Skip to main content

πŸ’ͺ Device Hardening

The process of security by reducing its surface of vulnerability.

- Eliminating as many security risks/flaws as possible
- Achieved by removing all non-essential software programs and utilities
- Removing default settings
- Applying advanced configurations to restrict access


Here are some ways to harden a system:

  1. BIOS/UEFI
  2. Built into Windows 10
  3. Group policy
  4. Registry

BIOS/UEFI​

- Password protected
- Enable secure boot-UEFI only
- Disable ports such as front USB
- Enable chassis intrusion detection
- Install BIOS and UEFI firmware updates

Built into Windows 10​

- Enable passwords for all accounts
- Set a password with your screensaver
- Enforce password policies
- Turn on Windows Firewall
- Disable remote access
- Enable or install antivirus protection tools
- Enable windows updates
- Encrypt storage media
- Switch off unused services and ports
- Remove old device drivers/unused hardware
- Apply principle of least priveledge
- Lock down features and tools such as gpedit.mdc

Group Policy​

This is controlled by gpedit.msc

- Restrict access to control
- Block Command Prompt
- Prevent software installations
- Disable forced restarts
- Disable automatic driver updates
- Disable removable media drives
- Hide balloon and toast notifications
- Remove onedrive

Registry​

- This is a set of database settings and opeions installed on all versions of windows
- Hives, leys, strings structire
- The regedit allows values to be changed
- Windows features can be enabled and disabled


SOP​

It can also help to have a Standard Operating Procedure

PowerPointhttp://cdn.nayan.gq/Hardening%20New.pptx