Chapter 10. Microsoft Windows Infrastructure

While it may be the bane of every security professional’s existence, Microsoft is being used in public and private infrastructures both small and large across the world. It is by far the most in-use operating system and also the most commonly misconfigured. Misconfigurations in Windows operating systems and software contribute to a large amount of security issues and compromises. Exploit Database currently has over 8,000 exploits running under the Windows platform. 

With the staggering amount of verticals that Microsoft currently covers, we will stick to where it comes into play in the enterprise environment and the biggest bang for your buck for security wins. In this chapter we will cover some quick wins such as moving off of older operating systems and turning off open file sharing, as well as in-depth best practices regarding Active Directory, Enhanced Mitigation Experience Toolkit, and Microsoft SQL. Performing these steps significantly decreases the attack surface and detection capabilities (and also might help you sleep better at night).1

Quick Wins

There are a few standard no-brainers that we should get out of the way in the beginning.

Upgrade

The first and foremost “quick win” is upgrading endpoints to a supported operating system. While corporations struggle to move off of Windows XP (and shockingly, even older operating systems) the threats keep piling up and the technology forges on. What makes it that much harder ...

Get Defensive Security Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.