Mastering Windows Security and Hardening Overview: Who is this book for?
I have been asked several times who this book is for. To help answer the question, I'm hoping this article will help provide a better understanding on the audience for this book. In addition, I would like to provide a brief overview of what is included in this book to provide more visibility into what to expect.
First, this book is written primarily for the those in the following roles:
To be more specific, this book will provide value to those looking to enter the cybersecurity field, entry level professionals, as well as well seasoned professionals. This book is part of the Mastering series so there is advanced concepts and exercises provided. Although the book does contain advanced concepts and exercises, it also provides a solid foundation for anyone learning to better understand everything involved in securing Windows.
We don’t only focus on Windows itself, but all other layers that need to be considered for securing Windows including frameworks and baselines, hardware and virtualization, identity and access management, networking, operations, testing, auditing and much more. The book is written to help build your Windows security program around that of a broader mindset, and in order to do that, you need to understand the basics and foundational concepts of security in general.
No matter what your level of expertise is, you will gain something from this book.
To help provide you with a better understanding of what is included in this book, the following is a brief overview of each chapter:
Part 1: Getting Started and Fundamentals?
Chapter 1, Fundamentals of Windows Security, introduces the security world within IT and the enterprise. It will cover how security is transforming the way we manage technology and discuss threats and breaches relevant within the world today. We will look at current challenges organizations face and discuss a concept known as zero trust.
Chapter 2, Building a Baseline, provides an overview of baselining and the importance of building a standard that’s approved by leadership and adopted by everyone. We will cover what frameworks are and provide an overview of the more common frameworks used in securing and hardening an environment. We will then look at operational best practices within enterprises and cover the importance of change management to ensure anything that falls outside the scope of policy receives the correct approvals.
Chapter 3, Hardware and Virtualization, provides an overview of physical servers and virtualization. The chapter will cover hardware certification, enhancements in hardware security, and virtualization-based security concepts to secure and harden devices including overviews of BIOS, UEFI, TPM 2.0, Secure Boot.
Chapter 4, Network Fundamentals for Hardening Windows, provides an overview of networking components and its role in hardening and securing your Windows environment. You will learn about the software-based Windows Defender Firewall and how to configure it on Windows devices. Additionally, you will be provided with the knowledge around network security technology from Microsoft as it relates to Windows VMs running in Azure.
Chapter 5, Identity and Access Management, provides a comprehensive overview of identity management and the importance it plays in securing Windows systems. Identity has become the foundation of securing users – this chapter will cover everything you need to do within the identity and access management area. We will provide details on account and access management, authentication, MFA, passwordless authentication, conditional based access controls, and identity protection.
Part 2: Applying Security and Hardening?
Chapter 6, Administration and Policy Management, provides details about different methods for the administration and modern management of Windows endpoints. You will be provided with the knowledge needed to ensure best practices are applied including topics around enforcing policies and security baselines with Configuration Manager and Intune.
Chapter 7, Deploying Windows Securely, provides an overview of the end user computing landscape. We will discuss device provisioning, upgrading windows and building hardening images. You will learn about modern methods used to deploy Windows using Intune and Windows Autopilot and deploying images in virtualized Windows environments.
Chapter 8, Keeping your Windows Client Secure, covers Windows clients and the concepts used to keep them secure and updated. You will learn how to stay updated with Windows Updates for Business, protect data with BitLocker encryption, enable passwordless sign-in with Windows Hello for Business, and how to enforce policies, configurations and security baselines.
Chapter 9, Advanced Hardening for Windows, provides a comprehensive review of advanced hardening configurations that are applied to Windows clients to protect enterprise browsers, secure Microsoft 365 apps, and apply zero-trust security principals to reduce the attack surface. You will learn advanced techniques for applying policies to 3rd party products using Intune, how to enable advanced features of Microsoft Defender to protect against unwanted apps, ransomware, and enable hardware-based virtualized isolation for Microsoft Edge and Office. You will also learn how to enable a removable storage access control policy to protect against data loss with removable media.
?Chapter 10, Mitigating Common Attack Vectors, covers common attack techniques used by attackers to intercept communications and try to move laterally throughout the network.?You will learn different types of Adversary-in-the-Middle attacks and how to prevent them as well as ways to protect against lateral movement and privilege escalation through Kerberos tickets. You will also learn about Windows privacy settings to safeguard users’ privacy from apps and services that run on Windows clients.
Chapter 11, Server Infrastructure Management, provides an overview of the data center and cloud models that are used today. We will then go into detail on each of the current models as they pertain to the cloud and review secure access management to Windows Server. We will also provide an overview of Windows Server management tools, as well as Azure services for managing Windows servers.
Chapter 12, Keeping your Windows Server Secure, looks at the Windows Server OS and introduces server roles and the security-related features of Windows Server 2022. You will learn about techniques used to keep your Windows server secure by implementing Windows Server Update Services (WSUS), Azure Update Management, onboarding machines to Microsoft Defender for Endpoint, and enforcing a security baseline. You will also learn how to implement application control policies and PowerShell security.
Part 3: Protecting, Detecting, and Responding for Windows Environments?
Chapter 13, Security Monitoring and Reporting, talks about the different tools available that collect telemetry data as well as insights and recommendations for securing your environment. This chapter will inform you about the ways in which to act on these recommendations. Technologies covered include Microsoft Defender for Endpoint, Azure Log Analytics, Azure Monitor, and Microsoft Defender for Cloud.
Chapter 14, Security Operations, talks about the security operations center (SOC) in an organization and discusses various tools used to ingest and analyze data to detect, protect, and alert you to incidents. Technologies covered include Extended Detection and Response (XDR), the Microsoft 365 Defender Portal, Microsoft Defender for Cloud Apps, Defender for Cloud, Microsoft Sentinel, and Microsoft Defender Security Center. This chapter also talks about data protection with Microsoft 365 and the importance of ensuring up-to-date business continuity and disaster recovery plans are in place.
Chapter 15, Testing and Auditing, discusses validating controls are in place and enforced. You will learn about the importance of continual vulnerability scanning and the importance of penetration testing to ensure the environment is assessed in terms of protecting against the latest threats.
Chapter 16, Top 10 Recommendations and the Future, provides recommendations and actions to take away after reading this book. It also provides some insight into the direction of where the future of device security and management is headed, and insights into our thoughts on the importance of security in the future.
The Second Edition is scheduled to be released in July and you will be able to pick up a copy on the Packt or Amazon websites.
If you have any questions or would like additional information on the book, please feel free to reach out.