From 31de901706075230b1aa55b7a4cc25d873c65b95 Mon Sep 17 00:00:00 2001 From: six Date: Wed, 13 May 2020 12:13:13 +0200 Subject: [PATCH] EMET removal, turning on security auditing EMET is not supported anymore. --- windows_hardening.txt | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows_hardening.txt b/windows_hardening.txt index a8739fc..99458f8 100644 --- a/windows_hardening.txt +++ b/windows_hardening.txt @@ -12,12 +12,11 @@ Windows 8 and Windows 10 hardening 3. AppLocker configuration, preferably with cert based limits - dll based makes the system too slow. 4. Disable the automatic leaking of NetNTLM hashes of any user by lnk/url files (see "References" for the fix and note that, if the link is opened it may still leak). 5. Disable powershell for standard users with applocker. You can also try the powershell restrictions, but these are easy to bypass. -6. EMET for antiexploitation (take time to configure the applications, don't just use the default ones). -7. Install applications with different users for application separation. -8. Do not install applications with elevated privileges. -9. No antivirus or similar "security product" for experienced users - these often pose higher risks, list below. For standard users, it may worth thinking about it. -10. If you use the computer for browsing, make sure the browser is hardened (eg. NoScript, Request Policy..etc) - +6. Install applications with different users for application separation. +7. Do not install applications with elevated privileges. +8. No antivirus or similar "security product" for experienced users - these often pose higher risks, list below. For standard users, it may worth thinking about it. +9. If you use the computer for browsing, make sure the browser is hardened (eg. NoScript, Request Policy..etc) +10. Turn on security auditing (process tracking, logon events, etc) ===== Important practices in order to stay secure @@ -32,7 +31,6 @@ Note for privacy: enterprise version of Windows is preferred. The "home" edition ===== References AppLocker https://technet.microsoft.com/en-us/library/dd759117.aspx - EMET https://microsoft.com/emet/ Obscure fix for NetNTML leaking by lnk/url: https://support.microsoft.com/en-us/kb/968389 Browser "security" https://securityinabox.org/en/guide/firefox/windows