- Mastering Windows Security and Hardening
- Mark Dunkerley Matt Tumbarello
- 460字
- 2021-06-18 18:37:59
Building baseline controls
Moving on, we will cover some more details about the baseline controls that can be used o your Windows devices. Here, we will cover the following:
- Center for Internet Security (CIS?)
- The Windows security baselines
CIS
First, we will look at CIS. You may already be familiar with CIS and you will often see CIS listed on a lot of lists of the most preferred frameworks, although it's not a full comprehensive framework like the others that we previously listed. Instead, CIS is more of a tactical compilation of controls and guidelines that allows organizations to meet the requirements of a chosen framework. The following screenshot is of the current CIS home page and can be reached by going to https://www.cisecurity.org/:
Figure 2.5 – The CIS home page
CIS is a non-profit organization comprising a global community to provide protection against the ongoing cybersecurity threat landscape. More specifically, the CIS mission is as follows:
- To identify, develop, validate, promote, and sustain best-practice solutions for cyber defense
- To build and lead communities to enable an environment of trust in cyberspace
Tip
To learn more about CIS, go to https://www.cisecurity.org/about-us/.
CIS has an overwhelming number of tools and resources available, many of them being free of charge. More specifically, CIS provides two sets of best practices that are widely adopted throughout the world: CIS controls? and CIS benchmarks?. CIS controls are a broader set of 20 foundational and advanced controls that provide a more comprehensive approach to overall security protection for your organization, whereas CIS benchmarks are focused more on the specific strengthening of your systems, software, and networks.
Tip
The CIS cybersecurity best practices can be found at https://www.cisecurity.org/cybersecurity-best-practices/.
Next, let's look at the security baselines that are specifically for Windows and the tools we can use to enforce them.
Windows security baselines
Next, we will look at the Microsoft options for baseline controls. As part of their services, Microsoft offers Windows security baselines that provide recommended configurations to provide additional hardening of your Windows systems. The Windows security baselines apply to the following:
- Windows 10
- Windows Server
- Office 365 ProPlus
To give you an idea of the complexity of securing Windows, there are over 3,000 GPO settings for Windows 10 and over 1,800 for Internet Explorer 11. This clearly shows the need to leverage predefined baselines to help strengthen your Windows devices. The more common Microsoft tools used to implement these baselines consist of the following:
- Microsoft Intune
- GPOs
- Microsoft Endpoint or System Center Configuration Manager
Tip
Go to the following link to view additional information on Windows security baselines: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines.
In the next section, we will discuss implementing a baseline using the CIS benchmarks and the Microsoft Security Compliance Toolkit (SCT).