beerisgood / Windows10_hardening
Licence: gpl-3.0
My Windows 10 x64 security hardening guide
Stars: ✭ 78
Projects that are alternatives of or similar to Windows10 hardening
Windows11 Hardening
My Windows 11 x64 security hardening guide
Stars: ✭ 267 (+242.31%)
Mutual labels: windows10, hardening, security-hardening
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+10215.38%)
Mutual labels: hardening, security-hardening
Privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
Stars: ✭ 221 (+183.33%)
Mutual labels: windows10, security-hardening
terraform-aws-secure-vpc
A terraform module to create a VPC with secure default configurations.
Stars: ✭ 13 (-83.33%)
Mutual labels: hardening, security-hardening
How To Secure A Linux Server
An evolving how-to guide for securing a Linux server.
Stars: ✭ 11,939 (+15206.41%)
Mutual labels: security-hardening, hardening
Hardentheworld
Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
Stars: ✭ 158 (+102.56%)
Mutual labels: security-hardening, hardening
nim-contra
Lightweight Self-Documenting Design by Contract Programming and Security Hardened mode.
Stars: ✭ 46 (-41.03%)
Mutual labels: hardening, security-hardening
Terraform Aws Secure Baseline
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (+664.1%)
Mutual labels: security-hardening, hardening
Snuffleupagus
Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
Stars: ✭ 509 (+552.56%)
Mutual labels: security-hardening, hardening
Jshielder
Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
Stars: ✭ 483 (+519.23%)
Mutual labels: security-hardening, hardening
Windows 10 Hardening
Windows 10 hardening guide without gimmicks
Stars: ✭ 102 (+30.77%)
Mutual labels: security-hardening, hardening
Stronghold
Easily configure macOS security settings from the terminal.
Stars: ✭ 813 (+942.31%)
Mutual labels: security-hardening, hardening
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+1462.82%)
Mutual labels: security-hardening, hardening
Ansible Role Hardening
Ansible role to apply a security baseline. Systemd edition.
Stars: ✭ 188 (+141.03%)
Mutual labels: security-hardening, hardening
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+5747.44%)
Mutual labels: security-hardening, hardening
Hardening
Hardening Ubuntu. Systemd edition.
Stars: ✭ 705 (+803.85%)
Mutual labels: security-hardening, hardening
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+11614.1%)
Mutual labels: security-hardening, hardening
Centos7 Cis
Ansible CentOS 7 - CIS Benchmark Hardening Script
Stars: ✭ 64 (-17.95%)
Mutual labels: security-hardening
Sshd config
K4YT3X's Hardened OpenSSH Server Configuration
Stars: ✭ 49 (-37.18%)
Mutual labels: hardening
This awesome tool is highly recommend
Requirements
- [x] Standards for a highly secure Windows 10 device
- [x] System up2date with latest Windows 10 stable version
- [x] (default activated) internal Windows Defender protection instead of external "Security" solutions
- [x] Latest Driver and Program updates
- [x] No "Tuning" tools (not even stuff like Ccleaner!)
- [x] Only necessary programs / apps / games which you realy need
- [x] Hardware Requirements for System Guard / Hardware-based Isolation
- [x] Hardware Requirements for Memory integrity
- [x] Hardware Requirements for Windows Defender Application Guard (WDAG)
- [x] Hardware Requirements for Windows Defender Credential Guard
Hardening
- [x] set User Account Control (UAC) to maximum
- [x] use Software Restriction Policies (SRP) with a default-deny mode
- [x] use Defender Firewall with Advanced Security
- [x] Always display file type extension
- [x] Manage Windows Defender Credential Guard
- [x] Install Windows Defender Application Guard (WDAG)
- [x] Enable Memory integrity (HVCI)
- [x] Enable Network Protection (NP)
- [x] Enable SmartScreen and enable SmartScreen Log
- [x] Enable Controlled Folder Access (CFA)
- [x] Enable Attack Surface Reduction rules (ASR)
- [x] Harden Address Space Layout Randomization (ASLR)
- [x] Enable System Guard Secure Launch
- [x] Enable cloud-delivered protection
- [x] Activate Potentially unwanted applications (PUA) protection
- [x] Enable Bitlocker Encryption with Startup PIN & read about Countermeasures and reduce DMA threats
- [x] Use Windows Sandbox for unknown/ untrusted binarys - you can use it with right click menu!
- [x] Enable sandboxing for Windows Defender Antivirus
- [x] Only elevate executables which are signed and validated
Further Hardening
- [ ] Specify the cloud-delivered protection level
- [ ] Configure Exploit Protection
- [ ] Microsoft recommended block rules
- [ ] Control USB devices and other removable media
- [ ] UEFI Hardening (NSA Defensive Practices Guidance) PDF & Hardware-and-Firmware-Security-Guidance
- [ ] Hardware and Firmware Security Guidance for Windows & AMD CPUs - you will find more in the overview
- [ ] Deploy Windows Security Baselines and keep it up2date
For Enterprise/ Company only
- [ ] Application Control (WDAC)
- [ ] Enterprise Certificate Pinning
- [ ] Block untrusted fonts in an enterprise
- [ ] Web protection
- [ ] Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
- [ ] Manage Windows Hello for Business
- [ ] Protect against DLL Search Order Hijacking
Test Config
- Validate connections between your network and the Windows Defender Antivirus cloud service
- Verify client connectivity to Microsoft Defender ATP service URLs
- Validate Windows Defender Tamper protection
- Confirm and validate that Defender "Block at First Sight" (BAFS) is enabled
- Windows Defender Testground
- Windows Defender SmartScreen Demo Pages
- Validate your Kernel DMA Protection
- Test your Antimalware Scan Interface (AMSI)
- Test your Network protection
Reading Material:
- https://github.com/stoptracking/windows10
- https://github.com/frizb/Windows-Privilege-Escalation
- https://github.com/LOLBAS-Project/LOLBAS
- https://github.com/api0cradle/UltimateAppLockerByPassList
- https://trustedwindows.wordpress.com/
- https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
- https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
- https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
- https://docs.microsoft.com/en-us/windows/security/
- a picture about Microsoft Defender local and cloud script protection
- a picture about Attack Surface Reduction (ASR) Rules
- Security Unlocked - The Microsoft Security Podcast
- How the hell WD works on Windows Home & Pro documentation from AndyFul
- Windows AppContainer Isolation - what it does? from AndyFul
- Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
- Windows Defender Application Control (WDAC) Resources
- Why UAC is important at maximum (not default) level: 1, 2, 3, 4, ..
- Testing DLL Search Order Hijacking against security features from AndyFul
- Analysis of Windows 10 - OS Architecture
- Analysis of TPM Integration and UEFI "Secure Boot" in Windows 10
- Analysis of Virtual Secure Mode
- Analysis of Device Guard
- Analysis of Powershell and Windows Script Host
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].