Hardening Windows workstations - Australian Cyber Security documentation

Started by Dieselboy, August 21, 2020, 02:19:18 AM

Previous topic - Next topic

Dieselboy

I've recently come across the Aussie cyber sec website and this document https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-windows-10-version-1909-workstations

Lots of useful info there. I found that the UK are also publishing similar docs. A great initiative by the governments. Posting here in case you have not seen this.

icecream-guy

there is a Win 10 CIS Guideline here
https://www.cisecurity.org/benchmark/microsoft_windows_desktop/

jut gotta give up some personal info, and they email you like to download

I got it; it's like 1100 pages
:professorcat:

My Moral Fibers have been cut.

deanwebb

Only 1100 pages on how to harden Windows?

So it's an introductory primer, then...

:smug:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

Quote from: deanwebb on August 24, 2020, 12:16:39 PM
Only 1100 pages on how to harden Windows?

So it's an introductory primer, then...

:smug:

No it's a preamble to the primer ;)

deanwebb

Quote from: Dieselboy on August 24, 2020, 08:27:16 PM
Quote from: deanwebb on August 24, 2020, 12:16:39 PM
Only 1100 pages on how to harden Windows?

So it's an introductory primer, then...

:smug:

No it's a preamble to the primer ;)

:yeahright:

+1 to Mr. Diesel Boy!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

I have implemented the cyber.gov windows hardening guide. It took 50 separate Group Policy Objects to implement. I will phase in this change. So far, only myself and the finance girl are within this AD OU to get these GPOs applied - no issues.

One thing I like is that windows is using native virtualisation to imlement security with these GPOs. It seems to use a VM (secure desktop) to run the windows login window. Blocking usb storage will cause some huffs and puffs though.