1. Windows Security

2. http://cyberpatriotarchives.com/Checklists/Checklist%20- %20Windows7%20-%20cochise.pdf
%20Windows7%20-%20Marlow%20High%20School.pdf
erver2008R2.pdf
resources/WindowsSecurityChecklist pdf
applications-for-learning/
%20Server2008%20-%20Cochise.pdf
%20Server2008%20-%20Marlow%20High%20School.pdf
checklists

3. Windows security Basic Checklist User Accounts (local & domain)
If the system logs straight on, there is no password set or other user account.
Netplwiz or control panel – user accounts
Delete extra accts (not in use)
Make sure all accts have passwords
Change default account names (optional)
Check group memberships (security)
No autologin (netplwiz)
Passwords
Secpol.msc (local security policy) or control panel- admin tools-local sec pol
domain users(group policy – later in windows2008)
Account policies (Length, complexity, history, lockout)
Local policies (security options)
Windows security

4. Windows security Windows Updates (control panel – windows updates)
Service packs (control panel – system) *other options
Os updates
Non-Os updates (office apps, etc.) control panel – programs and features to see installed apps
Firewall (control panel – windows firewall)
Make sure firewall is on
Verify existing rules are correct (look for odd applications or fully open ports)
Advanced settings (add/remove rules)
Deny ports like (ftp, ssh, telnet, snmp, ldap, rdp) both directions unless needed (ftp,ssh,rdp)
at home typically disable inbound all (all traffic must originate inside to get back in)
Host file -clean it c:\windows\system32\drivers\etc\hosts.txt (can be used for dns redirection)
Antivirus (MS security essentials, mcafee, symantec, malwarebytes ….)
Microsoft defender (typically will be on if no antivirus installed)
If none installed install ms security essentials (this will disable defender as its better)
Malwarebytes can check for malware and some rootkits. Housecall.Trendmicro online scanner
Explain botnet, rootkits, dos attack, phishing, spyware, trojans, malware, buffer overflow, injection
Windows security

5. Windows Security Remote Access Extra Programs Extra Services
Control panel – system – advanced settings (remote tab) or right click computer – properties
For competitions typically disable, if require on, make sure its high security and specific users
Extra Programs
View start menu items
Control panel – programs and features
Msconfig – startup tab & services tab
Extra Services
Services.msc (also in control panel – admin tools)
Can sort by status & startup type (look at automatics and started) disable un-needed by scenario
Disable/stop services like (rdp, ics, remote registry, rd config, ssdp, upnp, www publishing)
process/#procexp
Audit/logging
Secpol.msc (advanced audit policy configuration)
Control panel – admin tools – event viewer (view windows logs for activity/errors)
*Scheduled tasks (verify no odd ones, typically there are none by default)
Windows Security

6. File System (control panel – admin tools – computer management)
Diskpart (cmd shell) ? For commands like “list drive letter”
NTFS preferred (convert if fat32)
Create partition (computer management)
Shrink or extend, GPT (for >2tb partitions)
File Sharing
Computer management – shared folders
Remove/add/change in windows explorer or computer management(win7)
File security/share security (explain inheritance)
File extensions
Windows explorer – Organize – folder and search options
Control panel – folder options – view tab (show hidden)
User Access Control
Control panel – user accounts or msconfig tools tab
Environment variables (explain use)
Action Center
Check for any issues
Windows Security

7. Windows Security Control Panel Administrative tools
Very useful, most tools can be accessed from here
Windows features / Parental controls
Task bar and start menu
Administrative tools
Accessed through control panel or search bar
Services, computer management (shares/disks), security policy, event viewer
Computer properties (right click computer – properties)
Device manager
Remote settings
System protection
Advanced system settings
Network and Sharing Center
Advanced sharing settings
Network profiles
Adapter settings (check dhcp/dns/proxy settings)
Netstat –a (command shell)
Apps: firefox, IE, chrome (verify no proxy/vpn settings) firefox(options-advanced-network) & verify plugins
Taskmgr from run prompt(very useful to see whats running and activity/performance)
Use windows search to remove unwanted files like (.mp3, .mov) & dir /s /ah > hidden.txt
Windows Security

8. Tools Malwarebytes, Housecall.Trendmicro Wireshare, Nmap
Nessus Security scanner
Microsoft baseline security analyzer
RootkitRevealer v1.71, Chkrootkit.org, Rootkit hunter(rootkit.nl)
Snort (intrudsion detection system)
** Sysinternals (process explorer) ** (svchosts detail)
Registry check (regedit) hkey_local_machine\software\microsoft\windows\currentversi on
Run and run once (verify all are legit)
Tools

9. Nexpose scanner Nexpose scan of windows7 Nexpose scan of windows2008r2
Acunetix scan of windows2008r2
Nexpose scanner

10. Windows Server Microsoft baseline security analyzer Service packs
Safemode (rootkit removal)
Registry check (regedit) hkey_local_machine\software\microsoft\windows\currentver sion
Run and run once (verify all are legit)
??shutdown even tracker gpedit.msc
IE enhanced security configuration
Server manager turn off
Use a different browser if allowed
Real difference in desktop and server is simply server deals with a larger user base, domain groups (building, campus, country)
Windows Server

11. Windows Server Security configuration wizard for hardening (MBSA)
Install latest service packs & hotfixes
Enable patch notification/updates
Set user account policies
Set user rights (deny/disable guest accounts)
12+R2+Hardening+Checklist (typical university server hardening list)
Windows Server