At-home Windows Hardening Security Project
Hanging out with fellow hackers is part of our job. Most of us white hats dabble in a little curiosities from time to time, and you're typically just surrounded by more people skilled enough technically to raise the risks for you a bit. Below is a guide. the At-home Windows Hardening Security Project that I created to help you harden your Windows 10/11 system but not make it so secure that it is unusable.
Disable Remote Access
Attackers can use Microsoft Remote Desktop's remote access feature to gain control of your device, steal information, and install malware. You'll want to be able to launch Remote Desktop Connection to log into various things (including the lab here), but you do not wish to host a remote desktop service.
The easiest graphical way to disable Remote Desktop is by using Settings. Start by launching Settings using Windows+i. From the left sidebar, select "System." On the right pane, scroll down and choose "Remote Desktop." On the following screen, turn off the "Remote Desktop" toggle. The Windows 11 Home edition doesn't support remote desktops.
Use Antivirus
Windows' Virus & threat protection is good enough. It is on by default. Go to Start, type in "Virus & Threat Protection," then go to "Manage settings." Make sure that all toggles are in the "on" position. If you do choose to handle malware on your computer, you will want to take note of the "Exclusions" and add exclusions to the folders you don't wish to scan.
Create Strong Passwords
Passwords should be in a password manager, and I don't care what anyone says; you should invest in a good one like LastPass. Always be careful who you're giving your data to and their financial situation. You should also purchase two YubiKeys, ensure the password manager's 2-factor authentication is enabled, and set up with your primary and backup YubiKey. Buy a YubiKey Nano to stick in your laptop and keep a YubiKey on your keyring. Share your master password with a loved one and make your password vault part of your digital inheritance if something should happen to you. I know I am bleeding into other subjects, but someone needs access to your digital identities if something were to happen to you. There is a line of cybersecurity that is too secure for no one to access anything, and that isn't where you need to draw the line. It's something you need to consider seriously. You'll already be maintaining your digital life.
Enable File Backups
Regular file backup can help prevent data loss during malware attacks or hardware failures. Go back to Start, then "Virus & Threat Protection," scroll down to "Ransomware protection," click the option to "Set up OneDrive," and follow the prompt to choose which folders to back up.
Turn on Core Isolation
This feature adds virtualization-based security to protect against malicious code and hackers. It isolates core processes in memory and prevents hackers from taking control of unsecured drivers.
To turn on core isolation in Windows 11, do the following:
Click the Start button
Type "Windows Security"
Select Device security
Select Core isolation details
Turn on:
Local Security Authority protection
Microsoft Vulnerable Driver Blocklist
Turn on Bitlocker Drive Encryption
If you have Windows 11 Pro, go ahead and set up Bitlocker Drive Encryption. That way, when your computer starts up, you will be prompted with a password, which will encrypt your data at rest.
Optional PUA protection
I've never turned this on, and it may be an annoyance as we tend to play with many applications, but you do have the ability to turn on "Reputation-based protection," which will protect you from potentially unwanted applications.
Windows Update Settings
Go to Windows Update Settings and ensure "Get the latest updates as soon as they are available" is OFF. Then click on "Advanced Options" and turn on "Receive updates for other Microsoft Products."
That should do it. Make sure you stay updated with Windows updates and use your password manager. Also, make sure you turn on 2-factor authentication everywhere!
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.
You can connect with him on LinkedIn.
You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.
Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here.
Comments