You're reading from Mastering Windows Security and Hardening - Second Edition

Product type Book

Published in Aug 2022

Publisher Packt

ISBN-13 9781803236544

Pages 816 pages

Edition 2nd Edition

Languages

Concepts

Cybersecurity

Authors (2):

Mark Dunkerley

Matt Tumbarello

View More author details

Table of Contents (21) Chapters

Preface

1. Part 1: Getting Started and Fundamentals

2. Chapter 1: Fundamentals of Windows Security

3. Chapter 2: Building a Baseline

4. Chapter 3: Hardware and Virtualization

5. Chapter 4: Networking Fundamentals for Hardening Windows

6. Chapter 5: Identity and Access Management

7. Part 2: Applying Security and Hardening

8. Chapter 6: Administration and Policy Management

9. Chapter 7: Deploying Windows Securely

10. Chapter 8: Keeping Your Windows Client Secure

11. Chapter 9: Advanced Hardening for Windows Clients

12. Chapter 10: Mitigating Common Attack Vectors

13. Chapter 11: Server Infrastructure Management

14. Chapter 12: Keeping Your Windows Server Secure

15. Part 3: Protecting, Detecting, and Responding for Windows Environments

16. Chapter 13: Security Monitoring and Reporting

17. Chapter 14: Security Operations

18. Chapter 15: Testing and Auditing

19. Chapter 16: Top 10 Recommendations and the Future

20. Other Books You May Enjoy

What this book covers

Chapter 1, Fundamentals of Windows Security, introduces the security world within IT and the enterprise. It covers how security is transforming the way we manage technology and discuss threats and breaches. We will look at the challenges organizations currently face and discuss a concept known as zero trust.

Chapter 2, Building a Baseline, provides an overview of baselining and the importance of building a standard that's approved by leadership and adopted by everyone. We will cover what frameworks are and provide an overview of the more common frameworks used in securing and hardening an environment. We will then look at operational best practices within enterprises and cover the importance of change management to ensure that anything that falls outside the scope of policy receives the correct approvals.

Chapter 3, Hardware and Virtualization, provides an overview of physical servers and virtualization. The chapter will cover hardware certification, enhancements in hardware security, and virtualization-based security concepts to secure and harden devices, including overviews of BIOS, UEFI, TPM 2.0, and Secure Boot.

Chapter 4, Networking Fundamentals for Hardening Windows, provides an overview of networking components and their role in hardening and securing your Windows environment. You will learn about the software-based Windows Defender Firewall and how to configure it on Windows devices. Additionally, you will be provided with knowledge of network security technology from Microsoft as it relates to Windows VMs running in Azure.

Chapter 5, Identity and Access Management, provides a comprehensive overview of identity management and the importance it plays in securing Windows systems. Identity has become the foundation of securing users – this chapter will cover everything you need to do within the identity and access management area. We will provide details on account and access management, authentication, MFA, passwordless authentication, conditional-based access controls, and identity protection.

Chapter 6, Administration and Policy Management, provides details about different methods for the administration and modern management of Windows endpoints. You will be provided with the knowledge needed to ensure best practices are applied, looking at topics around enforcing policies and security baselines with Configuration Manager and Intune.

Chapter 7, Deploying Windows Securely, provides an overview of the end user computing landscape. We will discuss device provisioning, upgrading Windows, and building hardening images. You will learn about modern methods used to deploy Windows using Intune and Windows Autopilot and deploying images in virtualized Windows environments.

Chapter 8, Keeping Your Windows Client Secure, covers Windows clients and the concepts used to keep them secure and updated. You will learn how to stay updated with Windows Updates for Business, protect data with BitLocker encryption, enable passwordless sign-in with Windows Hello for Business, and how to enforce policies, configurations, and security baselines.

Chapter 9, Advanced Hardening for Windows Clients, provides a comprehensive review of advanced hardening configurations that are applied to Windows clients to protect enterprise browsers, secure Microsoft 365 apps, and apply zero-trust security principals to reduce the attack surface. You will learn advanced techniques for applying policies to third-party products using Intune, how to enable advanced features of Microsoft Defender to protect against unwanted apps and ransomware, and how to enable hardware-based virtualized isolation for Microsoft Edge and Office. You will also learn how to enable a removable storage access control policy to protect against data loss with removable media.

Chapter 10, Mitigating Common Attack Vectors, covers common attack techniques used by attackers to intercept communications and try to move laterally throughout the network. You will learn about different types of adversary-in-the-middle attacks and how to prevent them, as well as ways to protect against lateral movement and privilege escalation through Kerberos tickets. You will also learn about using Windows privacy settings to safeguard users' privacy from apps and services that run on Windows clients.

Chapter 11, Server Infrastructure Management, provides an overview of the data center and cloud models that are used today. We will then go into detail on each of the current models as they pertain to the cloud and review secure access management to Windows Server. We will also provide an overview of Windows Server management tools, as well as Azure services for managing Windows servers.

Chapter 12, Keeping Your Windows Server Secure, looks at the Windows Server OS and introduces server roles and the security-related features of Windows Server 2022. You will learn about the techniques used to keep your Windows Server secure by implementing Windows Server Update Services (WSUS), Azure Update Management, onboarding machines to Microsoft Defender for Endpoint, and enforcing a security baseline. You will also learn how to implement application control policies and PowerShell security.

Chapter 13, Security Monitoring and Reporting, talks about the different tools available to collect telemetry data, as well as insights and recommendations for securing your environment. This chapter will inform you about the ways in which to act on these recommendations. The technologies covered include Microsoft Defender for Endpoint, Azure Log Analytics, Azure Monitor, and Microsoft Defender for Cloud.

Chapter 14, Security Operations, talks about the security operations center (SOC) in an organization and discusses the various tools used to ingest and analyze data to detect, protect, and alert you to incidents. The technologies covered include Extended Detection and Response (XDR), the Microsoft 365 Defender Portal, Microsoft Defender for Cloud Apps, Defender for Cloud, Microsoft Sentinel, and Microsoft Defender Security Center. This chapter also talks about data protection with Microsoft 365 and the importance of ensuring that up-to-date business continuity and disaster recovery plans are in place.

Chapter 15, Testing and Auditing, discusses validating that controls are in place and enforced. You will learn about the importance of continual vulnerability scanning and the importance of penetration testing to ensure that the environment is assessed in terms of protecting against the latest threats.

Chapter 16, Top 10 Recommendations and the Future, provides recommendations and actions to take away after reading this book. It also provides some insight into the direction that device security and management is headed, as well as insights into our thoughts on the importance of security in the future.