Microsoft Windows Hardening P1 | Windows Security | TryHackMe
We covered how to harden and secure Windows workstations from both the identity management and network side.This was part of TryHackme Microsoft Windows Hardening room.
Windows OS Core Components
Windows Services
Windows Services create and manage critical functions such as network connectivity, storage, memory, sound, user credentials, and data backup and runs automatically in the background. These services are managed by the Service Control Manager panel and divided into three categories, i.e. Local, Network & System. Many applications like browsers and anti-virus software can also run their services for a seamless user experience.
Windows Registry
The Windows registry is a unified container database that stores configurational settings, essential keys and shared preferences for Windows and third-party applications. Usually, on the installation of most applications, it uses a registry editor for storing various states of the application. For example, suppose an application (malicious or normal) wants to execute itself during the computer boot-up process; In that case, it will store its entry in the Run & Run Once key.
Usually, a malicious program makes undesired changes in the registry editor and tries to abuse its program or service as part of system routine activities. It is always recommended to protect the registry editor by limiting its access to unauthorised users.
Event Viewer
Event Viewer is an app that shows log details about all events occurring on your computer, including driver updates, hardware failures, changes in the operating system, invalid authentication attempts and application crash logs. Event Viewer receives notifications from different services and applications running on the computer and stores them in a centralised database.
Hackers and malicious actors access Event Viewer to increase their attack surface and enhance the target system’s profiling. Event categories are as below:
- Application: Records events of already installed programs.
- System: Records events of system components.
- Security: Logs events related to security and authentication etc.
Windows Password Policies
One primary use of a local policy editor is to ensure complex and strong passwords for user accounts. For example, we can design password policies to maximise our security:
- Passwords must contain both uppercase and lowercase characters.
- Check passwords against leaked or already hacked databases or a dictionary of compromised passwords.
- In case of 6 failed login attempts within 15 minutes, the account will remain locked for at least 1 hour.
We can access Password policies through the Local group policy editor.
Go to Security settings > Account Policies > Password policy
Windows Defender Firewall
Windows Defender Firewall is a built-in application that protects computers from malicious attacks and blocks unauthorised traffic through inbound and outbound rules or filters. As an analogy, this is equivalent to “who is coming in and going out of your home”.
Malicious actors abuse Windows Firewall by bypassing existing rules. For example, if we have configured the firewall to allow incoming connections, hackers will try to manipulate the functionality by creating a remote connection to the victim’s computer.
You can see more details about Windows Firewall Configuration here.
We can access Windows Defender Firewall by accessing WF.msc in the Run dialogue.
Encryption Through Windows BitLocker
Encryption of the computer is one of the most vital things to which we usually pay little attention. The worst nightmare is that someone gets unfettered access to your devices’ data. Encryption ensures that you or someone you share the recovery key with can access the stored content.
Microsoft, for its business edition of Windows, utilises the encryption tools by BitLocker. Let us have a quick look at how one can ensure to protect the data through BitLocker encryption features available on the Home Editions of Windows 10. You have already read about it here (Task 8).
Go to Start > Control Panel > System and Security > BitLocker Drive Encryption. You can easily see if the option to BitLocker Drive Encryption is enabled or not.
Check out the video below for detailed explanation.
Room Answers | TryHackMe Microsoft Windows Hardening
Room answers can be found here.
