Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Hardening Windows 8 and 10

    Загружено:

    Phlpost MISD
    100 просмотров16 страниц
    This document provides instructions for hardening security on Windows 8 and 10 systems through various configuration changes. It describes disabling unnecessary network protocols and services, restricting user rights, enabling stronger password policies, turning on data execution prevention and hidden file views. The goal is to reduce the attack surface and limit access to only authorized users through these security configuration steps.

    Исходное описание:

    Hardening Windows

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    This document provides instructions for hardening security on Windows 8 and 10 systems through various configuration changes. It describes disabling unnecessary network protocols and services, restricting user rights, enabling stronger password policies, turning on data execution prevention and hidden file views. The goal is to reduce the attack surface and limit access to only authorized users through these security configuration steps.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    100 просмотров16 страниц

    Hardening Windows 8 and 10

    Загружено:

    Phlpost MISD
    This document provides instructions for hardening security on Windows 8 and 10 systems through various configuration changes. It describes disabling unnecessary network protocols and services, restricting user rights, enabling stronger password policies, turning on data execution prevention and hidden file views. The goal is to reduce the attack surface and limit access to only authorized users through these security configuration steps.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 16

    HARDENING WINDOWS 8 AND 10

    NETWORK
    • Open Control Panel
    • Go to Network and Sharing Center, then open
    properties under Ethernet
    • Disable Microsoft Network Adapter Multiplexor
    Protocol, Microsoft LLDP Protocol, Link Layer
    Topology Discovery I/O Driver, Link Layer Topology
    Responder
    SERVICES

    Disable the following:


    • Application Management
    • BranchCache
    • Certificate Propagation
    • Client for NFS
    • Distributed Link Tracking Client
    • Family Safety (compatability stub for Vista apps)
    SERVICES
    Disable the following:
    • Function Discovery Provider Host (HomeGroup)
    • Function Discovery Resource
    Publication (HomeGroup)
    • HomeGroup Listener (HomeGroup)
    • HomeGroup Provider (HomeGroup)
    • Hyper-V Data Exchange Service (Hyper-V VM - Turn
    on if feature is used)
    SERVICES
    Disable the following:
    • Hyper-V Guest Service Interface (Hyper-V VM - Turn
    on if feature is used)
    • Hyper-V Guest Shutdown Service (Hyper-V VM -
    Turn on if feature is used)
    • Hyper-V Heartbeat Service (Hyper-V VM - Turn on if
    feature is used)
    • Hyper-V Remote Desktop Virtualization
    Service (Hyper-V VM - Turn on if feature is used)
    SERVICES
    Disable the following:
    • Hyper-V Time Synchronization Service (Hyper-V VM
    - Turn on if feature is used)
    • Hyper-V Volume Shadow Copy Requestor (Hyper-V
    VM - Turn on if feature is used)
    • Internet Explorer ETW Collector Service
    • IP Helper
    Disable the following:
    • KtmRm for Distributed Transaction Coordinator (MS
    recommends to stop this service if not needed)
    • Link-Layer Topology Discovery Mapper (network
    discovery)
    • Microsoft iSCSI Initiator Service (allows LAN or
    Internet based storage)
    • Netlogon (Active Directory Domain Connections)
    Disable the following:
    • Network Access Protection Agent (reports security
    configuration)
    • Offline Files
    • Peer Name Resolution Protocol (HomeGroup,
    remote assistance)
    • Peer Networking Grouping (HomeGroup, remote
    assistance)
    Disable the following:
    • Peer Networking Identity Manager (HomeGroup,
    remote assistance)
    • PNRP Machine Name Publication Service (server
    that responds with a machine name)
    • Remote Procedure Call (RPC) Locator
    • Sensor Monitoring Service (Enable if your device has
    light sensors)
    SERVICES
    Disable the following:
    • Smart Card Device Enumeration Service
    • Smart Card Removal Policy
    • SNMP Trap
    • Storage Service
    • Windows Biometric Service
    • Windows Connect Now - Config Registrar (Wireless
    Setup - simplified configuration)
    • Windows Location Framework Service
    Local Security Policy

    • Go to Control Panel
    • Go to Administrative Tools, then Local Security Policy
    • Go to User Rights Assignment, then double click
    “Deny Access o this computer from the network”
    • Add users “Guests, Anonymous Logon, Administrator,
    NETWORK SERVICE, SERVICE, SYSTEM, and LOCAL
    SERVICE.”
    Password Policy
    • Double click on Account Policies under Local Security
    Policy
    • Double click Password Policy
    • Set maximum password age to 365 days
    • Set minimum password length = 12 characters
    • Enable Password must need complexity
    Enable Data Execution Prevention
    • Right click My Computer, then click on
    Properties
    • Click on Advanced System Settings, then click
    on Performance Settings
    • Click on the Data Execution Prevention tab,
    then click “Turn on DEP for all programs”
    Enable Hidden Files

    • Open Windows Explorer, then go to Options. Click on


    change Folder and Search Options
    • Place a check beside the boxes pertaining to the
    following: Always show menus, Display the full path in
    the title bar, Show hidden files, folders and drives
    • Uncheck the boxes pertaining to: hide drives in computer
    empty folder, hide folder merge conflicts, hide extensions
    for known file types.
    • Go back to Windows Explorer, and view again the pull
    down menu; place a checkmark in the box beside File
    Name Extensions and Hidden Files.
    Screen Saver Enable

    • Right click on Desktop and choose Personalize,


    then click on Screen Saver
    • Configure it to wait 10 minutes, and check
    mark "On resume, display Logon screen"
    Resources

    • http://hardenwindows8forsecurity.com/Harde
    n%20Windows%208.1%2064bit%20Home.ht
    ml http://www.blackviper.com/service-
    configurations/black-vipers-windows-8-1-
    service-configurations/

    Вам также может понравиться