Project Part 8- Windows Hardening Recommendations

Rajashekar Rudrapati

Application Security (ISOL-534-M40) - Full Term

University of the Cumberlands

Professor Dr. John Morga

Date: 07/17/2021
 2

By removing unnecessary functionality from the system, hardening increases security. A

network, a device, an operating system, and individual applications can all be hardened. The

virtualization environment must be hardened as virtualization is added. System changes caused

by frequent operating system updates make hardening management difficult. The ICS lifetime

model is used to present system hardening. This comprises duties such as hardening

configuration design, implementation and testing, and system hardening maintenance. Two

PowerShell scripts have been created to facilitate the implementation and maintenance of the

hardening settings (Siik, 2018).

We have a variety of control choices for each service that exists on a Windows system.

We can also turn off the option's starting so that it doesn't run at all. The general plan is to run as

few services as feasible. Another option is to launch services using accounts with lower

privileges. All default services execute in the context of the Local System account, which has

full system access. Disabling unused and unneeded services is the most important layer of the

security onion. This is perhaps the most difficult thing to get right, owing to Microsoft's

appalling lack of documentation on each service's full function and dependencies. The settings

detailed below are automatically applied when you choose to use the automated hardening

feature in setup. All of the following settings appear under the Computer Configuration >

Windows Settings > Security Settings category of settings.

On a Windows 2003 Server, secpol.msc can be used to view most of these parameters.

By default, however, not all MSS parameters are visible. For information on accessing all of the

available security options in the Microsoft Local Security Settings panel, see Threats and

Countermeasures: Security Settings in Windows Server 2003 and Windows XP, accessible at

microsoft.com (Headquarters, 2009). We need to make sure that the audit logs have enough
 3

room for the audits that will be generated. This is especially crucial if the system will be shut

down if an audit fails. We should set up the systems to manage your current log capacity plus

50% more. It's also a good idea to establish a rotation policy. This should be in line with any

policies you have in place (Cox, 2001).

The basic software that handles things like input, output, display, memory management,

and all the other duties required to support the user environment and associated programs is the

operating system of a computer. A network operating system (NOS) is a type of operating

system that incorporates extra features and functionalities to help connect computers and devices

to a local area network, such as printers (LAN).

The user account that is used on a daily basis should not belong to the Administrators

local group. Change the network type to public network discovery disabled, as well as prevent

file and printer sharing. All inbound connections are automatically terminated, ensuring that no

one on the network may access anything on the computer. Protect personal files by filtering

outgoing traffic and programs. Remote assistance and remote desktop connections should be

disabled (Sheikh, 2020).

Network Access Protection (NAP) restricts network resource access based on the identity

of a client computer and compliance with corporate governance policies. NAP enables network

managers to set granular network access levels depending on a client's identification, group

membership, and degree of compliance with company standards. Read-only domain controllers

can be constructed and deployed in high-risk areas, but they can't be changed to add new users,

adjust access levels, or do anything else (Sheikh, 2020).

 4

References

Cox, P. (2001, March). Hardening Windows 2000. In LISA.

Headquarters, A. (2009). Security Best Practices Guide for Cisco Unified ICM/Contact Center

Enterprise & Hosted.

Sheikh, A. F. (2020). Baseline and Secure Software Development. In CompTIA Security+

Certification Study Guide (pp. 163-183). Apress, Berkeley, CA.

Siik, P. (2018). Management of operating system hardening in industrial control

systems (Master's thesis).