Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Windows Security and Hardening

You're reading from   Mastering Windows Security and Hardening Secure and protect your Windows environment from cyber threats using zero-trust security principles

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781803236544
Length 816 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Matt Tumbarello Matt Tumbarello
Author Profile Icon Matt Tumbarello
Matt Tumbarello
Mark Dunkerley Mark Dunkerley
Author Profile Icon Mark Dunkerley
Mark Dunkerley
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1: Getting Started and Fundamentals
2. Chapter 1: Fundamentals of Windows Security FREE CHAPTER 3. Chapter 2: Building a Baseline 4. Chapter 3: Hardware and Virtualization 5. Chapter 4: Networking Fundamentals for Hardening Windows 6. Chapter 5: Identity and Access Management 7. Part 2: Applying Security and Hardening
8. Chapter 6: Administration and Policy Management 9. Chapter 7: Deploying Windows Securely 10. Chapter 8: Keeping Your Windows Client Secure 11. Chapter 9: Advanced Hardening for Windows Clients 12. Chapter 10: Mitigating Common Attack Vectors 13. Chapter 11: Server Infrastructure Management 14. Chapter 12: Keeping Your Windows Server Secure 15. Part 3: Protecting, Detecting, and Responding for Windows Environments
16. Chapter 13: Security Monitoring and Reporting 17. Chapter 14: Security Operations 18. Chapter 15: Testing and Auditing 19. Chapter 16: Top 10 Recommendations and the Future 20. Other Books You May Enjoy

Current security challenges

By the time you have finished reading through the chapter, you will have hopefully been provided with a sense of how important security has become today and the challenges that come with it. We are continually becoming more reliant on technology than ever before, with no signs of slowing down. We have an expectancy of everything being digitized, and, as the IoT is taking off, everything around us will be connected to the internet, thus creating even more challenges to ensure security is efficient.

As we briefly covered earlier, attacks are becoming more and more sophisticated every day. There is an ever-growing army of bad actors working around the clock, trying to breach any data they can get their hands on because the cost of private data is very expensive. There is also a shift in the way bad actors are threatening organizations by looking for weakness in the supply chain and holding companies to ransom. With the advancement of cloud technology, supercomputers, and the reality of quantum computing coming to light, hackers and organized groups now have access to much more powerful systems and are easily able to crack passwords and their hashes much more easily, making them obsolete as the only factor of authentication. No one should be using just passwords anymore; however, the reality is, most still are. The same applies to encryption. The advancement of computers is making algorithms insecure, with the ongoing need for stronger encryption. These are just some of the ongoing challenges we are faced with when protecting our assets.

Keeping up with vulnerabilities today is a full-time role. It’s critical that we keep on top of what they are and which Windows systems need to be updated. We will discuss the management of Windows updates later in the book, but having a program in place to manage the overwhelming amount of Windows updates is critical. Additionally, third-party applications will need to be carefully monitored and updated accordingly. An example of a commonly used application is Adobe Acrobat Reader DC to view Portable Document Format documents (PDFs). The following screenshot is a vulnerability report from Microsoft Defender Security Center. It provides a software inventory of all machines with the application installed and lists the number of vulnerabilities detected across all machines in your organization:

Figure 1.9 – Acrobat Reader DC identified vulnerabilities

Figure 1.9 – Acrobat Reader DC identified vulnerabilities

As you can see, out-of-date applications have critical known vulnerabilities that are used by attackers.

Most organizations are reluctant to release the latest Windows updates to their servers straight away because of the risk that a patch could break a production system. The downside to this is that your system will have a known vulnerability, which opens up an opportunity for it to be exploited between the time of the patch release and the system being patched. Another challenge we are faced with is zero-day vulnerabilities. A zero-day vulnerability is one that has been identified but currently has no remediation or mitigation available from the vendor. Because of these challenges, it is critical we build a layered defense strategy into our Windows clients and servers. For example, never make your database server accessible via the internet, encrypt the traffic to your web servers, and only open the ports needed to communicate, such as allowing port 443 for secure (HyperText Transfer Protocol Secure (HTTPS)) traffic only.

As we focus on securing Windows devices within our environments, we can’t turn a blind eye to the fundamentals, including the overarching ecosystem that also needs to be considered when protecting your Windows devices. This book will cover a lot of detail on the specifics of securing and hardening your Windows systems and devices, but we also want to ensure the bigger picture is covered—for example, simple concepts of identity and access management (IAM). A user whose account has been compromised to allow an intruder on your Windows system has just made all the securing and hardening of that system irrelevant. The concept of weak physical access controls and policies could allow someone to simply walk into a server room and gain physical access to your systems. Other examples are allowing a developer to install an insecure web application with vulnerabilities on it, or a business that develops a process without security best practices in mind. All the controls you put in place with Windows become irrelevant, as an educated hacker could use the web application or exploit a process as an attack vector to gain access to your system. These examples show the criticality of not only being familiar with how to secure and harden the Windows OS but also ensuring all the other factors that fall within a mature security program work together to ensure your environment is as secure as possible. This, of course, doesn’t come easily, and it is critical you stay current and continue to learn and learn and learn!

Managing and securing your Windows systems is not a simple task, especially if you are working toward securing them correctly. There is a lot involved, and to efficiently and effectively secure your Windows systems, you need well-defined policies, procedures, and standards in place, along with a rigorous change-control process to ensure anything that falls outside of the standards receives the appropriate approval to minimize risk. Full-time roles exist today to manage and secure your Windows systems, along with specialized roles that are necessary to manage your Windows environments. Examples include Windows desktop engineers, Windows server engineers, Windows update administrators, Windows security administrators, Windows Mobile Device Management (MDM) engineers, and more. As part of these roles, it is critical that staff are continuously educated and trained to provide the best security for Windows. The landscape is changing daily, and if your staff aren’t dynamic or don’t stay educated, mistakes and gaps will occur with your security posture.

Another task to think about that must be addressed with your Windows devices is inventory management. It is important to ensure you know where all your devices are and who has access to them. Even more important is ensuring that devices are collected upon any terminations, especially those pertaining to disgruntled employees. Enforcing policies on your Windows devices is also another challenge; for instance, how do you ensure all your devices have the latest policies, and how can you ensure accurate reporting on non-compliant devices? Remote management can also be a challenge—that is, to make sure that not just anyone can remotely access your devices, including the auditing of support staff for anything that they shouldn’t be doing. Running legacy applications on your Windows devices creates an instant security concern, and making sure they are patched to the latest supported version is critical. This list goes on, and we will be diving into much greater detail within the following chapters to help provide the information you need to protect your Windows environment.

Before we move on to the next topic, one additional challenge that needs mentioning is shadow IT. In short, shadow IT is the setup and use of servers and infrastructure without IT or the security team’s approval or knowledge—for example, a business function. This instantly creates a significant security concern as the Windows systems will most likely be used with no standards or hardening in place. In addition, hackers are known to target application-managed identities to gain access to other systems due to their privileged permissions. This can be a challenge to manage, but it is something that needs to be understood and prevented within any business.

You have been reading a chapter from
Mastering Windows Security and Hardening - Second Edition
Published in: Aug 2022
Publisher: Packt
ISBN-13: 9781803236544
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime