Security hardening  


  1. Posts : 55
    Windows 10 LTSC (version: 1809)
       #1

    Security hardening


    Good day community,

    I wanna your kind assistance about security hardening.
    My goal is like that: 1. to encrypt all (hole) drive C and D. 2. install VM ware 16 and use it for other jobs. or for personal purposes.
    3. on main OS want to use Tor browser. chrome and Mozila got RAM hungers.

    Whats your recommendations right ways to be more secure and make system more harden? is recommended to encrypt C and D drive?

    Any suggestions would be helpful for me.

    Thanks.
      My Computer


  2. Posts : 1,747
    Windows 10 Pro x64 22H2
       #2

    Hello,
    1. Disk encryption has nothing to do with system hardening.
    2. VM ware will make your system less secure (not because it's bad but because native security enhancements related to virtualization can't be consumed by VM ware)

    on main OS want to use Tor browser. chrome and Mozila got RAM hungers
    more memory isn't a bad thing, high performance programs usually consume more memory, it's a tradeoff between executable size vs memory consumption, in both cases it's unrelated to security or system hardening.

    Whats your recommendations right ways to be more secure and make system more harden?
    You question is too general to give short or precise answer, but the shortest one you can get according to your concerns is "Tails"
    Tails - Home
      My Computer


  3. Posts : 5,213
    Windows 11 Pro 64-bit
       #3

    Please install all available important Windows updates, you can check and install Windows updates by opening "Start Menu --> Control Panel --> Windows Update" applet and click "Check for updates".


    Patch My PC Home Updater is a free, easy-to-use program that keeps over 300 apps up-to-date on your computer. It is an easy way to update or install any of these programs on your computer. It is a free and very useful tool that allows you to keep your computer secure by automatically updating older versions of installed software so that possible security vulnerabilities are patched.



    Make sure to keep your antivirus software up to date.


    You should be very careful with usage of the peer-to-peer file sharing programs, these file sharing programs are use to infect computers. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.



    Even with antivirus software watching your back, follow these rules to reduce your risk of infection:


    • Open only attachments that youíre expecting. If you receive something unexpected from a friend, donít open it. Instead, email or phone that person to ask whether he or she really sent you something. Your friendís computer might be infected and trying to infect your computer, as well.
    • Be wary of items arriving in email that ask for a click. For example, if you receive a message saying somebody wants to be a Facebook friend, donít click it. Instead, visit Facebook from your browser and look to see whether the person is listed on your ďwaiting to be friendedĒ list. The more emailed links you can avoid, the safer youíll be.
    • If you receive an important-looking email from a financial institution that asks you to click a link and type in your name and password, donít do it. Instead, visit your financial institutionís website through your web browser and log in there. Chances are good that thereís nothing wrong with your account, and that email was only trying to steal your username and password. (This type of scam is often called phishing).
    • If you prefer running a third-party antivirus programs, youíre welcome to do so. But donít run two third-party antivirus programs and firewall at same time, because they often quarrel.
    • Avoid websites that provide pirated material. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it. A good anti-virus software will do that automatically, but make sure it is being done.
    • Never use the same password, especially on your bank account. If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack your account. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Keep it easy to remember but difficult to guess. Do not use dates or pet names.
    • Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free "system scan" of some type. Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete).
    • Never use illegal file-sharing services if you do you're on your own if you enter this realm. There is little quality control in the world of illegal software, and it is easy for an attacker to name a piece of malware after a popular movie, album, or program to tempt you into downloading it.
    • No matter which browser you use, keeping it current is vital to preventing infection. Take advantage of your browser's pop-up blocking, download screening, and automatic update features.
    • You can drastically reduce the risk of an infection by knowing what and from where you are downloading a file. We recommend that you install a site advisor like Norton Safe Web or Bitdefender Traffic Light which will help you decide if the site is trustworthy or not. As a general rule itís recommended that you download files from known and reputable sites that have confirmed that the download is malware free. If you are unsure about the quality of a download, leave the site and research the software you are being asked to install. If it is OK, you can always come back to site and install it. If it is not OK, you will avoid a malware headache.
      My Computer


  4. Posts : 55
    Windows 10 LTSC (version: 1809)
    Thread Starter
       #4

    Thanks for your kind support guys.
      My Computer


  5. Posts : 5,213
    Windows 11 Pro 64-bit
       #5

    You are very welcome!
      My Computer


  6. Posts : 7,736
    Windows 11 Pro 64 bit
       #6

    I expect the likes of NSA & GCHQ will still be able to penetrate your defences
      My Computers


  7. Posts : 5,398
    Windows 11 Home
       #7

    Set UAC to max, that is basics, it prevents most of the elevation bypasses malware uses.

    https://devblogs.microsoft.com/oldne...16-00/?p=94105


    I would say, that the secure DNS is the start, basically all infections start with a link.
    Malware DNS blocking can also prevent some ransomware from working.

    Quad9 blocks about 95% threats, Cloudflare (1.1.1.2) about 50%.Security hardening-mdbr-flowchart.png


    But lets not forget, that security hardening = disabling features, so it might break some functionality.
    Security hardening-security-triangle.png

    For example disabling WSH (scripts like VBS) will literally disable about 50% malware.
    Code:
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\WOW6432Node\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Security hardening-camp_02.png

    Restricting powershell will also help a little bit.

    Disabling PowerShell and Other Malware Nuisances, Part I

    Code:
    reg add "HKLM\Software\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
    reg add "HKLM\Software\WOW6432Node\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
    reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d "0" /f
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v "__PSLockDownPolicy" /t REG_SZ /d "4" /f
    %WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe "Set-ExecutionPolicy bypass - noprofile"
    There are also some tools you can use, but use with caution and always backup before any changes!

    Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

    Harden Windows Settings with SysHardener | NoVirusThanks
      My Computer


  8. Posts : 55
    Windows 10 LTSC (version: 1809)
    Thread Starter
       #8

    Your guides are useful. I have MS defender + Adguard licensed, Malwarebytes free . also protonVPN free too.
      My Computer


  9. Posts : 5,398
    Windows 11 Home
       #9

    You can use ConfigureDefender to polish it's settings.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:47.
Find Us




Windows 10 Forums