Setup Idea Harden Windows 11 Home for Security

Last updated
Jun 2, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Enabled
Real-time security
VoodooShield CyberLock
OSArmor
Xcitium EDR
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Xcitium EDR
Periodic malware scanners
Kaspersky Virus Removal Tool
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
AdGuard
Secure DNS
Quad9
Desktop VPN
ProtonVPN Free
Password manager
N/A
File and Photo backup
Macrium Reflect Free
System recovery
Macrium Reflect Free
Risk factors
    • Browsing to popular websites
    • Working from home
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
Computer specs
Dell Latitude 3540
Recommended for
  1. All types of users

Victor M

Level 10
Thread author
Verified
Well-known
Oct 3, 2022
467


Introduction

Harden Windows 11 - A Security Guide provides documentation on how to harden your Windows 11 23H2 (configuration pack
version 23H2-A1 2023-11-08). It explains how to secure your Windows 11 computer. The knowledge contained stems from
years of experience starting with Windows Vista. Hardening is performed using mostly native Windows tools and Microsoft
tools.

Malware and hackers attack by exploiting security bugs and vulnerabilities. Even talented programmers make coding bugs,
guaranteed by evidence of the last 50 years of computing, and unavoidable. Some security bugs/vulnerabilities are known to
us - they are contributed by white hat hackers (the good guys) who have notified Microsoft and MS is doing it's part by patching
them. But there are also those security vulnerabilities that the black hat hackers (the bad guys) know about which they keep to
themselves. So while MS urges us to do Windows Update monthly to patch the known security holes, there are security
vulnerabilities for which there are no solutions, and no amount of patching will do any good.

The solution is to reduce attack surface so that we expose less opportunities for exploitation. One core concept is Least
Privilege, when you are using an admin account and you get successfully attacked, the attacker gains admin control over the
whole PC. Least privilege says you don't run as admin for day to day tasks, and thus you lessen the chance of a complete
takeover. Another core concept is minimization. You configure your system so that it is only able to do what you normally do,
and nothing else. This minimizes the number of exploitable security bugs that can possibly run, lessens your exposure, which
is called the attack surface. By removing services and programs that listen or respond to the internet 24/7, you take out the
possibility of anybody sending them an exploit. If a new vulnerability is found months down the road, but it does not run on your
system, it is already taken care of; and you won't have to anxiously wait for a patch to arrive.. We will reveal several other
security principles, which allows you to adapt and evolve your defenses as threats change with the times. There are many
places in Windows where risk outweighs features, and this hardening guide goes through them one by one. Also, we will
implement several layers of FREE security (anti-malware is not the only thing that does security), if one layer gets broken
through, you still have another, then another.

In today's environment, criminals attack vulnerable PCs to gain access personal data for id theft purposes, to steal your credit
card data, to install ransomware and to conduct business espionage. Regular hackers want to get their hands on anything,
spread viruses and laugh at you trying to debug their introduced errors. So any PC is game for intrusion and it is not an
elaborate thing, attacking a PC only requires a few minutes.

This guide will save you time and headache when dealing with intrusion. It is hacker tested.

Good security consists of deter, deny, delay, detection and remediation. Hardening historically covers the first 3. We will cover
all 5 in this guide. Hardening is more than just setting group policies (which Windows Home users don't have access to). A
good admin will periodically check every machine in an organization for intrusions and errors. And she also performs recovery
quickly to minimize disruption. We show you what to do.

This guide is frequently updated with new technologies, techniques and ideas to improve security. A version number is provided
at the top.

If you followed this hardening guide and you still got hacked, I want to know about it. Security is an ongoing, evolving series of
improvements. Send me a mail on MalwareTips : Victor M.


Harden your Windows 11 Pro using all the built security features. WDAC, SRP, Defender Firewall, TLS 1.3 plus free security tools like MS Security Baseline, MalwareBytes Anti-Exploit ... Must do Security Principles, and how to implement them using Windows settings.
 
Last edited by a moderator:

WhiteMouse

Level 5
Verified
Well-known
Apr 19, 2017
240
One of the greatest invention of all time: Orange mode.:LOL:

No matter how good configuration is , it's not really useful without automatic script, manual harden lots of things and you'll make mistake at some points that might brick your system or reduce security.
 

Victor M

Level 10
Thread author
Verified
Well-known
Oct 3, 2022
467
I used to offer a set of configuration scripts for sale along with the web site. I am looking for replacement hosting. Once that is up again, I will post a link.
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
Approx cost for this set-up, excluding hardware?

Approx time to set up and configure, on average?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top