EMET removal, turning on security auditing

EMET is not supported anymore.
master
six 3 years ago
parent c0b6bc871a
commit 31de901706

@ -12,12 +12,11 @@ Windows 8 and Windows 10 hardening
3. AppLocker configuration, preferably with cert based limits - dll based makes the system too slow.
4. Disable the automatic leaking of NetNTLM hashes of any user by lnk/url files (see "References" for the fix and note that, if the link is opened it may still leak).
5. Disable powershell for standard users with applocker. You can also try the powershell restrictions, but these are easy to bypass.
6. EMET for antiexploitation (take time to configure the applications, don't just use the default ones).
7. Install applications with different users for application separation.
8. Do not install applications with elevated privileges.
9. No antivirus or similar "security product" for experienced users - these often pose higher risks, list below. For standard users, it may worth thinking about it.
10. If you use the computer for browsing, make sure the browser is hardened (eg. NoScript, Request Policy..etc)
6. Install applications with different users for application separation.
7. Do not install applications with elevated privileges.
8. No antivirus or similar "security product" for experienced users - these often pose higher risks, list below. For standard users, it may worth thinking about it.
9. If you use the computer for browsing, make sure the browser is hardened (eg. NoScript, Request Policy..etc)
10. Turn on security auditing (process tracking, logon events, etc)
=====
Important practices in order to stay secure
@ -32,7 +31,6 @@ Note for privacy: enterprise version of Windows is preferred. The "home" edition
=====
References
AppLocker https://technet.microsoft.com/en-us/library/dd759117.aspx
EMET https://microsoft.com/emet/
Obscure fix for NetNTML leaking by lnk/url: https://support.microsoft.com/en-us/kb/968389
Browser "security" https://securityinabox.org/en/guide/firefox/windows

Loading…
Cancel
Save