Mastering Windows Security and Hardening 1st edition by Mark Dunkerley, Matt Tumbarello 1839214287 9781839214288

Mastering Windows Security and Hardening 1st edition by Mark Dunkerley, Matt Tumbarello – Ebook PDF Instant Download/DeliveryISBN: 1839214287, 9781839214288

Full download Mastering Windows Security and Hardening 1st edition after payment.

Product details:

ISBN-10 :  1839214287 

ISBN-13 :  9781839214288

Author :  Mark Dunkerley, Matt Tumbarello 

Enhance Windows security and protect your systems and servers from various cyber attacks Key Features Protect your device using a zero-trust approach and advanced security techniques Implement efficient security measures using Microsoft Intune, Configuration Manager, and Azure solutions Understand how to create cyber-threat defense solutions effectively Book Description Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions

Mastering Windows Security and Hardening 1st Table of contents:

Section 1: Getting Started
Chapter 1: Fundamentals of Windows Security
Understanding the security transformation
Living in today’s digital world
Today’s threats
Identifying vulnerabilities
Recognizing breaches
Current security challenges
Implementing a Zero Trust approach
Summary
Chapter 2: Building a Baseline
Introduction to baselining
Policies, standards, procedures, and guidelines
Defining policies
Setting standards
Creating procedures
Recommending guidelines
Incorporating change management
Implementing a security framework
Building baseline controls
CIS
Windows security baselines
Implementing a baseline
CIS
Microsoft SCT
Incorporating best practices
Summary
Chapter 3: Server Infrastructure Management
Technical requirements
Overview of the data center and the cloud
Types of data center
On-premise
Cloud
Hybrid
Implementing access management in Windows servers
Physical and user access security
Privileged Access Management, Just-in-Time Access, and Privileged Identity Management
Using a tiered model for privileged access
Tier 0
Tier 1
Tier 2
Important considerations
Enhanced security administrative environment
Access management best practices
Understanding Windows Server management tools
Introducing Server Manager
Using the Best Practices Analyzer (BPA)
Looking at Event Viewer
Using Windows Server Update Services
Introducing Windows Admin Center
Using Azure services to manage Windows servers
The Azure portal and Marketplace
Using the Azure Marketplace
Implementing role-based access control
Azure Resource Manager
Understanding Azure Backup
Securing Azure Backup
Introducing Azure Update Management
Leveraging Azure Site Recovery
Summary
Chapter 4: End User Device Management
Technical requirements
Device management evolution
Device Imaging and Windows Autopilot
Windows Assessment and Deployment Kit (Windows ADK)
Windows Configuration Designer
Microsoft Deployment Toolkit
Windows Deployment Services
MDT and Configuration Manager
Windows Autopilot
Microsoft Endpoint Configuration Manager
Securely deploying clients for Configuration Manager
Client collections, settings, and communications
Client settings
Client communication
Intune Mobile Device Management (MDM)
Configuration Service Provider
Mobile Device Management versus Mobile Application Management
Windows enrollment methods
Introducing Microsoft Endpoint Manager
Summary
Section 2: Applying Security and Hardening
Chapter 5: Hardware and Virtualization
Technical requirements
Physical servers and virtualization
Microsoft virtualization
Hyper-V
Azure virtual machines
Windows Virtual Desktop
Hardware security concerns
Virtualization security concerns
Cloud hardware and virtualization
Introduction to hardware certification
BIOS and UEFI, TPM 2.0, and Secure Boot
Unified Extensible Firmware Interface
UEFI Secure Boot
Trusted Platform Module (TPM 2.0)
Advanced protection with VBS
Credential Guard
Enabling Credential Guard with MDM (Intune)
Enabling Credential Guard with Group Policy
Device Guard
Enabling Device Guard and Windows Defender Application Control with Group Policy
Windows Defender Application Guard
Hypervisor-Protected Code Integrity
Enabling HVCI
Windows Defender System Guard
Hardware security recommendations and best practices
Summary
Chapter 6: Network Fundamentals for Hardening Windows
Technical requirements
Network security fundamentals
Understanding Windows Network Security
Network baselining
Windows 10
Wireless Local Area Network (WLAN)/Wi-Fi
Bluetooth
Virtual Private Networks (VPNs)
Windows Server
Local Area Network (LAN)/Ethernet
Server roles and features
Networking and Hyper-V
Network troubleshooting
Windows Defender Firewall and Advanced Security
Configuring a firewall rule with Group Policy
Windows Defender Exploit Guard Network Protection
Configuring Windows Defender Exploit Guard Network Protection using Group Policy
Introducing Azure network security
Network Security Groups (NSGs)
Service tags
Application Security Groups (ASGs)
Creating a network security group in Azure
Summary
Chapter 7: Identity and Access Management
Technical requirements
Identity and access management overview
Identity
Authentication
Authorization
Accountability
Implementing account and access management
HR and identity management
Integrating directory services
Using local administrative accounts
Managing Azure external user access (B2B)
Understanding the Azure cloud administrative roles
The Office 365 admin and Azure AD roles
Using Intune roles
Security and compliance admins
Implementing PAM security tools (PAM, PIM, and JIT)
Using PAM
Connecting with JIT access
Enabling admins with Azure AD PIM
Using Azure RBAC
Understanding authentication, MFA, and going passwordless
Securing your passwords
Introducing SSPR
Implementing SSPR for Windows 10 login
Using Azure AD Seamless SSO
Configuring Azure SSO
Configuring MFA
Introducing Windows Hello
Understanding going passwordless
Using Conditional Access and Identity Protection
Summary
Chapter 8: Administration and Remote Management
Technical requirements
Understanding device administration
Differences between domain join, hybrid, and Azure AD joined devices
Enforcing policies with MDM
Creating compliance settings with Configuration Manager
Introduction to Configuration Items
Creating a Configuration Item
Building a Configuration Baseline
Reporting on a Configuration Baseline
Assigning Endpoint Protection
Creating Policies with Intune
Configuring a device compliance policy
Configuring a device configuration profile
Deploying PowerShell scripts
Using Administrative Templates
Enforcing Intune security baselines
Building security baselines
Using the Microsoft Security Compliance Toolkit
Comparing policies with Policy Analyzer
Creating a GPO from the baseline recommendation
Creating a Configuration Baseline from a GPO
Connecting securely to servers remotely
Remote management and support tools
Using Azure Security Center Just-in-Time access
Connecting with Azure Bastion
Introducing PowerShell security
Configuring PowerShell logging
Using PowerShell Constrained Language Mode
Enabling script execution
Summary
Chapter 9: Keeping Your Windows Client Secure
Technical requirements
Securing your Windows clients
Introducing Windows Update for Business
Configuring Windows updates in Intune
Managing update deployments
Monitoring update deployments
Advanced Windows hardening configurations
Enabling Windows Hello for Business
Managing BitLocker encryption
Configuring Windows Defender AV
Enabling Microsoft Defender SmartScreen
Preventing name resolution poisoning
Link-Local Multicast Name Resolution
NetBIOS Name Service (NBT-NS)
Disabling Google Chrome mDNS
Disabling the Web Proxy Autodiscovery Protocol (WPAD)
Configuring Office security baselines
Deploying user-based office policies
Hardening Google Chrome
Whitelisting extensions
Preventing user access to the registry
Windows Defender Application Control
Considerations for WDAC or AppLocker
Windows 10 privacy
Controlling the privacy settings for each app
Additional privacy settings
Privacy settings for Microsoft Edge
Summary
Chapter 10: Keeping Your Windows Server Secure
Technical requirements
Windows Server versions
Installing Windows Server roles and features
Reducing the Windows Server footprint
Installing Nano Server 2019
Configuring Windows updates
Implementing Windows Server Update Services (WSUS)
Deploying Azure Update Management
Connecting to Microsoft Defender ATP
Onboarding with Group Policy
Onboarding with Configuration Manager
Hardening Windows Server
Implementing a security baseline
Controlling User Rights Assignment
Configuring Accounts settings
Configuring Interactive Logon
Setting Remote Desktop Protocol session time limits
Configuring account policies
Implementing fine-grained password policies
Securing the logon process
Using Azure Disk Encryption
Creating an Azure Key Vault
Creating a key encryption key (KEK)
Enabling Azure Disk Encryption on a virtual machine
Deploying Windows Defender Application Control
Summary
Section 3: Protecting, Detecting, and Responding for Windows Environments
Chapter 11: Security Monitoring and Reporting
Technical requirements
Monitoring with MDATP
Investigating an alert
The Threat analytics dashboard
The Threat & Vulnerability Management dashboard
Machine health and compliance
Software inventory report
Onboarding workstations to the MDATP service 
Enabling the Microsoft Intune connection
Creating a machine risk compliance policy
Enabling advanced features
Deploying Log Analytics
Installing gallery solutions
Update Compliance for Windows 10
Deploying ChangeTracking
Using ServiceMap
Using Wire Data 2.0
Monitoring with Azure Monitor and activity logs
Secure access to Azure Monitor
Monitoring Azure activity logs
Configuring ASC
Creating performance baselines
Summary
Chapter 12: Security Operations
Technical requirements
Introducing the SOC
Using the M365 security portal
Understanding Microsoft Secure Score
Classifying your data
DLP
AIP
WIP
Using MCAS
Reviewing the activity log
Looking at a user’s activity
Configuring Azure ATP
Planning for Azure ATP
Activating your instance
Understanding the kill chain
Looking at alerts
Investigating threats with Azure Security Center
Introducing Azure Sentinel
Creating the connection
Microsoft Defender Security Center
Assigning permissions and machine groups
Reviewing the alerts queue
Automated Investigations
Planning for business continuity and DR
Summary
Chapter 13: Testing and Auditing
Technical requirements
Validating controls
Vulnerability scanning
Preparing for a vulnerability scan
Planning for penetration testing
Executing a penetration test
Reviewing the findings
Security awareness and training
Summary
Chapter 14: Top 10 Recommendations and the Future
The 10 most important to-dos
Implementing identity protection and privileged access
Enact a Zero Trust access model
Define a security framework
Get current and stay current
Make use of modern management tools
Certify your physical hardware devices
Administer network security
Always encrypt your devices
Enable endpoint protection
Deploy security monitoring solutions
Other important items
Stay educated
Validate controls
Application controls
Security baselines and hardening
Business continuity and disaster recovery
The future of device security and management
Security and the future
Summary
Other Books You May Enjoy
Leave a review – let other readers know what you think

People also search for Mastering Windows Security and Hardening 1st:

    
mastering windows security and hardening second edition
    
mastering windows security and hardening download
    
mastering windows security and hardening 2nd edition
    
security hardening best practices
    
mastering windows security and hardening pdf