A brief of how to Defend a Windows 7 box, video is hosted at https://www.youtube.com/watch?v=ZeD6fy5svnw.

1. Windows Defense
PRESENTED BY: NICK ALHOLINNA

2. Terminology (acronyms)
 RDP (Remote Desktop Connection)
 DNS (Domain Naming Service) (mapping 192.168.2.16 to memeserver.lan)
 MSSQL (Microsoft’s SQL database service)
 HTTP (if you don’t know what this is you may want to find a different career)
 HIPS (Host-Based Intrusion Prevention System)
 AV (Anti-Virus, we use windows defender in windows 10)
 MMC (Microsoft Management Console)
 TelNet (super bad transfer protocol. Nuke this off of your network asap)
 SSH ( Secure Shell)

3. Basic Security Hardening on a local
machine
 Users
 Passwords
 Firewalls
 Groups
 Auditing
 Local Security Policy
 Adware
 Scheduled Tasks

4. Users
 Ask yourself, does this user actually need to have access to this machine?
 Does Sally from accounting need RDP access to the Domain Controller?
 Disable the Local Admin if on a Domain, or use LAPS
 Make sure to follow the principle of least privilege
 Basically, give users only the rights they need

5. Passwords
 Implement Reasonable and secure policies
 These are things like:
 Complexity Requirements (maybe)
 Password Age
 Password history
 Having a password
 Password Length (At least 10)
 Account lockout threshold (after 100 attempts, lockout the account)

6. Groups
 This is where you assign different users access to different resources
 Who has rights to:
 RDP
 Admin
 Telnet

8. Firewalls
 This is one line of defense between a machine and a network and the internet.
 Configure firewall rules to allow/disallow services and ports out of your computer

10. Auditing
 Auditing is a huge part of knowing who has accessed or attempted to
access your system, make sure this is turned on.
 Very useful for making up points if red team has accessed your system
 Control can be found in local security policy
 A lot of correlation rules can be set in a System Information Event Manager
 Ensure you are command-line/powershell logging

12. Tools:
 Computer Management
 Windows Firewall
 Local Security Policy
 MMC
 PowerShell
 Local Users and Groups
 Comodo Cleaning essentials.

13. Resources
 My twitter handle, ALOHA_Jr_
 Defsec.club
 wireshark.life (my personal blog, I’ll post good windows stuff now and again
along with conference blogs)
 Swiftonsecurity.com (Windows everything)
 Irongeek.com (Loads of good stuff here, DerbyCon videos)
 TWITTER (main platform for InfoSec professionals)
 Cyber Operations by Mike O’Leary (Highly recommend this for new Freshmen
and above, lots of general knowledge about attacking and defending, I wish I
had this book starting freshman year)
 Windows Internals (Highly technical book of how Windows Operates)
 https://www.blackhillsinfosec.com/blog/webcasts/