Skip to main content

πŸ’ͺ Device Hardening

The process of security by reducing its surface of vulnerability.

- Eliminating as many security risks/flaws as
- Achieved by removing all non-essential software programs and utilities
- Removing default settings
- Applying advanced configurations to restrict access

Here are some ways to harden a system:

1. BIOS/UEFI
2. Built into Windows 10
3. Group policy
4. Registry

These are explained below.

BIOS/UEFI#

- Password protected
- Enable secure boot-UEFI only
- Disable ports such as front USB
- Enable chassis intrusion detection
- Install BIOS and UEFI firmware updates

Built into Windows 10#

- Enable passwords for all accounts
- Set a password with your screensaver
- Enforce password policies
- Turn on Windows Firewall
- Disable remote access
- Enable or install antivirus protection tools
- Enable windows updates
- Encrypt storage media
- Switch off unused services and ports
- Remove old device drivers/unused hardware
- Apply principle of least priveledge
- Lock down features and tools such as gpedit.mdc

Group Policy#

This is controlled by gpedit.msc

- Restrict access to control
- Block Command Prompt
- Prevent software installations
- Disable forced restarts
- Disable automatic driver updates
- Disable removable media drives
- Hide balloon and toast notifications
- Remove onedrive

Registry#

- This is a set of database settings and opeions installed on all versions of windows
- Hives, leys, strings structire
- The regedit allows values to be changed
- Windows features can be enabled and disabled

SOP#

It can also help to have a Standard Operating Procedure

PowerPoint

Download the PowerPoint here