Scribd Logo
Upload

Welcome to Scribd!

  • Windows Hardening Recommendations - Edited

    Uploaded by

    luche
    8 views5 pages
    This document provides recommendations for hardening Windows security, including enforcing robust password policies, controlling user accounts, using a DMZ for anonymous web access, authenticating the source of access requests, requiring VPN access from remote locations, and blocking accounts after multiple failed logins. Passwords should be at least 8 characters with a mix of types, writing down or reusing passwords across accounts should be prohibited, and different accounts require unique passwords. The document cites two references on password hardening and Windows 10 security.

    Original Description:

    Original Title

    Windows Hardening Recommendations.edited

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides recommendations for hardening Windows security, including enforcing robust password policies, controlling user accounts, using a DMZ for anonymous web access, authenticating the source of access requests, requiring VPN access from remote locations, and blocking accounts after multiple failed logins. Passwords should be at least 8 characters with a mix of types, writing down or reusing passwords across accounts should be prohibited, and different accounts require unique passwords. The document cites two references on password hardening and Windows 10 security.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views5 pages

    Windows Hardening Recommendations - Edited

    Uploaded by

    luche
    This document provides recommendations for hardening Windows security, including enforcing robust password policies, controlling user accounts, using a DMZ for anonymous web access, authenticating the source of access requests, requiring VPN access from remote locations, and blocking accounts after multiple failed logins. Passwords should be at least 8 characters with a mix of types, writing down or reusing passwords across accounts should be prohibited, and different accounts require unique passwords. The document cites two references on password hardening and Windows 10 security.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Running Head: SECURITY HARDENING 1

    SECURITY HARDENING

    Name

    Institution

    Course

    Professor

    Date
    SECURITY HARDENING 2

    Windows Hardening Recommendations

    To enhance user account security, we provide several windows hardening

    practices that may be used to harden the Windows security and protect against

    unauthorized access into the organization's information systems. Some

    recommendations include robust password policies and user account controls that

    ensure top-notch security (Monrose et al., 2012). Further details are provided in the

    sections below.

    Regarding password use, the system should be configured only to allow strong

    passwords from user accounts. A secure password must be at least eight characters

    long and consist of various types of characters (Monrose et al., 2012). Strong

    passwords make it hard for cybercriminals to guess or crack using such approaches as

    dictionary attacks. As part of the procedural security controls, a clean desk policy should

    be enforced at the organization to ensure that the employees do not put pieces of paper

    containing critical information around their workstations. The policy should also require

    that no employee writes down their passwords (Monrose et al., 2012).

    Another control target users who have multiple user accounts. To ensure

    maximum security, these users must have different passwords for the different user

    accounts they use. Having different passwords is critical in preventing a significant

    breach of security if a cybercriminal managed to obtain the password. That is to say

    that, if a hacker managed to steal credentials for a single user account, then the other

    accounts would not be compromised. As well, the users who have multiple accounts

    should only use their accounts for the roles that the accounts are primarily dedicated

    for. That measure would allow system administrators to recognize any unusual activities
    SECURITY HARDENING 3

    in the user account characterized by the use of an account to perform roles for which it

    is not authorized.

    Anonymous users accessing web servers are required to do so via a

    demilitarized zone (DMZ). In internet security, DMZs are used to act as extra security

    layers to protect an organization's network systems from external access. The local

    area network used by the organization is protected by a firewall that closely monitors

    and filters network traffic that goes in and out of the network systems. Once correctly

    installed, the DMZ can help identify and mitigate security threats before they reach

    Always Fresh's network.

    When authenticating access into the servers, the systems must ensure that the

    source computer has been established. The source of the computer constitutes the

    location of the computer and the type of user. It is critical to identify computers that try to

    connect to the organization's servers from a remote location as well as those that

    access the servers from inside the company's site.

    Employees from the company who work from their homes must use a VPN to

    ensure that security of Always Fresh's systems are protected in case cybercriminals

    compromise security. Any user who attempts to access the servers anonymously

    should be shut out. Often, cybercriminals try to access the company's systems by hiding

    their details as well as a means of covering their tracks. Any unusual login activity,

    regardless of the source computer, should be flagged immediately. Such action includes

    multiple wrong password inputs and any other attempts to circumvent the typical

    security setup (Durve & Bouridane, 2017). The system should block an account that has

    multiple wrong password inputs. If an employee's account is blocked, they need to


    SECURITY HARDENING 4

    contact the system administrator to retrieve the report. A customer whose account is

    blocked as well requires to contact Always Fresh's customer service team to recover

    their accounts (Durve & Bouridane, 2017).


    SECURITY HARDENING 5

    References

    Durve, R., & Bouridane, A. (2017, September). Windows 10 security hardening using

    device guard whitelisting and Applocker blacklisting. In 2017 Seventh

    International Conference on Emerging Security Technologies (EST) (pp. 56-61).

    IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/8090399/

    Monrose, F., Reiter, M. K., & Wetzel, S. (2012). Password hardening based on

    keystroke dynamics. International Journal of Information security, 1(2), 69-83.

    Retrieved from https://link.springer.com/content/pdf/10.1007/s102070100006.pdf

    You might also like