i p sec
i. P sec is a set of industry standard cryptography based protection service is in protocols that can protect data in transit through a network by providing authentication, integrity, checking and encryption for all I P protocols. Except for AARP,
because all network traffic is protected as an administrator, you do not have to configure security for individual programs. It protects all the traffic going from the computer.
You can also use I p sac to encrypt communications between machines on your network using a VPN server,
securing II S or the Internet Information Server. I *** hasn't always had a very good reputation in the security world, contending containing many downright dangerous default configurations. But it has improved greatly with the new releases. I s 8.5 and I s 10.
Even with better default configurations, it's important to further hard on the platform as much as you can as it is the gateway into your network.
The first thing you should do too hard and I I s is you should disable and remove any unused or unwanted modules which reduces the overall attack surface.
Next, you want to make sure to retune routinely audit users and groups.
Really, you should do this in any environment, but it's especially important in I I s as well.
Http. Request filtering can mitigate threats like sequel injection in other potentially harmful Web requests.
Dynamic i p. Address restrictions. Use the requesters I p address in domain name to determine whether or not to restrict access preventing unauthorized access
whenever possible. It's important to isolate your Web applications in I. I s You don't want them all running on the same instance.
And, as always, it's it's always important to stay on top of patching. Remember, most exploits were tarting patches that are over a year old, so staying on top of patches really reduces your attack surface in the likelihood that you'll be breached.
Securing our DP one of the first steps and securing our DP is restricting access to only the accounts that require it. This could be done through group policy.
While you're modifying your group policy, it's important to set a strong password policy as well. Remember, the more characters there are, the harder it is to crack. Most of the time,
you also learn more about passwords in our password cracking module later in the course
when you're in your group policy settings, you should also set an account lockout policy, which will prevent, or at least slow down, most brute force attacks
again. Patching you really need to patch all of your software. Already. P components are updated automatically in the standard Microsoft Patch cycle, so you want to make sure you're following that. And it's important that you always keep your software and operating system up to date.
You can use most host level firewalls and network firewalls to restrict access to our DP via the default port 33 89 or any other port you'd like to set it up to use.
Network level authentication is enabled by default and Windows seven Ah and above. But you'd be surprised at how many people actually disabled, whether it's for troubleshooting or they just don't know what they're doing. Disabling. It's a terrible idea.
You can change the default listing port in the Windows Registry toe, help hide the service from people that maybe ah, scanning your network.
Most importantly, if you're not using, um, Windows Rdp,
you shouldn't have enabled disable where it's not in use that way. That attack vector is completely gone
In this module, we learned quite a bit about hardening the Windows operating system. We talked about the NBS a or Mike soft baseline security analyzer, and how that was used to verify patch levels and how you can write your own script to do the same thing on a modern operating system.
We talked about the Windows security infrastructure and how Miss Configurations, especially default ones,
can lead to huge security gaps. We also in over several Windows Network service is and how to secure and manage those.
Then we talked about the Mikes off Security Suite, which is built into the operating system, and that included the Windows Firewall and Windows Defender
In the next month. Well, we're going to be going over Lennox security and things you can do to protect your Lennox machines. But first we've got a quick quiz
question. One. Pam clicked on another pop up, which downloaded known adware. What built in security feature could have protected her machine from this known adware. Is it a the N B s a B E met, see Windows defender
or D patching?
That's right. Windows defender should be turned on and it would have blocked that known adware. But again, all those other options are definitely good options. To help secure her operating system
while configuring your firewall, you'd like to block access to our DP. Which port should you block if our DP was set to use the standard listening poor?
And I think we mentioned this just once, so I'll give you a second to think about it.
And yes, it's de um the default port for RTP is 33 89.
What is one of the most important things you can do too hard in your Windows operating system while keeping it fully functional? Is it a patching it
being keeping it turned off?
See installing as many antivirus products as you confined
or D block all incoming and outgoing traffic with the Windows firewall,
and that's pretty easy. One. That's Ah, patches. Patching is one of the most important things you can do to harden, not just specifically your Windows operating system, but really any operating system. Keeping your things up to date makes it a lot harder for Attackers to get in