Menu
Fundamentals of Windows Security by Mark Dunkerley and Matt Tumbarello

Nowadays, the conversation of cybersecurity has become a hot topic throughout the world. And even more so with leadership teams and board members of many major organizations asking the question, are we secure? The short answer is no: no one is secure in today's digital world, and there has never been a more critical time to ensure that you are doing everything within your power to protect your organization and its users.

As we continue to receive daily news of breaches throughout the world, it is clear how severe the issue of cybercrime has become. To put it bluntly, we simply need to do a better job of protecting the data that we collect and manage withing our organization today. This isn't an easy task. especially with the advancement of organized cyber and state-sponsored groups with budgets, most likely, far exceeding that of most organizations. As security professionals, we need to do our due diligence and ensure we identify all risks within the organization. Once identified, they will need to be addressed or accepted as a risk by leadership.

As a consumer, it is most likely that your data has already been breached, and there's a chance your account information and passwords are sitting on the dark web somewhere. We need to work with the assumption that our personal data has already been breached and build better barriers around our data and account information. For example, in the U.S., purchasing identity protection as a service to monitor your identity can serve as an insurance policy if you incur any damages. In addition to this, the ability to place your credit reports on hold to prevent bad actors from opening accounts under your name is another example of a defensive approach that you can take to protect your personal identity.

As the cybersecurity workforce continues to evolve and strengthen with more and more talented individuals, we want to help contribute to the importance of securing our data, and we hope this book provides you with the necessary knowledge to do the right thing for your organization. As you read this book, you will not only learn the technical aspects of securing Windows, but you will also learn what else is necessary to ensure the protection of windows and users that use it. Protecting Windows has become a lot more than making a few simple configuration changes and installing an antivirus (AV) tool. There is an entire ecosystem or controls, tools, and technology to help protect your Windows systems and users.

As you read through this chapter, you will learn about the broader fundamentals of security and the principles behind the foundation that is needed to protect your Windows environment. Specifically, you will learn about the following:

An overview of the security transformation within the industry
A look at security trends as they relate to today's digital world
A review of the current threat landscape and common vulnerabilities
An overview of some recent publicly known breaches
An overview of the current security challenges faced today
What Zero Trust security is, and why we need to adopt this approach moving forward

Understanding the security transformation

Over the years, security has evolved from being just a shared role or a role that didn't even exist within a business. Today, well-defined teams and organizational structures do actually exist or are being created to focus solely on security. Not only are these teams maturing constantly, but the Chief Information Security Officer (CISO) has become a person of significant importance who may report directly to a Chief Executive Officer (CEO) within an organization and not the CIO.

Over the years, many roles that never existed before have begun to appear withing the security world, and new skill sets are always in demand. As an overview, the following is a list of some of the more common security roles that you can expect to see within a security program:

CISO/CSO (Chief Information Security Officer/Chief Security Officer)
IT Security Director
IT Security Manager
Security Architect/Engineer
Security Analyst
Security/Compliance Officer
Security Administrator
Security Engineer
Security/Application Security Developer
Software/Application Security Engineer
Cryptographer/Cryptologist
Security Consultant/Specialist
Network Security Engineer
Cloud Security Architect

One thing to point out, in regard to these roles, is the major shortage of the cybersecurity workforce throughout the world. A cybersecurity workforce study by ISC shows that a worldwide growth of 145% is needed to meet the demand for cyber experts. In the US, this number needs to grow by 62%. These numbers clearly show the demand for skilled cybersecurity experts along with opportunities for growth. The challenge with this growth is that new positions are continuously being created as new skills are needed, which makes it difficult to find well-seasoned talent.

One of the primary factors for the growing need of security experts correlates to the advancement of the PC (or personal computer) and its evolution throughout the years. The PC has changed the way we connect. And with this evolution comes the supporting infrastructure, which has evolved into many data centers seen throughout the world.

As we are all aware, Windows has been the victim of numerous vulnerabilities over the years and continues to be victim even today. The initial idea behind the Windows Operating System (OS) was a strong focus on usability and productivity. As a result of its success and adoption across the globe, it became a common target for exploits. This in turn, created many gaps in the security of Windows that have traditionally been filled by many other companies. A good example is a need for third-party AV software. As the world has turned more toward digitization over the years, and the adoption of Windows usage has continued to grow, so has the need for improved security along with dedicated roles within this area. Protecting Windows has not been an easy task, and it continues to be an ongoing challenge.

Living in today's digital world

Today, we are more reliant on technology than ever and live in a world where businesses cannot survive without it. As our younger generations grow up, there is greater demand for the use of advanced technology. One scary thought is how fast the world has grown within the previous 100 years compared to the overall history of mankind. Technology continues to push the boundaries of innovation, and a significant portion of that change must include the securing of this technology. Especially since the wold has become a more connected place with the advancement of the internet.

To give you a rough idea of technology usage today, lets take a look at the current desktop usage throughout the world. For these statistics, we will reference an online service, called Statcounter GlobalStats: https://gs.statcounter.com/. This dataswet is not all-inclusive, but there is a very large sampling of data used to give us a good idea of worldwide usage. Statcounter GlobalStats collects its data through web analytics via tracking code on over 2 million websites globally. The aggregation of this data equates to more than 10 billion page views per month. More information from Statcounter can be viewed at https://gs.statcounter.com/os-market-share.

Focusing on Windows security, the traditional model of an organization would have typiclly included the following security tools as part of its baseline:

AV (antivirus software)
Windows Firewall
Internet proxy service
Windows updates

Depending on your organization or industry, there may have been additional tools. However, for the most part, I'd imagine the preceding list was the extent of most organizations security tools on Windows client devices. The same would have most likely applied to the Windows servers in the traditional model. As this digital transformation has brought change, the traditional method of Windows management has become a legacy. There is an expectation that we can work and access data from anywhere at any time. We live in an internet-connected world, and when we plug our device in, we expect to access our data with ease. With this shift, there is a major change in the security of the systems we manage and, specifically, the Windows server and client. As we shift our infrastructure to the cloud and enable our users to become less restricted, the focus of security revolves not only around the devise itself but that of the users identity and, more importantly, the data. Today, the items that we listed earlier will not suffice. The following tools are those that would be needed to better protect your Windows devices:

Advanced Threat Protection (ATP): AV and threat protection, advanced analytics and behavioral monitoring, network protection, exploit protection, and more
Advanced data loss protection
Information protection
Identity protection: biometric technology, multi-factor authentication, and more
Application control
Machine learning and advanced AI security services

Today's threats

The threat landscape within the cyber world is extremely diverse and is continually becoming more complex. The task of protecting users, data, and systems is becoming more difficult and requires the advancement of even more intelligent tools to keep the bad actors out. Today, criminals are more sophisticated, and groups have formed with significant financial backing to support the wrong doings of these groups. The following is a list of cyber threats:

National governments
Nationstates
Terrorists
Spies
Organized crime groups
Hacktivists
Hackers
Business competitors
Insiders/internal employees

There are many types of cyber attacks in the world today, and this creates a diverse set of challenges for organizations. While not all threats are Windows specific, there's a chance that Windows is the median or attack vector in which an attacker gains access by exploiting a vulnerability. An example of this could be an unpatched OS or an out-of-date application. The following list contains many common types of threats that could cause damage directly from a vulnerability within the Windows OS or by using the Windows OS as an attack vector.

Malware is software or code designed with malicious intent that exploits vulnerabilities found within the system. The following types of threats are considered malware:

Adware
Spyware
Virus (polymorphic, multipartite, acro, or boot sector)
Worm
Trojan
Rootkit
Bots/botnets
Ransomware
Logic bomb

In addition to malware, the following are types of attack techniques that can be used to exploit vulnerabilities:

Keylogger
Phishing
Spear phishing
Whale phishing
SQL injection
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Session hijacking
Man-in-the-Middle Attacks (MITM)
Password attacks (brute-force, dictionary, or birthday attacks)
Credential reuse
Identity theft
Advanced persistent threats
Distributed Denial of Service (DDoS)
Intellectual property theft
Shoulder surfing
Golden Ticket:Kerberos attacks

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access.

In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you'll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you'll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.

What you will learn

Understand baselining and learn the best practices for building a baseline
Get to grips with identity management and access management on Windows-based systems
Delve into the device administration and remote management of Windows-based systems
Explore security tips to harden your Windows server and keep clients secure
Audit, assess, and test to ensure controls are successfully applied and enforced
Monitor and report activities to stay on top of vulnerabilities

Who this book is for

This book is for system administrators, cybersecurity and technology professionals, solutions architects, or anyone interested in learning how to secure their Windows-based systems. A basic understanding of Windows security concepts, Intune, Configuration Manager, Windows PowerShell, and Microsoft Azure will help you get the best out of this book.

Reader Anslem John says, "5out of 5 stars. This is a great book for System Administrator who It starts off highlighting how the security posture in organisations have changed and how it has affected Admins ability to protect any windows client\sever environment.

"This book has covered all the major areas : from developing standards and procedures, all the way to using the M365 Security Center and more. What I also like about this book is that it applies real world scenarios. At no point did I feel any of my environments I have secured were unique and therefore what the book offers is not applicable. Straight away you can apply what was learnt. This is a must have book for any Sys Admin, Security Admin etc!"