Windows system security hardening analysis
Minimized installation
In order to improve the security of the system, it is the most reliable to install in the minimized mode, and only install the components necessary for network services. If there are new service requirements in the future, install the corresponding service components and perform security settings in time.
The system hardening work
strengthens the security of the Windows system. The system hardening work mainly includes account and authentication security configuration, log security configuration, network security configuration, file permission configuration, service security configuration and other security option configurations, etc., so that the operating system Become more secure and reliable, and provide a good environment platform for future work.
Windows system security concept
The security protection research of the operating system usually includes the following aspects.
(1) Security functions and security services provided by the operating system itself. The current operating system itself often provides certain security services such as access control, authentication and authorization.
(2) For various commonly used operating systems, carry out relevant configurations so that they can correctly deal with and defend against various intrusions.
(3) Ensure that the network services provided by the operating system itself can be safely configured.
Only authorized users, or processes running on behalf of that user, can read, write, create, or delete information.
Account management and authentication and authorization
The use of accounts and passwords is usually a default protection measure for many systems. In fact, there are many users whose passwords and passwords are easy to guess, or use system preset passwords, or even no passwords.
Users should avoid using inappropriate passwords, system default passwords, or use blank passwords. You can also configure local security policies to require passwords to meet security requirements.
Authentication authorization is when the system verifies the user's credentials, such as username/user ID and password, to verify the user's identity. Authorization, on the other hand, is what ultimately grants a user permission to access system resources (like information, files, databases, money, locations, pretty much anything) after the system has successfully authenticated the user's identity.
Manage account
Rename Administrator, disable GUEST
Description:
The Administrator account is the default system administrator account of the Microsoft operating system, and this account cannot be disabled, and illegal intruders can brute force guess the password of this account.
Guest account, the so-called guest user. The guest account allows other computer users to temporarily access your computer to perform harmful functions such as shutting down the system and viewing system logs.
Purpose of implementation:
The administrator account is easy to be guessed; the Guest account is easy to be illegally used. For the administrator account, it is required to change the default account name and disable the guest (guest) account to improve system security.
Implementation steps:
Go to "Control Panel->Administrative Tools->Local Security Policy", in "Local Policy->Security Options", find: "Account:
Rename Administrator Account", right-click to rename;
"Account: Guest User Status :", right click "Disabled".
Judgment basis for system changes
Go to "Control Panel->Administrative Tools->Computer Management", in "System Tools->Local Users and Groups", record the current user status, and check the changes.
The system does not display the last login account name
Description:
By default, the last login account name will be displayed in the login dialog box.
This makes it easy for illegal intruders to obtain some account names of the system, and then do password guessing, thus bringing certain security risks to the system.
Implementation purpose:
It can be set to not display the last login account name when logging in to solve this problem.
Implementation steps:
Go to "Control Panel->Administrative Tools->Local Security Policy", in "Local Policy->Security Options", find: "Interactive logon: Do not display the last user name" -> Right-click "Enabled".
Clear system invalid accounts
Description:
If invalid accounts are not cleared, the system will face the risk of illegal use of the default account.
Implementation purpose:
delete or lock accounts that are not related to work such as equipment operation and maintenance, and improve system account security.
Implementation steps:
Enter "Control Panel->Administrative Tools->Computer Management", and in "System Tools->Local Users and Groups", delete or lock accounts that are not related to work such as equipment operation and maintenance.
System status:
Enter "Control Panel->Administrative Tools->Computer Management", in "System Tools->Local Users and Groups", check and judge whether it has been deleted or locked according to system requirements and actual business conditions and equipment operation, maintenance, etc. Accounts not related to work.
Assign accounts according to user types
Description:
Accounts are confused, permissions are not clear, and there is a possibility that users may use them beyond their rights.
Implementation purpose: assign accounts according to users. Set different users and user groups according to business requirements.
For example, admin user, database user, audit user, guest user, etc.
Implementation steps:
Enter "Control Panel -> Administrative Tools -> Computer Management", in "System Tools -> Local Users and Groups".
Combined with the requirements and actual business conditions to judge whether it meets the requirements, according to the requirements of the system, set different accounts and account groups, administrator users, database users, audit users, and guest users.
System status:
Enter "Control Panel->Administrative Tools->Computer Management", in "System Tools->Local Users and Groups", check accounts and account groups, administrator users, database users, Audit users, guest users, etc.
Configure Password Policy
Description:
Implementation purpose:
Set password policy to reduce password security risks;
prevent the existence of weak passwords in the system and reduce security risks.
For devices using static password authentication technology, the password length should be at least 6 characters, and the password rules should at least use letters (interleaved with upper and lower case) plus numbers and punctuation marks (including wildcards).
Implementation steps:
Enter "Control Panel->Administrative Tools->Local Security Policy", in "Account Policy->Password Policy", select "Enabled" for "Password must meet complexity requirements", and set your own password policy.
For devices using static password authentication technology, the account password retention period should not be longer than 90 days, and other recommended password settings are as follows:
Configure Account Lockout Policy
Description:
Increase the success rate of system password cracking by brute force.
Implementation purpose:
For devices using static password authentication technology, it should be configured to lock the account used by the user when the number of consecutive authentication failures exceeds n times.
Setting an effective account lockout policy helps prevent attackers from guessing system account passwords.
Implementation steps:
Enter "Control Panel->Administrative Tools->Local Security Policy", in "Account Policy->Account Lockout Policy", configure "Account Lockout Threshold" not more than 10 times.
Authorization
Remote System Forced Shutdown Setting
Description:
This policy setting allows users to shut down computers from remote locations on the network.
Anyone assigned this user right may increase the risk that the system will be shut down illegally by a user other than an administrator, resulting in a denial of service (DoS), which prevents the computer from servicing user requests.
Purpose of implementation:
To prevent remote users from shutting down illegally, in the local security settings, the forced shutdown from the remote system is only assigned to the Administrators group.
Implementation steps:
Go to "Control Panel -> Administrative Tools -> Local Security Policy", in "Local Policy -> User Rights Assignment".
"Force shutdown from remote system" is set to "Assign to Administrators group only"
