Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

NetBT NodeType Configuration for Hardening

NetBT (NetBIOS over TCP/IP) is a network protocol used to integrate NetBIOS services into the TCP/IP protocol suite. NetBT settings are specific to each interface and include the NetbiosOptions setting and the NameServerList. These settings can be configured individually for each interface using the answer file. NetBT is essential for integrating legacy systems, enabling older applications and devices that rely on NetBIOS to communicate seamlessly with modern TCP/IP networks.

Disable LLMNR Protocol for Network Security

LLMNR (Link-Local Multicast Name Resolution) is a protocol used by legacy operating systems for name resolution without a DNS server, compatible with both IPv4 and IPv6. It is included in Windows Vista, Windows Server 2008, Windows 7, 8, and 10, and some Linux distributions. Introduced by Microsoft to enhance network resource resolution, LLMNR allows devices to multicast name queries on a local network if the DNS server fails to resolve a name.

Anonymous Logon: Understanding the Security Battleground with NT Authority

Anonymous logon refers to a type of network access where a user can log in to a system or network resource without providing any authentication credentials such as a username or password. This type of access is typically granted to allow basic, unauthenticated access to certain resources for public use or for specific purposes.

Log on as a Batch Job Rights & Security Setting

Log on as a batch job policy determines the accounts permitted to sign in through a batch-queue tool like the Task Scheduler service. When you schedule a task using the Add Scheduled Task Wizard, assigning it to run under specific credentials, that user is granted the right to log on as a batch job. At the designated time, the Task Scheduler service logs in the user as a batch job rather than an interactive user, executing the task within the user’s security parameters.

Understanding Structured Exception Handling Overwrite Protection (SEHOP)

Structured Exception Handling Overwrite Protection (SEHOP) is a security safeguard setting within Windows designed to prevent malicious actors from exploiting the Structured Exception Handler (SEH) overwrite. By preventing this exploit, SEHOP helps to ensure programs run smoothly and securely. Structured Exception Handler(SEH) is a mechanism within software that’s responsible to keep the program running smoothly in the event of an error.

Fix CrowdStrike's BSOD with Hardening

CrowdStrike, is a prominent cybersecurity technology company that provides security services for endpoints, cloud workloads, identity, and data. They are well-known for their Falcon Sensor Software designed to protect against cyberattacks. On Thursday, July 18 2024 there was a crash on Microsoft systems related to an update in Falcon Sensor software. This update involved a single file that added extra logic for detecting bad actors.

Australian Cyber Security Strategy for Hardening

Australia aims to be the world leader in cyber security by 2030 using the Australian Cyber Security Strategy that was released on 22 November 2023. With the cost of cybercrime on Australian businesses growing by up to 14% per annum, the Cyber Security Strategy seeks to improve cyber security, manage cyber risks and better support citizens and Australian businesses to manage their cyber environment by using six cyber shields and actions to be taken.

RDS: Do not allow clipboard redirection

Hardening the “RDS: Do not allow clipboard redirection” settings is a fundamental step in server hardening. Hardening servers can be a painful procedure. Hardening remote services such as RDS is one of the most critical operational components when hardening servers as it have immediate impact on user and application functionality. Endless hours, and resources are invested in this process. However, despite the efforts, hardening often causes damage to production server environments.

Windows Spotlight - Configurations for Your Lock Screen

Windows Spotlight automatically displays a variety of high-resolution lock screen images. These come from various sources, including Bing searches, professional photographers, and Microsoft’s own collection. It's available on Windows Enterprise and Education editions only. The images encompass a variety of subjects from nature scenes, cityscapes, and architectural marvels to keep a fresh login screen.

Password Policy Configuration for Safer Security

A password policy is a set of rules that are usually a part of an organizations security regulations to improve computer security. These policies can be formal regulations or part of security awareness training programs that outline requirements such as minimum length, complexity and unique characters. A password must comply with these password strength rules to be set for an account.

Do not allow anonymous enumeration of SAM accounts

The two policy settings in the CIS Benchmarks control the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). By enabling the policy settings, users with anonymous connections will not be able to enumerate domain account user names on the systems in your environment.

Act as Part of the Operating System Windows Security Setting

A process in Windows is a program which runs on the system, this can be anything from document editing software to games. The Windows security setting act as part of the operating system grants the capability to a process to assume the identity of any user and then gain access to the resources that the user is authorized to access.