Apr 19 2019 10:35 AM - edited May 01 2019 08:17 AM
Apr 19 2019 10:35 AM - edited May 01 2019 08:17 AM
for a while I have been aware of this Microsoft documentation, which is very useful for hardening windows 10:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-scor...
but now there is also this Microsoft documentation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-f...
(note that you have to impliment 5+4 to reach level 4, and 5+4+3 to reach level 3 etc)
be aware that there is overlap between the two and a lack of step by step information about how to impliment and enable some features but such information can usually be found within https://docs.microsoft.com/en-us/windows/security/threat-protection
here is also a good overview of the security boundaries, features, and mitigations in windows 10:
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
this is all targetted at enterprise but I have found it useful even on my own consumer devices
I would be grateful if a lot of these Microsoft recommended security features and mitigations weren't disabled by default
enjoy! - beary
Jul 05 2019 08:20 PM
Jul 05 2019 08:20 PM
some updates
Windows Secure Score
https://docs.microsoft.com/en-gb/windows/security/threat-protection/microsoft-defender-atp/secure-sc...
defender updates seem to have been renamed to security intelligence, but otherwise remains the same and should be auto updated within the hour
Windows Security Configuration Framework
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-f...
this been updated and the numbering has been reversed so that you now have to implement 1+2 to reach level 2, and 1+2+3 to reach level 3 etc, this seems less confusing than it was initially, hence i felt the need to explain it at all
disabled by default but easy to enable Windows Defender features that I highly recommend:
Enable Potentially Unwanted Application (PUA) Protection
Set-MpPreference -PUAProtection Enabled
this enables defender to remove adware and similar junk
Enable Network Protection
Set-MpPreference -EnableNetworkProtection Enabled
think of this as system wide smartscreen, rather than limited to just the browser
Enable Attack Surface Reduction (ASR) Rules
Set-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9B1eeee46550, d4f940ab-401b-4efc-aadc-ad5f3c50688a, 3b576869-a4eC-4529-8536-b80a7769e899, 75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84, d3e037e1-3eb8-44c8-a917-57927947596d, 5beb7efe-fd9A-4556-801d-275e5ffc04cc, 92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b, 01443614-cd74-433a-b99e-2ecdc07bfc25, c1db55ab-c21a-4637-bb3f-a12568109d35, 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2, d1e49aac-8f56-4280-b9ba-993a6d77406c, b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4, 26190899-1602-49e8-8b27-eb1d0a1ce869, 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c, e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled
attack surface reduction rules block common infection behaviours used by malware
enjoy! - beary
PS haveibeenpwned.com
not only can you check your personal emails and passwords to see if they are present in public data breaches, you can implement company wide password blacklisting in active directory etc which is recommended by Microsoft as a replacement for the harmful/misguided time based expiring passwords feature which has been depreciated