Windows 7 Stripping & Hardening, Part 2: Hardening Procedures

Windows 7 Stripping & Hardening, Part 2

Hardening Procedures

Andrea Covello
von Andrea Covello
Lesezeit: 6 Minuten

Hardening procedures are the most interesting and scaring thing to do in ICT security. Interesting because it requires not only deep knowledge of the system and/or application architecture, but also a deep knowledge of security related concepts.

On the other side it might be scary because you are going to touch deep into the system configuration and every single mistake could lead to a complete system or application failure. System administrators who just managed to make a system work as required would say: “Don’t touch a running system!” And guess what? They are right!

Because hardening should be a procedure that is implemented during the system engineering and not after everything is up and running. Anyway, most of the time the ideal way is not the one we may find and have to deal with it. In this case, before any attempt to harden is made, a system replica (virtual or physical) must be created and used as playground. Ideally you’ll test on virtual machines that allow you to take several snapshots of the data environment allowing to step back easily in case to total failure.

Now talking about Windows 7, Microsoft did a great job in making documents and tools to address security in general and hardening in particular. Microsoft has developed a framework to help business companies to be compliant to legal regulation (like SOX, HIPAA, PCI-DSS, …) and those regulations also requires baselines for operating system and application. The name of this framework is SCM (Security Compliance Manager) – On the other side we can also do hardening the old style: making everything by hand.

Hardening Procedure using SCM

The SCM toolset has following features:

At the end you’ll get computer policies that can be used locally or imported to the Active Directory allowing to enforce Registry and File system settings. This helps in avoiding making all the changes by hand; it also permits to quickly revert any parameter to its original value (and this is very nice).

Once SCM is downloaded and installed, you’ll get access to several Security Guides like:

plus documentation on Windows Server, Exchange and Office security. Those guides are not only for technical settings but also handles security design issues allowing a good foundation for security plan and deployment.

The SCE tool itself has a central management console and has a windows 7 MMC like GUI.

Microsoft Security Compliance Manager

If you would like to see how it works I suggest you check this well made video that gives you a good introduction on how the toolset works.

Hardening Procedure on Windows 7

I’ll highlight the main settings areas of the hardening procedures in Windows 7:

Settings Description
Audit Policy Before we can secure we need to see what is happening or has happened, therefore we need to activate security event recording
User Rights User rights should be assessed and use minimum privileged user for daily tasks
Security Options These are the configurations that we can deploy best via baselines tools like SCM (services to run, network parameters, …)
Authentication Reducing the NTLM authentication and setting an adequate password policy is one of the most tangible effects for workstation security
Event Logging After we make sure the system is reporting security events we need to make sure that those logs are available and tamper proof
Firewall The new firewall is capable of filtering IN/OUT packets making a prerequisite for strong security policy on application access, therefore every application should be monitored and be allowed to access only what it really needs to
Update Windows automated update policy is a must
File Sharing A workstation should not share any file and configuration setting to assure the confidentiality of accessed files must be in place (SMB security)
Malware detection Windows offers a basic malware detection tool, and at least this should be used although better solutions are available by security vendors

Summary

In this article we covered Hardening Procedures for Windows 7 using SCM, next month we’ll focus on other hardening methods, stay tuned!

Über den Autor

Andrea Covello

Andrea Covello ist seit den 1990er Jahren im Bereich der Informationssicherheit tätig. Seine Schwerpunkte liegen traditionell im Engineering, wobei er als Spezialist im Bereich Windows-Sicherheit, Firewalling und Virtualisierung gilt.

Links

Sie wollen die Sicherheit Ihrer Firewall prüfen?

Unsere Spezialisten kontaktieren Sie gern!

×
TIBER-EU Framework

TIBER-EU Framework

Dominik Altermatt

Vertrauen und KI

Vertrauen und KI

Marisa Tschopp

Datenverschlüsselung in der Cloud

Datenverschlüsselung in der Cloud

Tomaso Vasella

Cyber Threat Intelligence

Cyber Threat Intelligence

Marc Ruef

Sie wollen mehr?

Weitere Artikel im Archiv

Sie brauchen Unterstützung bei einem solchen Projekt?

Unsere Spezialisten kontaktieren Sie gern!

Sie wollen mehr?

Weitere Artikel im Archiv