πͺ Device Hardening
The process of security by reducing its surface of vulnerability.
-
Eliminating as many security risks/flaws as
-
Achieved by removing all non-essential software programs and utilities
-
Removing default settings
-
Applying advanced configurations to restrict access
Here are some ways to harden a system:
1.
BIOS/UEFI
2.
Built into Windows 10
3.
Group policy
4.
Registry
These are explained below.
#
BIOS/UEFI-
Password protected
-
Enable secure boot-UEFI only
-
Disable ports such as front USB
-
Enable chassis intrusion detection
-
Install BIOS and UEFI firmware updates
#
Built into Windows 10-
Enable passwords for all accounts
-
Set a password with your screensaver
-
Enforce password policies
-
Turn on Windows Firewall
-
Disable remote access
-
Enable or install antivirus protection tools
-
Enable windows updates
-
Encrypt storage media
-
Switch off unused services and ports
-
Remove old device drivers/unused hardware
-
Apply principle of least priveledge
-
Lock down features and tools such as gpedit.mdc
#
Group PolicyThis is controlled by gpedit.msc
-
Restrict access to control
-
Block Command Prompt
-
Prevent software installations
-
Disable forced restarts
-
Disable automatic driver updates
-
Disable removable media drives
-
Hide balloon and toast notifications
-
Remove onedrive
#
Registry-
This is a set of database settings and opeions installed on all versions of windows
-
Hives, leys, strings structire
-
The regedit allows values to be changed
-
Windows features can be enabled and disabled
#
SOPIt can also help to have a Standard Operating Procedure
PowerPoint
Download the PowerPoint here