Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, 2nd Edition
- Length: 816 pages
- Edition: 2
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-08-19
- ISBN-10: 180323654X
- ISBN-13: 9781803236544
- Sales Rank: #290188 (See Top 100 Books)
A comprehensive guide to administering and protecting the latest Windows 11 and Windows server operating system from ongoing cyber threats using zero-trust security principles
Key Features
- Learn to protect your Windows environment using zero-trust and a multi-layered security approach
- Implement security controls using Intune, Configuration Manager, Defender for Endpoint, and more
- Understand how to onboard modern cyber-threat defense solutions for Windows clients
Book Description
Are you looking for the most current and effective ways to protect Windows-based systems from being compromised by intruders? This updated second edition is a detailed guide that helps you gain the expertise to implement efficient security measures and create robust defense solutions using modern technologies.
The first part of the book covers security fundamentals with details around building and implementing baseline controls. As you advance, you’ll learn how to effectively secure and harden your Windows-based systems through hardware, virtualization, networking, and identity and access management (IAM). The second section will cover administering security controls for Windows clients and servers with remote policy management using Intune, Configuration Manager, Group Policy, Defender for Endpoint, and other Microsoft 365 and Azure cloud security technologies. In the last section, you’ll discover how to protect, detect, and respond with security monitoring, reporting, operations, testing, and auditing.
By the end of this book, you’ll have developed an understanding of the processes and tools involved in enforcing security controls and implementing zero-trust security principles to protect Windows systems.
What you will learn
- Build a multi-layered security approach using zero-trust concepts
- Explore best practices to implement security baselines successfully
- Get to grips with virtualization and networking to harden your devices
- Discover the importance of identity and access management
- Explore Windows device administration and remote management
- Become an expert in hardening your Windows infrastructure
- Audit, assess, and test to ensure controls are successfully applied and enforced
- Monitor and report activities to stay on top of vulnerabilities
Who this book is for
If you’re a cybersecurity or technology professional, solutions architect, systems engineer, systems administrator, or anyone interested in learning how to secure the latest Windows-based systems, this book is for you. A basic understanding of Windows security concepts, Intune, Configuration Manager, Windows PowerShell, and Microsoft Azure will help you get the best out of this book.
Mastering Windows Security and Hardening Second Edition Contributors About the authors About the reviewer Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Part 1: Getting Started and Fundamentals Chapter 1: Fundamentals of Windows Security Understanding the security transformation Living in today’s digital world Today’s threats Ransomware preparedness Identifying vulnerabilities Recognizing breaches Current security challenges Focusing on zero trust Summary Chapter 2: Building a Baseline Overview of baselining Introduction to policies, standards, procedures, and guidelines Defining policies Setting standards Creating procedures Recommending guidelines Incorporating change management Implementing a security framework Building baseline controls CIS Windows security baselines Comparing policies with Policy Analyzer Intune's security baselines Incorporating best practices Summary Chapter 3: Hardware and Virtualization Technical requirements Physical servers and virtualization Microsoft virtualization Hardware security concerns Virtualization security concerns Cloud hardware and virtualization Introduction to hardware certification The firmware interface, TPM, and Secure Boot Protecting the BIOS Understanding UEFI UEFI Secure Boot TPK (TPM 2.0) Isolated protection with VBS Windows Defender Credential Guard HVCI Microsoft Defender Application Guard Windows Defender System Guard Kernel DMA Protection Protecting data from lost or stolen devices Secure Memory Encryption (AMD) Total Memory Encryption (Intel TME) Hardware security recommendations and best practices Summary Chapter 4: Networking Fundamentals for Hardening Windows Technical requirements Network security fundamentals Understanding Windows network security Network baselining Windows clients Windows Server Networking and Hyper-V Network troubleshooting Windows Defender Firewall and Advanced Security Configuring a firewall rule with Group Policy Web protection features in Microsoft Defender for Endpoint Using custom indicators Web content filtering Blocking connections with network protection Introducing Azure network security Controlling traffic with NSGs Connecting privately and securely to Azure services Protecting Windows workloads in Azure Summary Chapter 5: Identity and Access Management Technical requirements Identity and access management overview Identity Authentication Authorization Accountability Implementing account and access management HR and identity management Integrating directory services Managing Azure external user access (B2B) Understanding the Azure cloud administrative roles Implementing privileged access security tools (PIM, PAM, and JIT) Securing local administrative accounts Understanding authentication, MFA, and going passwordless Securing your passwords Enabling SSPR Authenticating with Azure AD from Windows Enabling SSO for apps with an Azure identity Configuring MFA Transitioning to passwordless authentication Passwordless authentication using Windows Hello Using Conditional Access and Identity Protection Enabling Azure AD Conditional Access Configuring Azure AD Identity Protection Summary Part 2: Applying Security and Hardening Chapter 6: Administration and Policy Management Technical requirements Understanding device administration Device management evolution Differences between domain join, hybrid, and Azure AD-joined devices Managing devices with Configuration Manager Client collections, settings, and communications Securely deploying clients for Configuration Manager Connecting to the Azure cloud and Intune co-management Managing policies and baselines in Configuration Manager Querying devices with CMPivot Managing devices with Intune CSP MDM versus MAM Using Intune and Microsoft Endpoint Manager Managing policies and baselines in Intune Administering a security baseline Deploying managed configurations Summary Chapter 7: Deploying Windows Securely Technical requirements Device provisioning and upgrading Windows Upgrading Windows Backing up user data and settings Building hardened Windows images Windows ADK Windows Configuration Designer (WCD) Using MDT to build custom images Deploying images with WDS MDT and Configuration Manager Provisioning devices with Windows Autopilot Deployment scenarios Registering devices with the Autopilot service Configuring an Autopilot profile Deploying images to Azure Virtual Desktop Managing hosts in AVD Building a master image Replication with Azure Compute Gallery Deploying images in Azure Deploying Windows 365 Cloud PC Deploying customized or gallery images Provisioning policies for Cloud PC Accessing Windows 365 Cloud PCs Summary Chapter 8: Keeping Your Windows Client Secure Technical requirements Securing your Windows clients Staying updated with Windows Update for Business Planning for deployment Configuring update rings for Windows clients Pausing update deployments Managing feature updates and expedited quality updates Using delivery optimization Enforcing policies and configurations Creating security baselines in Configuration Manager Deploying MDM policies in Intune Controlling policy conflicts with MDM Managing Azure AD local device administrators Enabling BitLocker to prevent data theft Configuring BitLocker with Intune Viewing BitLocker recovery keys Going passwordless with Windows Hello for Business Enabling Windows Hello for Business Configuring a device compliance policy Deploying Windows Security Baselines Building a GPO using Microsoft Security Baselines Reviewing CIS recommendations Converting a GPO into a Configuration Baseline Deploying security baselines with Intune Configuring Windows Security features Configuring a Defender Antivirus baseline Account protection features Firewall and network protection App and browser control Device security Setting the Windows Security experience Summary Chapter 9: Advanced Hardening for Windows Clients Technical requirements Securing enterprise web browsers Configuring a Microsoft Edge security baseline Configuring a Google Chrome security baseline Securing Microsoft 365 apps Building a security baseline for M365 apps Advanced protection features with Microsoft Defender Defense evasion with tamper protection Protecting against untrusted applications and websites Reducing the attack surface Zero trust with Application Guard Protecting devices with a removable storage access control policy Summary Chapter 10: Mitigating Common Attack Vectors Technical requirements Preventing an Adversary-in-the-Middle attack LLMNR NBT-NS mDNS The WPAD protocol NTLM relay attacks Preventing IPv6 DNS spoofing ARP cache poisoning Protecting against lateral movement and privilege escalation Preventing resources from being enumerated Protecting Kerberos tickets Mitigating OS credential dumping Preventing user access to the registry Windows privacy settings Controlling application privacy permissions Additional privacy settings Summary Chapter 11: Server Infrastructure Management Technical requirements Overview of the data center and the cloud (IaaS, PaaS, and SaaS) Types of data center Implementing access management in Windows servers Physical and user access security Using a tiered model for privileged access Privileged access strategy Understanding privileged account management Access management best practices Understanding Windows Server management tools Introducing Server Manager Looking at Event Viewer Using WSUS Introducing Windows Admin Center Using Azure services to manage Windows servers The Azure portal and Marketplace ARM Implementing RBAC Using Azure Backup Leveraging ASR Introducing Azure Update Management Understanding Azure Arc Using Azure Automanage Connecting securely to Windows servers remotely Remote management and support tools Using Microsoft Defender for Cloud JIT access Connecting with Azure Bastion Summary Chapter 12: Keeping Your Windows Server Secure Technical requirements Windows Server versions Security roles in Windows Server Reducing the Windows Server footprint Enabling features on Server Core 2022 Configuring Windows updates Implementing WSUS Implementing Azure Automation Update Management Configuring Windows Defender Connecting to Microsoft Defender for Endpoint Windows Defender security baseline Hardening Windows Server Implementing a security baseline Hardening tips for Windows Server Account controls for Windows Server Securing the logon and authentication process Enabling Disk Encryption to prevent data theft Deploying application control policies using WDAC Implementing PowerShell security Configuring PowerShell logging Enabling PowerShell constrained language mode PowerShell script execution JEA Summary Part 3: Protecting, Detecting, and Responding for Windows Environments Chapter 13: Security Monitoring and Reporting Technical requirements MDE features The Threat analytics dashboard The TVM dashboard Device Inventory dashboard Device health and compliance Software inventory report Security recommendations Identifying weakness Reviewing advanced features Configuring API connectors Onboarding Windows clients into MDE Configuring the Microsoft Intune connection Creating an EDR policy Creating a machine risk compliance policy Collecting telemetry with Azure Monitor Logs Onboarding Windows Servers to Log Analytics Onboarding Windows clients to Log Analytics Monitoring solutions and Azure Workbooks Monitoring with Azure Monitor and activity logs Secure access to Azure Monitor Monitoring Azure activity logs Creating Azure Workbooks Azure Service Health Overview of Microsoft Defender for Cloud Reporting in MEM Security-focused reports in MEM Enable Windows Health Monitoring Using Endpoint analytics Collecting client-side diagnostic logs Monitoring update deployments Reporting in Microsoft Endpoint Configuration Manager Monitoring the health and update status of Office apps Microsoft 365 Apps health dashboard Monitoring Security Update Status Viewing the Office Inventory report Servicing Office apps Summary Chapter 14: Security Operations Technical requirements Introducing the SOC Understanding XDR Using the M365 Defender portal Improving security posture with Microsoft Secure Score Security operations with MDE Role-based access control in MDE Reviewing incidents and alerts Automated investigations Using advanced hunting Tracking remediation requests Investigating threats with Defender for Cloud Enabling Azure-native SIEM with Microsoft Sentinel Creating the connection Protecting apps with MDCA Connecting apps to MDCA Discovery Investigate Configuring policies and controls Monitoring hybrid environments with MDI Planning for MDI Activating your instance Identifying attack techniques Looking at the attack timeline Data protection with M365 Using Microsoft Purview Information Protection An overview of DLP WIP Planning for business continuity Learning DRP The importance of a CIRP Summary Chapter 15: Testing and Auditing Technical requirements Validating security controls Audit types SOC reports Vendor risk management The Microsoft Service Trust Portal Microsoft Defender for Cloud regulatory compliance Microsoft ODA Other validations Vulnerability scanning overview An introduction to vulnerability scanning Vulnerability scanning with Microsoft Defender for Cloud The Microsoft 365 Defender portal Planning for penetration testing Executing a penetration test Reviewing the findings An insight into security awareness, training, and testing Using attack simulation training with Microsoft 365 Defender Executing a tabletop exercise Summary Chapter 16: Top 10 Recommendations and the Future The 10 most important to-do's Implementing identity protection and privileged access Enact a Zero Trust access model Define a security framework Get current and stay current Make use of modern management tools Certify your physical hardware devices Administer network security Always encrypt your devices Enable XDR protection beyond EDR Deploy security monitoring solutions Notable mentions The future of device security and management Security and the future Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.