: https://gs.statcounter.com/. This dataset is not all-inclusive, but there is a very large sampling of data used to give us a good idea of worldwide usage. StatCounter GlobalStats collects its data through web analytics via a tracking code on over 2 million websites globally. The aggregation of this data equates to more than 10 billion page views per month. The following screenshot shows the OS market share that is in use worldwide. More information from StatCounter can be viewed at https://gs.statcounter.com/os-market-share/desktop/worldwide:

Figure 1.2 – StatCounter desktop OS market share worldwide

Figure 1.2 – StatCounter desktop OS market share worldwide

As you can see, the Windows desktop market is more widely adopted than any other desktop OS available today. Seemingly, Windows has always had negative connotations because of its ongoing vulnerabilities in comparison to other OSs. Part of this is due to how widely used Windows is—a hacker isn’t going to waste their time on an OS that isn’t widely adopted. We can assume there would be a direct correlation between OS adoption rates and available security vulnerabilities. Additionally, the Windows OS is supported across many types of hardware, which opens opportunities for exploits to be developed. One reason why we see significantly fewer macOS vulnerabilities is due to the hardware control with which Apple allows its software to run on. As the platform has grown, though, we have seen an increase of vulnerabilities within its OS too. The point I’m making is that we tend to focus our efforts on areas where it makes sense, and Windows has continued to be a leader in the desktop space, making it a very attractive source to be attacked. This, in turn, has created an ecosystem of vendors and products over the years, all aimed at helping to protect and secure Windows’ systems.

Let’s look at the current adoption of the different Windows OSs in use. The following screenshot from StatCounter shows the current Windows desktop version usage around the world today. To view these statistics, visit https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide:

Figure 1.3 – Desktop Windows version market share worldwide

Figure 1.3 – Desktop Windows version market share worldwide

As you can see, Windows 10 is the most adopted OS at 73%. In addition, Microsoft has recently released Windows 11, accounting for almost 9% of the desktop market share already. Microsoft continues to push more users and organizations to the latest version of Windows, and this is where it spends the majority of its development resources. There are also major changes to Windows 11 compared with older versions, which is why it is critical to migrate from older versions, especially for security-specific reasons. Microsoft ended its support (including security updates) for Windows XP in April 2014 and Windows 7 in January 2020. It has also announced the retirement of Windows 10 support for October 14, 2025.

A recent buzz term you have most likely heard in recent years is that of digital transformation. This refers to the shift from a legacy on-premises infrastructure to a modernized cloud-first strategy to support the evolving need for big data, machine learning, Artificial Intelligence (AI), and more. A significant part of this shift also falls within Windows systems and management. In Chapter 11, Server Infrastructure Management, we will look at the differences between a data center and a cloud model, including where the responsibilities fall for maintaining and securing underlying systems. Prior to digital transformation, we relied heavily on the four walls of the corporation and its network to protect a data center and its systems. This included a requirement for client devices to be physically on the corporate network in order to access data and services. With this model, our devices were a little easier to manage and lock down, as they never left the corporate office. Today, the dynamics have changed. Referencing back to StatCounter, in the following screenshot, you can see a significant shift from traditional desktop usage to a more mobile experience. The Mobile percentage reflects an increase of over 2% since the initial release of this publication 2 years ago. To view the source of this screenshot, visit https://gs.statcounter.com/platform-market-share/desktop-mobile-tablet/worldwide/#monthly-200901-202110:

Figure 1.4 – StatCounter platform comparison (January 2009 - May 2022)

Figure 1.4 – StatCounter platform comparison (January 2009 - May 2022)

Focusing on Windows security, the traditional model of an organization would have typically included the following security tools as part of its baseline:

  • AV software
  • Windows firewall
  • Internet proxy service
  • Windows updates

Depending on your organization or industry, there may have been additional tools. However, for the most part, I’d imagine the preceding list was the extent of most organizations’ security tools on Windows client devices. The same would have most likely applied to the Windows servers in the traditional model. As the digital transformation has brought change, the traditional method of Windows management has become legacy. There is an expectation that we can work and access data from anywhere, at any time. With the rapid increase in remote working during 2020 and 2021, this model and expectation have been fast-tracked. We live in an internet-connected world, and when we plug our device in, we expect to access our data with ease. With this shift, there is a major change in the security of the systems we manage and—specifically—the Windows server and client. As we shift our infrastructure to the cloud and enable our users to become less restricted, the focus of security revolves not only around the device itself but that of the user’s identity and, more importantly, the data. Today, the items we listed earlier will not suffice in the enterprise. The following tools are those that would be needed to better protect your Windows devices:

  • Advanced Threat Protection (ATP): AV and threat protection, Endpoint Detection and Response (EDR), advanced analytics and behavioral monitoring, network protection, exploit protection, and more
  • Data Loss Prevention (DLP) and information protection
  • Identity protection: Biometric technology, Multi-Factor authentication (MFA), and more
  • Application control
  • Machine learning and advanced AI security services
You have been reading a chapter from
Mastering Windows Security and Hardening - Second Edition
Published in: Aug 2022
Publisher: Packt
ISBN-13: 9781803236544
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image