2. Terminology (acronyms)
RDP (Remote Desktop Connection)
DNS (Domain Naming Service) (mapping 192.168.2.16 to memeserver.lan)
MSSQL (Microsoft’s SQL database service)
HTTP (if you don’t know what this is you may want to find a different career)
HIPS (Host-Based Intrusion Prevention System)
AV (Anti-Virus, we use windows defender in windows 10)
MMC (Microsoft Management Console)
TelNet (super bad transfer protocol. Nuke this off of your network asap)
SSH ( Secure Shell)
3. Basic Security Hardening on a local
machine
Users
Passwords
Firewalls
Groups
Auditing
Local Security Policy
Adware
Scheduled Tasks
4. Users
Ask yourself, does this user actually need to have access to this machine?
Does Sally from accounting need RDP access to the Domain Controller?
Disable the Local Admin if on a Domain, or use LAPS
Make sure to follow the principle of least privilege
Basically, give users only the rights they need
5. Passwords
Implement Reasonable and secure policies
These are things like:
Complexity Requirements (maybe)
Password Age
Password history
Having a password
Password Length (At least 10)
Account lockout threshold (after 100 attempts, lockout the account)
6. Groups
This is where you assign different users access to different resources
Who has rights to:
RDP
Admin
Telnet
7.
8. Firewalls
This is one line of defense between a machine and a network and the internet.
Configure firewall rules to allow/disallow services and ports out of your computer
9.
10. Auditing
Auditing is a huge part of knowing who has accessed or attempted to
access your system, make sure this is turned on.
Very useful for making up points if red team has accessed your system
Control can be found in local security policy
A lot of correlation rules can be set in a System Information Event Manager
Ensure you are command-line/powershell logging
11.
12. Tools:
Computer Management
Windows Firewall
Local Security Policy
MMC
PowerShell
Local Users and Groups
Comodo Cleaning essentials.
13. Resources
My twitter handle, ALOHA_Jr_
Defsec.club
wireshark.life (my personal blog, I’ll post good windows stuff now and again
along with conference blogs)
Swiftonsecurity.com (Windows everything)
Irongeek.com (Loads of good stuff here, DerbyCon videos)
TWITTER (main platform for InfoSec professionals)
Cyber Operations by Mike O’Leary (Highly recommend this for new Freshmen
and above, lots of general knowledge about attacking and defending, I wish I
had this book starting freshman year)
Windows Internals (Highly technical book of how Windows Operates)
https://www.blackhillsinfosec.com/blog/webcasts/