SE-400
WINDOWS OS HARDENING

2 Days

Tuition: $1190

Target Audience: System Administrators, Security Auditors, IT Managers


Prerequisites:

  • Intermediate or Advanced Network and Systems Admin experience
  • Network Intrusion Protection course
  • Security Penetration Testing course (recommended)

As a result of completing this course, the student will be able to:

  • Change default configuration settings to strengthen security
  • Identify and disable unnecessary services
  • Modify security settings via the registry/group policies
  • Deploy Software Restriction Policies to prevent malware from running

Student Materials:

  • Binder of printed overheads & labs
  • Reference Book: Hardening Windows Systems (McGraw-Hill Osborne)

Password Security

·         Disabling LanMan Hashes

·         LanMan Authentication Level

·         Strong Passwords via Password Policies

·         Account Lockout

·         Locking Out the Built-in Administrator Account over the Network

·         Disabling the Built-in Administrator Account

·         Preventing Reboots using Physical Access

·         Network Encryption

Disabling Services

·         Default Services on Clean Operating Systems

·         Minimum Services Needed

·         Service Privilege Level

·         File and Printer Sharing

·         Remote Procedure Call

·         RunAs

·         Others

Restricting User Abilities

·         Changing Default NTFS File Permissions

·         Changing Default Registry Key Permissions

·         Pushing Out Permissions via Group Policies

·         Changing Default User Rights

·         Software Restriction Policies

·         Restricted Groups

Disabling Hardware

·         BIOS disabling of physical ports

·         BIOS password

·         Disabling CDROM & Floppy Access

·         Disabling Autorun of CD-ROM & USB Drives

·         Physical Restrictions to Prevent Tampering/Theft

Miscellaneous Security Options

·         Restrict Anonymous Lockdown

·         Remove Name of Last User at Logon Screen

·         Legal Warning at Logon Screen

·         SMB Digital Signing

·         Clear Paging File

·         Others

Automatic Updates with WSUS

·         Configuring a WSUS server

·         Enabling Clients for WSUS

·         Patch Verification with MBSA or HFNetChkPro

 Summary List of Lab Exercises/Tools:

·         XCACLS permission tool

·         WSUS server & client configuration

·         MBSA, HFNetChkPro

·         Registry editing

·         Group Policy Editing

Home
Solaris Programming Microsoft Desktop Linux Cisco Security
About SYSTEMS Computer Training
Contact Us


© 2003-2004  SYSTEMS Computer Training, A Testmasters Company

Solaris and Java are registered trademarks of Sun Microsystems.