This tutorial is about How to Protect Windows networks against harmful cyberattacks. Recently I updated this tutorial and will try my best so that you understand this guide. I hope you guys like this blog, How to Protect Windows networks against harmful cyberattacks. If your answer is yes after reading the article, please share this article with your friends and family to support us.
Table of contents
Check How to Protect Windows networks against harmful cyberattacks
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, altering, or destroying sensitive information, extorting money from users, or disrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people and attackers are becoming more innovative.
A successful cybersecurity approach consists of multiple layers of protection spread across the computers, networks, programs, or data that need protection. In an organization, people, processes, and technology must complement each other to create an effective defense against cyberattacks.
How to protect Windows networks against harmful cyber attacks
Protection of external devices with multi-factor authentication
We recommend taking security measures on external devices first. The user’s internal network is really fragile, and it is the external device that provides it with a hard shell. It is relatively easy to attempt a lateral attack within an office resource once the outside world has been breached. Therefore, you should first consider whether multi-factor authentication is required for any device that provides remote access, external or not.
No one should be able to log in with just a username and password. All devices should be checked to see if the device inherently supports authenticator apps and not just simple passwords. However, it does not always have to be absolutely secure and may be slightly more secure than the neighboring network.
Identify high-value targets in your network
Scan the network to identify high-value targets that can be used for destructive attacks. Basic resources are neither attractive nor revolutionary. They have only been with users for a long time. In other words, backup. To guarantee backup media outside the company and outside the domain, there should be a backup rotation system.
If all backup locations are connected to the domain and an attacker has access to them, the backups themselves could be affected. Therefore, the virtualization infrastructure should only allow access to specific accounts that are designed and protected to prevent it. You should also consider two-factor authentication or two-factor authentication and access rights processes when securing HyperV and other virtualization platforms.
Lateral Movement Protection
Protections against lateral movement should also be considered. My office uses a local administration password solution (LAPS) to prevent lateral movement caused by shared local administration passwords.
Also, consider using ports 445, 135, and 139, which are common firewall ports that attackers would use for lateral access. Learn which workstations and servers use these ports and determine the best way to isolate and restrict firewall ports on your network.
Verification of the use of the remote protocol and exposure.
First, you need to make sure that Remote Desktop Protocol (RDP) is not exposed to the outside world. If RDP is exposed, you should limit RDP to only those devices that need it. We note that the following remote protocols should be blocked on sensitive devices: File and Printer Sharing, Remote Desktop, Windows Management Instrumentation (WMI), Windows Remote Management, etc.
This requires IT staff to review how they manage and maintain their systems. The old method of simply accessing servers and desktops remotely is no longer secure. Ensure that risks are not introduced through self-management processes.
Check for expired or outdated passwords.
Usernames and passwords are key access points and points of attack. Users often reuse passwords, and applications deploy certificates to the system. This leads to vulnerabilities. We found that users often leave their passwords unattended on networks and are not aware of the risks. Active Directory (AD) networks are upgraded over time from older, less secure Active Directory (AD) infrastructures.
Many of these outdated configurations still reside on the network. A typical example is the WDigest configuration. WDigest authentication is disabled by default in Windows 8.1 and Windows Server 2012 R2 and later, but plaintext passwords can still be stored in the LSASS store to support authentication. We recommend blocking password storage by disabling the following registry key:
- HKLMSYSTEMCurrentControlSetSecurityProvidersWDigestUseLogonCredential.REG_DWORD = “0”
Implement Windows Defender Credential Guard
According to the Steve on Security blog, Credential Guard is a Windows service that protects your credentials from being stolen from your device. This prevents Windows from stealing secrets used for single sign-on and using them on other devices.
Windows has documented APIs that allow software to access it with certificates and secrets loaded into memory. Because these APIs run some business software, Microsoft can’t arbitrarily stop them. Credential Guard enforcement makes it difficult for attackers to access your credentials.
Final remarks: How to Protect Windows networks against harmful cyberattacks
I hope you understand this article, How to Protect Windows networks against harmful cyberattacks. If your answer is no, you can ask anything via the contact forum section related to this article. And if your answer is yes, please share this article with your friends and family to give us your support.
