Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Ideas
For all those people who post their Security Configurations
Message
<blockquote data-quote="Victor M" data-source="post: 1124797" data-attributes="member: 96560"><p>[USER=114717]@bazang[/USER]. Yes I know what least privilege is.</p><p></p><p>In addition to using a standard user account, I remove rights for that account to run powershell, regedit, reg, and schtask plus a few more things.</p><p></p><p>But least privilege is not enough. Attackers have privilege escalation tricks and exploits.</p><p></p><p>For Least Functionality, I disable certain services, turn off remote <anything>, turn off network protocols, uninstall apps, firewall known MS telemetry ip's, turn off various Start>Settings>Privacy&Security, and so on.</p><p></p><p>I think the 5 hrs is mostly due to inefficiency, I was doing gpedits by hand instead of backing up and restoring. And chatgpt introduced a way to backup and restore Start>Settings partially. I estimate those 2 things should eliminate ~2 hrs. Creating cip files takes 45 mins; which can be backed up and restored instead. Installing various apps takes 1 hr which actually shouldn't be included in the total because it is not hardening. Pretty close to your 1 hr benchmark. And for the rest of the stuff mentioned above I already have scripts made. Still, if you don't mind sharing your insights, I would like to hear them, if it is not a trade secret.</p><p></p><p>I keep putting off reading 800-53 - too many bracketed role names, interferes with reading. I follow PCI-DSS.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1124797, member: 96560"] [USER=114717]@bazang[/USER]. Yes I know what least privilege is. In addition to using a standard user account, I remove rights for that account to run powershell, regedit, reg, and schtask plus a few more things. But least privilege is not enough. Attackers have privilege escalation tricks and exploits. For Least Functionality, I disable certain services, turn off remote <anything>, turn off network protocols, uninstall apps, firewall known MS telemetry ip's, turn off various Start>Settings>Privacy&Security, and so on. I think the 5 hrs is mostly due to inefficiency, I was doing gpedits by hand instead of backing up and restoring. And chatgpt introduced a way to backup and restore Start>Settings partially. I estimate those 2 things should eliminate ~2 hrs. Creating cip files takes 45 mins; which can be backed up and restored instead. Installing various apps takes 1 hr which actually shouldn't be included in the total because it is not hardening. Pretty close to your 1 hr benchmark. And for the rest of the stuff mentioned above I already have scripts made. Still, if you don't mind sharing your insights, I would like to hear them, if it is not a trade secret. I keep putting off reading 800-53 - too many bracketed role names, interferes with reading. I follow PCI-DSS. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
