Menu

Matrix 0501 Hardening Windows 10

Last Updated: January 2021

High Level (Overview)

  • Login & Readme

Tools

Low Level (Details)

  •  Login
    Input Team Unique ID.

  •  Read the Read Me
    On the desktop there should be an icon labeled "readme" > open it and completely read it. This website will tell you the situation, what needs to be changed and settings that should be applied.

  •  Windows Update Settings
    •  Change Update Settings to Defer Windows Feature Updates:
      Go to Settings (the little gear icon) > Update & Security > Advanced Options > make sure the "Defer Windows Feature Updates" is check marked.

    •  Check For Updates:
      Go to Settings (the little gear icon) > Update & Security > Windows Update check for updates.
      Updates will take the most amount of time so it is good to start the update process early rather than later and risk running out of time.

    •  Automatic Updates:
      Go to Settings (the little gear icon) > Update & Security > underneath "check for updates" click Advanced Options > ensure that Automatic updates are selected.

  •  Complete Forensic Questions
    Do what the questions ask you to do. USE THE INTERNET it is there to help you. These are worth quite a few points so make sure you get them done.

  •  Remove Unauthorized Software
    Look at README website from before and see what apps should be installed. Whatever apps or programs that are installed that are not required for the system to run or are required by the README file should be removed through the windows installer. Common Examples of unwanted software:
    • Angry IP Scanner
    • Wireshark
    • Torrenting Software (Ex: BitTorrent and qBittorent)
    • Unneeded/Not Required Security Programs Ex: Driver Support, CCleaner
    • Video Games
    If you do not know what a program is, look it up. It might be something that can be used for malicious purposes. If it is, make sure to get rid of it. However, before you delete/uninstall anything, make sure to check the README and ensure that it is not a required program.

  •  Microsoft Management Console (MMC)
    •  Local Users and Groups Settings
      •  Remove Unauthorized Users/Administrators From System:
        Look at READ ME and remove any unauthorized users and administrators. MMC > insert/ remove snap in > insert "local users" go to "users" and "administrators" and remove unauthorized users/administrators from computer. Make sure that profile in C:\Users\ no longer exists after removing the user from the system.

      •  Give All Users A Secure Password:
        In search bar > MMC > File tab > Add-Remove Snap-in > add the Local Users and Groups snap-in, and hit next/finish on all popups > Users
        From here, right click on the users and change all passwords besides your own to ensure everyone has a secure password.
        The password I recommend you use is the following: 1234qwerasdf!@#$QWERASDF
        I know it looks complicated and hard to remember, but trust me. Once you start typing it you will see that it is not that hard to remember. ;)

      •  Auto Login Settings:
        Do not turn off Auto Login for your account. In Windows 10 to disable Auto Login you must: Windows Key + R > enter "netplwiz" (this will open the "User Accounts" window) > check mark the "Users must enter a username and password to use this computer" and click "Apply" > Restart VM (The fake windows computer) to fully apply changes. 

      •  User Account Control:
        Type "change user account control settings" in the windows search bar and hit enter. Set the User Account Control settings to the highest possible.

    •  Apply Templates (STIGS): 
      In search type mmc > in top left select "File" > Add/Remove Snap In > scroll until you find Security Configuration and Analysis > Click Add > click OK in the bottom right had corner > right click on Security Configuration > click "Open Database" > when prompted to select a database type something random into where asks for a filename and click open > change the directory in the top of the popup browser and find where you downloaded your STIGS template file (most likely it is still in downloads) > select it > now once the popup browser has closed, right click again on "Security Configuration and Analysis" > select "Analyze Computer" Now and let it run > once it has finished right click on "Security Configuration" again and select "Configure Computer Now" > once this has been completed you have are now done!

    •  Apply Group Policy (STIGS): 
      Open "File Explorer" > in View check "Show Hidden Files" > open C drive > open "Windows" > open System 32 > open "Group Policy" not Group Policy Users > replace all files in here with your Group Policy files replacing all in this destination > after this you are done with STIGS!

  •  Update All Required Software on Computer
    •  Use "Patch My Pc Home Updater":
      Use this software to update most (if not all) software that is installed on the computer to make sure that everything is up to date. Download Here

    •  Update Drivers:
      Right click Windows button > select Device manager > update device drivers. Go through all devices and make sure all drivers are up to date. 

    •  Update Programs Manually:
      After completing the previous steps, you will want to go through the main applications on the system again and just double check that everything that needs to be updated is updated. For most software you have to find somewhere in the settings or in the corner, the "About" page. On the About page there should something that says "Check for Updates" or something similar. Click on that. 

  •  Make Sure Firewall is On
    •  Turn on Firewall:
      In search bar > firewall advanced security > Turn Firewall on if its not already.

    •  Apply Firewall Rules:
      Open Windows Advanced Firewall > Action > Import Policy > select your windows firewall configuration that you made before hand (.wfw file) > click "Open" Then the windows fire wall policy should have updated and you are done! 

  •  Remove Prohibited Files and Other Windows Settings
    •  Show Hidden File Extensions:
      Windows Search Bar > click on "view" tab > check "Hidden items" so you can make sure you don't miss any hidden files or folders. 

    •  Remove Prohibited Video Files:
      Windows Search Bar > click on "view" tab > check "Hidden items" so you can make sure you don't miss any hidden files or folders.

    •  Remove Prohibited Audio Files:
      In File Explorer go to C Drive > in search bar look up (include the asterisk) *.mp4, *.flv, *.avi, *.wmv, *.mov, etc look up more video file types on the internet if nothing shows up just to be sure.

    •  Remove Prohibited Images:
      In File Explorer go to C Drive > in search bar look up (include the asterisk) *.mp3, *.wmv, *.wma, *.aif, etc look up more audio file types on the internet just in case you missed one.

    •  File Sharing:
      Windows Key > Computer Management > click yes when prompted > Shared Folders The only shares that should be active are ADMIN$ C:\Windows , C$ C:\ , and IPC$ No other shares should be active.

    •  Screensaver:
      Unattended PCs are obvious security risks. But many people fail to take care of this via this simple setting. Most larger companies that are security aware have strict rules to enable this and not to leave PCs logged in and unattended. Right click on desktop and choose Personalize / Screensaver. Configure it to wait 10 minutes, and check mark "On resume, display Logon screen".

    •  Disable Dump File Creation:
      Dump files are memory dumps, and everything in memory are saved to a file. This is used for debugging problems when your system crashes. However, passwords and all confidential stuff that are running currently are also saved to this file. You should enable this feature only when you are experiencing problems and need to debug. Control Panel > System > Advanced System Settings > Advanced tab > Startup and Recovery > Underneath "Write Debugging information" change "Automatic Memory Dump" to "none" and uncheck "Write an event to the system log" which is underneath "System Failure".

    •  Turn on Bit Locker:
      Go to file explorer > this pc > right click on C drive > turn on Bitlocker > go through the prompt.
      Important: Make sure you have a removable media of some sort to store the generated key that will unlock the computer!
      What this software does is encrypt the boot drive making it much harder to hack, when you restart the machine, it will ask you to put in the password you have put on it or to insert the flash drive with the password. Otherwise you will not be able to boot! That's it! :)

    • Extra: While hunting and pecking, also try looking for "readme.md" or "readme.txt" files because most hidden hacking tools come with one. To search for them go to search bar in file explorer and type "readme" (but without the quotation marks)
       
  •  Windows Security Center
    Windows Security settings give you an overview of important services such as Virus & Threat protection, Firewall & network protection, App & browser control, and Device security. Here are some settings you should change in this window:
    •  Windows Security > Windows Defender Antivirus options > Periodic scanning > Turn on
    •  App & Broswer protection > Check apps and files > set to "Block"
    •  App & Browser protection > SmartScreen for Microsft Edge > set to "On" (If this is not hear then you are currently running an older version of windows that does not have this setting)
    •  App & Browser protection > SmartScreen for Microsoft Store apps > set to "Warn"
    •  App & Browser protection > Exploit Protection > System settings > set all options to "On"

  •  Windows Features
    Warning: If a feature is required in the Read Me do not turn it off!
    Go to "Turn Windows Features on/off" (Use search bar) and DISABLE the following features if not disabled already: 
    •  RIP listener
    •  Simple TCPIP services
    •  SMB 1.0/CIFS File Sharing Support
    •  TFTP Client
    •  Telnet Client and Server
    •  Simple Network Management Protocol (SNMP)
    •  All 'Internet Information Services'
    •  FTP Server

  •  Windows Task Scheduler
    Warning: If a scheduled task is required, do not delete it.
    •  This one should be relatively simple. Use the windows search bar to find the Task Scheduler. Go through the scheduled tasks and confirm that  none are malicious. If there is a malicious task, write it down in a notebook and immediately remove it.
  •  Install Anti-Malware/Virus + Software Configuration + Useful Tools
    •  Malwarebytes:
      Install Malwarebytes: make sure it is updated and you do a full/deep scan. Malwarebytes is the best tool you have to find backdoors and hidden malware on your image. Download Here

    •  Avast Antivirus:
      Install Avast Anti-Malware: make sure it is updated and you do a full/deep scan. Download Here

    •  Create God Mode File: 
      On Desktop > create New Folder > rename folder (without quotation marks)"GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}" Use this tool to easily make changes throughout the system. This file is essentially a collection of all administrator tools on the system.

    •  Glary Utilities:
      Look up and install Glary Utilities. Use it to clean registry files, update software, this software should help you get some points if you go through all the tools.

    •  Apple CIDR Script Runner

    •  Firefox Settings to change:
      •  General:
        •  Save files to: Downloads
        •  Automatically Install Updates: Enabled
             (Use a background service to install updates: Enabled)

      •  Privacy & Security:
        •  Set to Strict
        •  Send websites a “Do Not Track” signal that you don’t want to be tracked: Always
        •  Cookies and Site Data: Delete cookies and site data when Firefox is closed
        •  Logins and Passwords: All set to disabled (unchecked)
        •  History: Never Remember
        •  Permissions:
          Go into each "settings" and checkmark the "Block new requests asking to access ______". Also while in these settings make sure no websites are listed as having access to the setting.
        •  Block Pop-up Windows: Enabled
        •  Warn you when websites try to install add-ons: Enabled
        •  Firefox Data Collection Use: Disable All (uncheck all)
        •  Deceptive Content and Dangerous Software Protection: Enable All (Block Dangerous downloads and unwanted/uncommon software)
        •  Certificates: 
          •  Ask you every time: Enable
          •  Query OCSP Responder: Enable
        •  HTTPS-Only Mode (Only available in most up-to-date version of Firefox): Enable HTTPS-Only Mode in all windows 

      •  Ensure there are no plugins installed

  •  Other Checklist or websites to check out
    Use these websites after you have completed my checklist. These websites will give you more in depth instructions on how to further harden your windows 10 system image.