πͺ Device Hardening
The process of security by reducing its surface of vulnerability.
- Eliminating as many security risks/flaws as possible
- Achieved by removing all non-essential software programs and utilities
- Removing default settings
- Applying advanced configurations to restrict access
Here are some ways to harden a system:
- BIOS/UEFI
- Built into Windows 10
- Group policy
- Registry
BIOS/UEFIβ
- Password protected
- Enable secure boot-UEFI only
- Disable ports such as front USB
- Enable chassis intrusion detection
- Install BIOS and UEFI firmware updates
Built into Windows 10β
- Enable passwords for all accounts
- Set a password with your screensaver
- Enforce password policies
- Turn on Windows Firewall
- Disable remote access
- Enable or install antivirus protection tools
- Enable windows updates
- Encrypt storage media
- Switch off unused services and ports
- Remove old device drivers/unused hardware
- Apply principle of least priveledge
- Lock down features and tools such as gpedit.mdc
Group Policyβ
This is controlled by gpedit.msc
- Restrict access to control
- Block Command Prompt
- Prevent software installations
- Disable forced restarts
- Disable automatic driver updates
- Disable removable media drives
- Hide balloon and toast notifications
- Remove onedrive
Registryβ
- This is a set of database settings and opeions installed on all versions of windows
- Hives, leys, strings structire
- The regedit allows values to be changed
- Windows features can be enabled and disabled
SOPβ
It can also help to have a Standard Operating Procedure
PowerPointhttp://cdn.nayan.gq/Hardening%20New.pptx