The document outlines a comprehensive long-term care plan focusing on in-home care considerations for a fictional consumer, including necessary supports and services for quality of life and treatment. Additionally, it covers security strategies for hardening Microsoft Windows systems, emphasizing techniques to secure computers, manage user accounts, and implement robust backup solutions. Best practices for maintaining security compliance and awareness, as well as guidelines for effective data protection strategies, are also detailed.

1. Documentation Artifact 5
Long Term Care Plan
-Continuing to work with your fictional consumer, do you feel
he or she is a good candidate for in home care? Why or why
not?
-Living in the community, what types of supports and services
do you feel that your consumer may need to have a high quality
of life, potential employment or day activities, and continued
treatment (if needed)? (This will require knowing what typical
services are for people with similar disabilities and situations)
-Where could your consumer get these supports and services in
the local community? (This will require researching local
agencies and services)
Assignment: Write a memo to me stating the above information
in a clear and professional manner. This should build the case
for in home care or highlight the infeasibility of it (approximate
length should be 1 page)
Security Strategies in Windows Platforms and Applications
Lesson 11
Hardening the Microsoft Windows Operating System
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company

2. www.jblearning.com
All rights reserved.
Cover image © Sharpshot/Dreamstime.com
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
1
Learning Objective(s)
Apply system hardening techniques in Microsoft Windows.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
Key Concepts
General hardening concepts and strategies
Hardening servers, clients, networks, and more
Security awareness
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com

3. All rights reserved.
Understanding the Hardening Process and Mind-set
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
4
Employ strategies to secure Windows computers
Install only what you need
Use Security Compliance Toolkit (SCT)
Manually disable and remove programs/services
Strategies to Secure Windows Computers
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.

4. The process of making configuration changes and deploying
controls to reduce the attack surface is called hardening.
5
Disable/remove programs with vulnerabilities
Establish controls on running programs
Install Only What You Need
When installing Windows Server, select which programs to
install
Customize a server by defining one or more roles
Role is a predefined set of services, programs, and
configuration settings that enables a computer to fulfill specific
requirements
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
Security Compliance Toolkit (SCT)
A set of tools from Microsoft to help manage Windows security
baselines
Provides guidance to administrators that makes it easier to
ensure policies adhere to policy best practices
Includes two tools to help manage baseline input and GPOs

5. Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
Policy Analyzer Selection Window
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
8
Windows Security Configuration Wizard—Select Server Roles
Policy Analyzer
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
9

6. Manually Disabling and Removing Programs and Services
Back up the Windows Registry before making any changes
Make changes on a test computer whenever possible
Evaluate each computer
Identify remaining programs and services you don’t need
Remove unneeded programs
Use the Windows Services maintenance utility to start, stop, and
change services settings
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
Uninstalling a Program in Windows
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
11
Windows Services Maintenance
Page ‹#›
Security Strategies in Windows Platforms and Applications

7. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
12
Windows Services Properties
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
13
Hardening Microsoft Windows Operating System Authentication
Disallow older authentication methods
Remove or disable any unused or inactive user accounts
Protect Administrator account
Establish and enforce strong account policies
Password policy
Account policy
Kerberos policy
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning

8. Company
www.jblearning.com
All rights reserved.
14
Hardening the Network Infrastructure
Identify network server and client services that require access to
ports
Modify firewall settings to open those ports; close all other
ports
To manage firewall settings, use:
Windows Defender Firewall with Advanced Security
Local Group Policy Editor
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
15
Windows Defender Firewall with Advanced Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning

9. Company
www.jblearning.com
All rights reserved.
16
Group Policy Management Editor—Windows Defender Firewall
with Advanced Security
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
17
Securing Directory Information and Operations
Active Directory (AD)
Limit the number of administrators with access to AD
Ensure that administrators use separate Administrator user
accounts
Administrators should have one account for AD administration
and at least one other account for other administration tasks
Create an AD security group
Require that AD administrators do their AD work only from
dedicated terminal servers instead of workstations
Page ‹#›
Security Strategies in Windows Platforms and Applications

10. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
18
Securing Information and Operations (Cont.)
Directory Service Restore Mode (DSRM)
Change password from the default password after installation
Periodically change the DSRM password
Protect the DSRM password for each domain controller and
change it every six months
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
19
Hardening Microsoft Windows OS Administration
After creating other user accounts with Administrator
privileges, disable default Administrator account
Enable strong passwords
Set Administrator passwords to expire on a regular basis
Create and maintain baselines
Create full backup of each system before and after hardening

11. Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
20
Hardening Microsoft Windows OS Administration (Cont.)
Create individual backups of policies each time they change
Ensure Windows systems are updated to latest patch
Ensure Windows Update is configured to automatically
download and install latest updates from Microsoft
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
21
Group Policy Management Console—Backup GPO
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com

12. All rights reserved.
22
Windows Update
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
23
Windows Update Advanced Options
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
24
Hardening Server Computers
Ensure server computers don’t do anything they’re not supposed

13. to do, such as run unneeded services
Harden services they are supposed to provide
After installing a server, run Security Compliance Toolkit to
disable unneeded roles and services
Use nmap utility to identify open ports
Enable IPSec for server-to-server communications
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
25
Hardening Workstation Computers
Use malware protection
Mitigate vulnerabilities
Disable programs and services not used
Review firewall settings
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
26
Hardening Data Access and Controls

14. Minimize number of user accounts on computers
Carefully control access to accounts with Administrator rights
Use Windows Group Policy to establish access control lists
(ACLs)
Avoid allowing anonymous or guest user accounts to access
sensitive data
Protect data at rest with Windows Encrypting File System (EFS)
or Windows BitLocker
Ensure data backups are encrypted
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
27
Hardening Communications and Remote Access
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
28
Network access control (NAC)

15. Authentication servers
VPN and encryption
Hardening PKI
Public key infrastructure (PKI): The hardware, software,
policies, and procedures to manage all aspects of digital
certificates
Makes environments more secure
Ensure all computers that participate are hardened
Harden certificate authority (CA) servers
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
29
Hardening PKI (Cont.)
Ensure CAs are physically secure and only accessible by
authorized administrators
Backup CA keys and store them in a safe location
Use GPOs to distribute root CA certificates
Page ‹#›

16. Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
30
Security Awareness Reminders
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
Physical posters and banners in conspicuous locations, such as
in break rooms and cafeterias, and around printers, fax
machines, or shredders
Email newsletters, social media contact, and security policy
updates
Periodic website reminders
Social media messages
Daily or weekly tip programs
Contests with security themes
Security events on specific dates, such as November 30,
International Computer Security Awareness Day
Lunch-and-learn meetings about topics of interest to employees
personally—such as identity theft or cyberbullying—as well as
topics of interest to your organization
Visible modeling of good security behaviors by your
organization’s leaders

17. 31
Posters and banners
Newsletters
Website reminders
Social media messages
Daily or weekly tip programs
Contests
Security events
Lunch-and-learn meetings
Leadership
Best Practices
Install only the Windows Server Core option when you don’t
need extra functionality.
Select the minimum number of roles in Windows Server.
Run SCT immediately after installation of Windows Server.

18. Update and patch systems; configure for automatic Windows
updates.
Install and run Microsoft Baseline Security Analyzer (MBSA)
and at least one vulnerability scanner.
Create one or more user accounts with Administrator rights.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
32
Best Practices (Cont.)
Disable the Administrator and Guest user accounts.
Disable all unneeded services.
Close all ports not required by services or applications.
Create GPOs for all security settings, including firewall rules.
Use AD to distribute all configuration changes using GPOs.
Create a backup of each GPO.
Scan all computers for open ports and vulnerabilities.
Limit physical access to all critical servers.
Create an initial baseline backup.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.

19. 33
Best Practices (Cont.)
Change the AD DSRM password periodically, at least every six
months.
Install anti-malware software on each computer.
Ensure all anti-malware software and data are current.
Use NAC software or devices to control remote computer
connections.
Use remote authentication methods to authorize remote
computers and users.
Require secure VPNs to access internal network resources.
Use IPSec with digital certificates to authenticate computer-to-
computer connections in the datacenter.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
34
Best Practices (Cont.)
Require security awareness training prior to issuing access
credentials.
Require periodic recurrent security awareness training to retain
access credentials.
Provide continuing security awareness.
Page ‹#›
Security Strategies in Windows Platforms and Applications

20. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
35
Summary
General hardening concepts and strategies
Hardening servers, clients, networks, and more
Security awareness
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company
www.jblearning.com
All rights reserved.
36
APA format
No resources before 2015
DO all parts of below assignment

21. Assume you are a security professional. You are determining
which of the following backup strategies will provide the best
protection against data loss, whether from disk failure or natural
disaster:
Daily full server backups with hourly incremental
backupsRedundant array of independent disks (RAID) with
periodic full backupsReplicated databases and folders on high-
availability alternate servers
Answer the following question(s):
Which backup strategy would you adopt? Why?
To complete this assignment, you must do the following:
A) Create a new thread.
B) Select AT LEAST 3 other students' threads and post
substantive comments on those threads, evaluating the pros and
cons of that student’s recommendations.
Your comments should extend the conversation started with the
thread.
ALL original posts and comments must be substantive. (I'm
looking for about a paragraph - not just "I agree.")

22. NOTE: These discussions should be informal discussions, NOT
research papers. If you MUST directly quote a resource, then
cite it properly. However,
I would much rather simply read your words.