Home Page Icon
Home Page
Table of Contents for
Mastering Windows Security and Hardening - Second Edition
Close
Mastering Windows Security and Hardening - Second Edition
by Mark Dunkerley, Matt Tumbarello
Mastering Windows Security and Hardening - Second Edition
Mastering Windows Security and Hardening
Second Edition
Contributors
About the authors
About the reviewer
Preface
Part 1: Getting Started and Fundamentals
Chapter 1: Fundamentals of Windows Security
Chapter 2: Building a Baseline
Chapter 3: Hardware and Virtualization
Chapter 4: Networking Fundamentals for Hardening Windows
Chapter 5: Identity and Access Management
Part 2: Applying Security and Hardening
Chapter 6: Administration and Policy Management
Chapter 7: Deploying Windows Securely
Chapter 8: Keeping Your Windows Client Secure
Chapter 9: Advanced Hardening for Windows Clients
Chapter 10: Mitigating Common Attack Vectors
Chapter 11: Server Infrastructure Management
Chapter 12: Keeping Your Windows Server Secure
Part 3: Protecting, Detecting, and Responding for Windows Environments
Chapter 13: Security Monitoring and Reporting
Chapter 14: Security Operations
Chapter 15: Testing and Auditing
Chapter 16: Top 10 Recommendations and the Future
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Mastering Windows Security and Hardening
Next
Next Chapter
Preface
Table of Contents
Preface
Part 1: Getting Started and Fundamentals
Chapter 1
: Fundamentals of Windows Security
Understanding the security transformation
Living in today’s digital world
Today’s threats
Ransomware preparedness
Identifying vulnerabilities
Recognizing breaches
Current security challenges
Focusing on zero trust
Summary
Chapter 2
: Building a Baseline
Overview of baselining
Introduction to policies, standards, procedures, and guidelines
Defining policies
Setting standards
Creating procedures
Recommending guidelines
Incorporating change management
Implementing a security framework
Building baseline controls
CIS
Windows security baselines
Comparing policies with Policy Analyzer
Intune's security baselines
Incorporating best practices
Summary
Chapter 3
: Hardware and Virtualization
Technical requirements
Physical servers and virtualization
Microsoft virtualization
Hardware security concerns
Virtualization security concerns
Cloud hardware and virtualization
Introduction to hardware certification
The firmware interface, TPM, and Secure Boot
Protecting the BIOS
Understanding UEFI
UEFI Secure Boot
TPK (TPM 2.0)
Isolated protection with VBS
Windows Defender Credential Guard
HVCI
Microsoft Defender Application Guard
Windows Defender System Guard
Kernel DMA Protection
Protecting data from lost or stolen devices
Secure Memory Encryption (AMD)
Total Memory Encryption (Intel TME)
Hardware security recommendations and best practices
Summary
Chapter 4
: Networking Fundamentals for Hardening Windows
Technical requirements
Network security fundamentals
Understanding Windows network security
Network baselining
Windows clients
Windows Server
Networking and Hyper-V
Network troubleshooting
Windows Defender Firewall and Advanced Security
Configuring a firewall rule with Group Policy
Web protection features in Microsoft Defender for Endpoint
Using custom indicators
Web content filtering
Blocking connections with network protection
Introducing Azure network security
Controlling traffic with NSGs
Connecting privately and securely to Azure services
Protecting Windows workloads in Azure
Summary
Chapter 5
: Identity and Access Management
Technical requirements
Identity and access management overview
Identity
Authentication
Authorization
Accountability
Implementing account and access management
HR and identity management
Integrating directory services
Managing Azure external user access (B2B)
Understanding the Azure cloud administrative roles
Implementing privileged access security tools (PIM, PAM, and JIT)
Securing local administrative accounts
Understanding authentication, MFA, and going passwordless
Securing your passwords
Enabling SSPR
Authenticating with Azure AD from Windows
Enabling SSO for apps with an Azure identity
Configuring MFA
Transitioning to passwordless authentication
Passwordless authentication using Windows Hello
Using Conditional Access and Identity Protection
Enabling Azure AD Conditional Access
Configuring Azure AD Identity Protection
Summary
Part 2: Applying Security and Hardening
Chapter 6
: Administration and Policy Management
Technical requirements
Understanding device administration
Device management evolution
Differences between domain join, hybrid, and Azure AD-joined devices
Managing devices with Configuration Manager
Client collections, settings, and communications
Securely deploying clients for Configuration Manager
Connecting to the Azure cloud and Intune co-management
Managing policies and baselines in Configuration Manager
Querying devices with CMPivot
Managing devices with Intune
CSP
MDM versus MAM
Using Intune and Microsoft Endpoint Manager
Managing policies and baselines in Intune
Administering a security baseline
Deploying managed configurations
Summary
Chapter 7
: Deploying Windows Securely
Technical requirements
Device provisioning and upgrading Windows
Upgrading Windows
Backing up user data and settings
Building hardened Windows images
Windows ADK
Windows Configuration Designer (WCD)
Using MDT to build custom images
Deploying images with WDS
MDT and Configuration Manager
Provisioning devices with Windows Autopilot
Deployment scenarios
Registering devices with the Autopilot service
Configuring an Autopilot profile
Deploying images to Azure Virtual Desktop
Managing hosts in AVD
Building a master image
Replication with Azure Compute Gallery
Deploying images in Azure
Deploying Windows 365 Cloud PC
Deploying customized or gallery images
Provisioning policies for Cloud PC
Accessing Windows 365 Cloud PCs
Summary
Chapter 8
: Keeping Your Windows Client Secure
Technical requirements
Securing your Windows clients
Staying updated with Windows Update for Business
Planning for deployment
Configuring update rings for Windows clients
Pausing update deployments
Managing feature updates and expedited quality updates
Using delivery optimization
Enforcing policies and configurations
Creating security baselines in Configuration Manager
Deploying MDM policies in Intune
Controlling policy conflicts with MDM
Managing Azure AD local device administrators
Enabling BitLocker to prevent data theft
Configuring BitLocker with Intune
Viewing BitLocker recovery keys
Going passwordless with Windows Hello for Business
Enabling Windows Hello for Business
Configuring a device compliance policy
Deploying Windows Security Baselines
Building a GPO using Microsoft Security Baselines
Reviewing CIS recommendations
Converting a GPO into a Configuration Baseline
Deploying security baselines with Intune
Configuring Windows Security features
Configuring a Defender Antivirus baseline
Account protection features
Firewall and network protection
App and browser control
Device security
Setting the Windows Security experience
Summary
Chapter 9
: Advanced Hardening for Windows Clients
Technical requirements
Securing enterprise web browsers
Configuring a Microsoft Edge security baseline
Configuring a Google Chrome security baseline
Securing Microsoft 365 apps
Building a security baseline for M365 apps
Advanced protection features with Microsoft Defender
Defense evasion with tamper protection
Protecting against untrusted applications and websites
Reducing the attack surface
Zero trust with Application Guard
Protecting devices with a removable storage access control policy
Summary
Chapter 10
: Mitigating Common Attack Vectors
Technical requirements
Preventing an Adversary-in-the-Middle attack
LLMNR
NBT-NS
mDNS
The WPAD protocol
NTLM relay attacks
Preventing IPv6 DNS spoofing
ARP cache poisoning
Protecting against lateral movement and privilege escalation
Preventing resources from being enumerated
Protecting Kerberos tickets
Mitigating OS credential dumping
Preventing user access to the registry
Windows privacy settings
Controlling application privacy permissions
Additional privacy settings
Summary
Chapter 11
: Server Infrastructure Management
Technical requirements
Overview of the data center and the cloud (IaaS, PaaS, and SaaS)
Types of data center
Implementing access management in Windows servers
Physical and user access security
Using a tiered model for privileged access
Privileged access strategy
Understanding privileged account management
Access management best practices
Understanding Windows Server management tools
Introducing Server Manager
Looking at Event Viewer
Using WSUS
Introducing Windows Admin Center
Using Azure services to manage Windows servers
The Azure portal and Marketplace
ARM
Implementing RBAC
Using Azure Backup
Leveraging ASR
Introducing Azure Update Management
Understanding Azure Arc
Using Azure Automanage
Connecting securely to Windows servers remotely
Remote management and support tools
Using Microsoft Defender for Cloud JIT access
Connecting with Azure Bastion
Summary
Chapter 12
: Keeping Your Windows Server Secure
Technical requirements
Windows Server versions
Security roles in Windows Server
Reducing the Windows Server footprint
Enabling features on Server Core 2022
Configuring Windows updates
Implementing WSUS
Implementing Azure Automation Update Management
Configuring Windows Defender
Connecting to Microsoft Defender for Endpoint
Windows Defender security baseline
Hardening Windows Server
Implementing a security baseline
Hardening tips for Windows Server
Account controls for Windows Server
Securing the logon and authentication process
Enabling Disk Encryption to prevent data theft
Deploying application control policies using WDAC
Implementing PowerShell security
Configuring PowerShell logging
Enabling PowerShell constrained language mode
PowerShell script execution
JEA
Summary
Part 3: Protecting, Detecting, and Responding for Windows Environments
Chapter 13
: Security Monitoring and Reporting
Technical requirements
MDE features
The Threat analytics dashboard
The TVM dashboard
Device Inventory dashboard
Device health and compliance
Software inventory report
Security recommendations
Identifying weakness
Reviewing advanced features
Configuring API connectors
Onboarding Windows clients into MDE
Configuring the Microsoft Intune connection
Creating an EDR policy
Creating a machine risk compliance policy
Collecting telemetry with Azure Monitor Logs
Onboarding Windows Servers to Log Analytics
Onboarding Windows clients to Log Analytics
Monitoring solutions and Azure Workbooks
Monitoring with Azure Monitor and activity logs
Secure access to Azure Monitor
Monitoring Azure activity logs
Creating Azure Workbooks
Azure Service Health
Overview of Microsoft Defender for Cloud
Reporting in MEM
Security-focused reports in MEM
Enable Windows Health Monitoring
Using Endpoint analytics
Collecting client-side diagnostic logs
Monitoring update deployments
Reporting in Microsoft Endpoint Configuration Manager
Monitoring the health and update status of Office apps
Microsoft 365 Apps health dashboard
Monitoring Security Update Status
Viewing the Office Inventory report
Servicing Office apps
Summary
Chapter 14
: Security Operations
Technical requirements
Introducing the SOC
Understanding XDR
Using the M365 Defender portal
Improving security posture with Microsoft Secure Score
Security operations with MDE
Role-based access control in MDE
Reviewing incidents and alerts
Automated investigations
Using advanced hunting
Tracking remediation requests
Investigating threats with Defender for Cloud
Enabling Azure-native SIEM with Microsoft Sentinel
Creating the connection
Protecting apps with MDCA
Connecting apps to MDCA
Discovery
Investigate
Configuring policies and controls
Monitoring hybrid environments with MDI
Planning for MDI
Activating your instance
Identifying attack techniques
Looking at the attack timeline
Data protection with M365
Using Microsoft Purview Information Protection
An overview of DLP
WIP
Planning for business continuity
Learning DRP
The importance of a CIRP
Summary
Chapter 15
: Testing and Auditing
Technical requirements
Validating security controls
Audit types
SOC reports
Vendor risk management
The Microsoft Service Trust Portal
Microsoft Defender for Cloud regulatory compliance
Microsoft ODA
Other validations
Vulnerability scanning overview
An introduction to vulnerability scanning
Vulnerability scanning with Microsoft Defender for Cloud
The Microsoft 365 Defender portal
Planning for penetration testing
Executing a penetration test
Reviewing the findings
An insight into security awareness, training, and testing
Using attack simulation training with Microsoft 365 Defender
Executing a tabletop exercise
Summary
Chapter 16
: Top 10 Recommendations and the Future
The 10 most important to-do's
Implementing identity protection and privileged access
Enact a Zero Trust access model
Define a security framework
Get current and stay current
Make use of modern management tools
Certify your physical hardware devices
Administer network security
Always encrypt your devices
Enable XDR protection beyond EDR
Deploy security monitoring solutions
Notable mentions
The future of device security and management
Security and the future
Summary
Other Books You May Enjoy
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset