Remember when Windows was simple? Windows XP desktops in a little workgroup...what could be easier? A lot has changed over time. Now, we are Windows tablets, Azure, Active Directory, PowerShell, Microsoft 365 (Office 365), Hyper-V, Virtual Desktop Infrastructure and so on. Microsoft is battling Google, Apple, Amazon and other cloud giants for cloud supremacy. The trick, of course, is to do cloud securely.
Windows is the most widely used and targeted operating system on the planet. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. This course section will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work - both on-premise and in the cloud (Microsoft Azure). You will complete the section with a good solid grounding in Windows security by looking at automation and auditing capabilities for the Windows ecosystem.
- Process observation and analysis with Process Hacker
- NTFS file system practical using NTFS Permissions Reporter
- Auditing and enforcement of system baseline configurations with security templates
- PowerShell scripting and automation techniques
Module 23: Windows Security Infrastructure
This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.
- Windows Family of Products
- Windows Workgroups and Accounts
- Windows Active Directory and Group Policy
Module 24: Windows as a Service
This module discusses techniques for managing Windows systems as it applies to updates (patches) as well as new cloud-based deployment methodology (Windows Autopilot and Windows Virtual Desktop).
- End of Support
- Servicing Channels
- Windows Update
- Windows Server Update Services
- Windows Autopilot
- Windows Virtual Desktop
- Third-Party Patch Management
Module 25: Windows Access Controls
This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.
- NTFS Permissions
- Shared Folder Permissions
- Registry Key Permissions
- Active Directory Permissions
- BitLocker Drive Encryption
- Secure Boot
Module 26: Enforcing Security Policy
This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, which is the command-line version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes that can be made through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many best practice security configuration changes that they can help enforce throughout the domain.
- Applying Security Templates
- Employing the Security Configuration and Analysis Snap-in
- Understanding Local Group Policy Objects
- Understanding Domain Group Policy Objects
- Administrative Users
- Privileged Account Management
- Reduction of Administrative Privileges
- User Account Control
- Windows Firewall
- IPsec Authentication and Encryption
- Remote Desktop Services
- Recommended GPO Settings
Module 27: Microsoft Cloud Computing
Inside your LAN as well as in the cloud, you will likely have a mixture of servers. Microsoft's cloud is known as Azure. On top of Azure, Microsoft has implemented services such as Microsoft 365, Exchange Online, OneDrive, Intune, and many others. Microsoft has designed Windows 10 and later versions for integration with Azure, so Windows security includes not just Windows alone, but also Azure. It's important for your career as a security professional to understand the essential concepts of Microsoft Azure.
- Microsofts All-In Bet on Cloud Computing
- Microsoft Cloud Types: IaaS, PaaS, SaaS, and DaaS
- Microsoft Azure
- Azure Active Directory (Azure AD)
- Azure AD Single Sign-On
- Multi-Factor Authentication
- Administrative Role Reduction
- Endpoint Security Enforcement
- Microsoft Intune
- Azure Conditional Access
- Azure Key Vault
- Azure Monitor
- Azure Sentinel (SIEM and SOAR)
- Azure Policy
- Azure Security Center
Module 28: Automation, Logging, and Auditing
Automation, logging, and auditing go together because if we can't automate our work, the auditing work doesn't get done at all (or is done only sporadically). Also, if we can't automate our work, we can't make our work scale beyond the small number of machines that we can physically touch. Thankfully, modern Windows systems come with a very powerful automation capability: PowerShell. We will learn what PowerShell is and how to leverage it in our pursuit of deployment consistency, detection of change, remediation of systems, and even threat hunting!
- What Is Windows PowerShell?
- Windows PowerShell versus PowerShell Core
- Windows Subsystem for Linux (WSL)
- Automation and Command-Line Capability in Azure
- PowerShell Az Module
- Azure CLI
- Azure Cloud Shell
- Azure Resource Manager Templates
- Gathering Ongoing Operational Data
- Employing Change Detection and Analysis