HARDENING OF WINDOWS 10 OS.pptx

HARDENING OF OS

Why? There is no such thing as a perfectly secure PC. The primary reason for security breaches. Mis -configuration of the victim host. Not inherent weakness in the OS but the need for ease of use and to cater for a very wide range of different users with different skill sets .

What is Hardening of OS? Step by step procedure of securely configuring a system to protect it against unauthorized access, while also taking actions to make the system more reliable. Generally anything that is done in the name of System Hardening ensures the system is both secure and reliable. Saving system from exploitation and attacks.

Good User Practices Give a Power-on Password. Ensure first boot device is the internal HDD. Install & update a good antivirus pgme . Install a firewall. Never log in as Admin for day to day work. Ensure physical cmptr security. Use your screen saver as a security device. Always lock account while leaving the cmptr .

Password

Password Management Passwords are an integral part of overall security. They are one of the vulnerabilities most frequently targeted by someone trying to break into a system. If your password is compromised, your account allows the intruder access to do anything you are able to do on the system. There are many ways that you can help protect your password and therefore, our organization’s information.

Bad Passwords Names: Yours, Family, Pets Personal Information: Hobbies, Favorite teams, Birthdays Dictionary Words: If used by themselves simple words make a bad password Numbers: Numbers alone are not a good password Strong Passwords easy to remember: Use phrases Too late again : 2L8again Music is for me : MusikS4me It rains in summers : It_R@in$_in_Summ3r$ Strong Password: Compound words: Compound words that we use every day are easy to remember. Spice them up with numbers and special characters. Also, misspell one or both of the words. Deadbolt : Ded&bowlt8

Password Management Having a strong password is a great start but protecting it can be just as important. As we’ve previously shown, once someone knows your user ID and your password, they have access to do everything on our systems that you do. Anything they do will appear as though you did it. If you ever suspect your password has been compromised, please change your password. Do not share your password with anyone. Never write down your password or store it in a computer file.

HARDENING OF WIN 10 OS

Disable Windows 10 automatic login By default, your new account is set to log in automatically at startup Serious security risk if anyone can open your computer Press Win+R , enter “ netplwiz “, which will open the “ User Accounts ” window. Netplwiz is a Windows utility tool for managing user accounts. Check the option for “ Users must enter a username and password to use this computer ” and click Apply . Restart your computer

Set a password with your screensaver Good idea to make sure your PC automatically locks after a set period of inactivity. Open the Control Panel . Search and Click Change screen saver . In the Screen Saver Settings check the box “ On resume, display logon screen”

Turn on your firewall Firewall is enabled by default . It’s designed to prevent unauthorized access to or from your private network. Open the Control Panel in Windows. Click on System and Security. Click on Windows Firewall . If your firewall is disabled, you’ll see Windows Firewall marked “Off.” To turn it on, in the left navigation pane, you can click on Turn Windows Firewall on or off .

Disable remote access Windows Remote Desktop feature that allows you (or others!) to connect to your computer remotely over a network connection. Remote access allows someone to control everything on your computer as if they are directly connected to it. Criminals can gain control of remote systems, can install malware, or steal databases full of personal information.

Disable remote access Type “remote settings” into the Cortana search box . Disable “Enable Remote Desktop”

Enable or install antivirus protection tools Enterprise editions of Windows 10 include Windows Defender Advanced Threat Protection Microsoft’s SmartScreen technology is another built-in feature that scans downloads and blocks the execution of those that are known to be malicious.

Enable auto-updates for your operating system Some security patches are critical fixes for protecting you from a new type of malware or cyberattack . From Settings , tap or click on Update & security . Choose Windows Update from the menu on the left, assuming it’s not already selected. Tap or click on the Advanced options link on the right, which will open a window headlined Choose how updates are installed . Select Automatic (recommended) from the drop-down, check “Give me updates for other Microsoft products when I update Windows.” And do not check the Defer upgrades option.

Set up file backups Routine file backups are essential for protecting yourself from losing important data Sudden hard-drive failure or your PC get a virus File History Create a recovery drive to restore your system from an image backup . Select Update & Security and then click on the Backup section to view the relevant options Settings – Interval of Backup, what to add, what to skip, When to Delete, etc

Turn on encryption BitLocker is Microsoft’s proprietary disk encryption software Bitlocker has you set a password, gives you a recovery key, and shows you an option to “Encrypt Entire Drive .” If your encrypted information were stolen, it would be unusable .

Set up your user accounts Set up multiple accounts with different levels of permissions Administrator Account : The first account on a Windows 10 PC is a member of the Administrators group and has the right to install software and modify the system configuration. Standard Account: Additional accounts can and should be set up as Standard users. You can use a Standard user account for your regular use Guest Account: By default, a Guest account has a blank password. Best practice to leave the Guest account disabled.

Configure Win Explorer to show all file name extn

Password Policy Press Win+r key and type secpol.msc Click on Account Policies -> Password Policy Enforce password history: 06 Maximum password age : 45 Days Minimum password age : 1 day Minimum password length : 10 Chars Passwords must meet complexity requirements : Enabled Store password using reversible encryption – Disabled Prompt user too change password before expiration – 14 Days

Account Lockout Policy Press Win+r key and type secpol.msc Click on Account Policies -> Account Lockout Policy Account Lockout duration : 30 mins Account lockout threshold : 3 Reset Account Lockout Counter After : 20 mins

Audit Policies Press Win+r key and type secpol.msc Click on Local Policies -> Audit Policy

Audit Policies Audit account logon events : Success, Failure Audit account management : Success, Failure Audit directory service access : Success, Failure Audit logon events : Success, Failure Audit object access : Success, Failure Audit policy change : Success, Failure Audit privilege use : Not Essential Audit process tracking : Not Essential Audit system events : Success, Failure

Rename Admin Account

Disable Guest Account

Interactive Logon : Ctrl + Alt + Del

Don’t Display Username

Customised Login Message

Customised Message Message text for users attempting to log on This system is for the use of authorized users only. Individuals using this computer system with authority, without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials. Message title for users attempting to log on Warning: This is a monitored computer system!

Preventing Auto Play

Disable USB Port Open Regedit Open “HKEY_LOCAL_MACHINE” Open “SYSTEM” Open “ CurrentControlSet ” Open “Services” Open “USBSTOR” Change Start Parameter to any value except 3 & 4

Disable CD Drive Right click “This PC” and click on Manage Go to Device Manager Click on DVD/CD-ROM drives Right click on the drive and select “Disable device”

Run Commands %temp% recent secpol.msc gpedit.msc cmd regedit msconfig.exe ncpa.cpl

Internet Security

Good Practice Eliminate your web browsing History. Erase your Autocomplete feature. Handling Cookies. Eliminate recent document history on exit . Use private mode to browse. Uninstall unsafe extensions. Use web scan feature of Antivirus

HARDENING OF WINDOWS 10 OS.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

HARDENING OF WINDOWS 10 OS.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......