Hardening là gì? Tại sao đề xuất Hardening ? Lúc nào thì cần Hardening? Hardening là quy trình cải thiện tính bảo mật thông tin cho 1 khối hệ thống bằng các luật lệ, các thiết lập bảo mật thông tin VPS cùng hệ thống, đây là rất nhiều quy tắc, chính sách nhưng mà người quản ngại trị nên tùy chỉnh cấu hình, đưa ra nhằm vận dụng đến toàn thể hệ thống của mình.

Bạn đang xem: Hardening là gì

Từ kia ta hoàn toàn có thể giảm thiểu những rủi ro khủng hoảng security trường đoản cú hầu hết hình thức dịch vụ đang hoạt động trên máy chủ đó.Mình sẽ hướng dẫn chúng ta bí quyết thực hiện trên sever Windows Server 2016. VIệc Hardening chúng ta cần tiến hành sau khoản thời gian vừa thiết đặt mới hoàn thành máy chủ.1. Làm sao nhằm chạy những lệnh cơ mà mình đang cung ứng dưới đây?Trên thanh taskbar -> Start-> powershell ise -> kích cần -> run as AdministratorHoặc lưu giữ tệp tin viết tên với ext ps1 ví dụ: Hardening.ps1 -> kích buộc phải -> mở cửa PowerShell window here as administrator
*

# Hardening OS# Disable NLA, SMBv1, NetBIOS over TCP/IPhường, PowerShellV2, phân tích và đo lường log# Enables UAC, SMB/LDAPhường.

Xem thêm: Cách Đặt Tên Công Ty Cổ Phần Đầu Tư Tiếng Anh Là Gì ? Hướng Dẫn Cách Đặt Tên Công Ty Bằng Tiếng Anh

Signing, Show hidden files# Fix CredSSP. Remote Desktop# ---------------------#Set TimeZone GMT +7 HaNoiSet-TimeZone -Name "SE Asia Standard Time"reg add "HKLMSOFTWAREPoliciesMicrosoftWindows NTDNSClient" /v EnableMulticast /t REG_DWORD /d 1 /freg add "HKLMSYSTEMCurrentControlSetServicesLanmanServerParameters" /v SMB1 /t REG_DWORD /d 0 /freg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem" /v EnableLUA /t REG_DWORD /d 1 /freg add "HKLMSystemCurrentControlSetControlLsa" /v LMCompatibilityLevel /t REG_DWORD /d 5 /freg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWpad" /v WpadOverride /t REG_DWORD /d 1 /f# https://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy/# https://en.hacknvày.com/pass-the-hash/reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 0 /freg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem" /v FilterAdministratorToken /t REG_DWORD /d 1 /f# Prevent (remote) DLL Hijacking# https://www.greyhathacker.net/?p=235# https://www.verifyit.nl/wp/?p=175464# https://support.microsoft.com/en-us/help/2264107/a-new-cwdillegalindllsearch-registry-entry-is-available-to-control-the# The value data can be 0x1, 0x2 or 0xFFFFFFFF. If the value name CWDIllegalInDllSearch does not exist or the value data is 0 then the machine will still be vulnerable lớn attachồng.# Blocks a DLL Load from the current working directory if the current working directory is phối khổng lồ a WebDAV folder (phối it to 0x1)# Blocks a DLL Load from the current working directory if the current working directory is set khổng lồ a remote thư mục (such as a WebDAV or UNC location) (phối it khổng lồ 0x2)# ---------------------reg add "HKLMSYSTEMCurrentControlSetControlSession Manager" /v CWDIllegalInDllSearch /t REG_DWORD /d 0x2 /f# Disable IPv6# https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users# ---------------------reg add "HKLMSYSTEMCurrentControlSetservices cpip6parameters" /v DisabledComponents /t REG_DWORD /d 0xFF /f# Disable SMBv1Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -norestart# Disable Powershellv2Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2 -norestart######################################################################### Harden lsass to help protect against credential dumping (Mimikatz)# Configures lsass.exe as a protected process và disables wdigest# https://technet.microsoft.com/en-us/library/dn408187(v=ws.11).aspx# https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5# ---------------------reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsLSASS.exe" /v AuditLevel /t REG_DWORD /d 00000008 /freg add "HKLMSYSTEMCurrentControlSetControlLsa" /v RunAsPPL /t REG_DWORD /d 00000001 /freg add "HKLMSYSTEMCurrentControlSetControlLsa" /v DisableRestrictedAdmin /t REG_DWORD /d 00000000 /freg add "HKLMSYSTEMCurrentControlSetControlLsa" /v DisableRestrictedAdminOutboundCreds /t REG_DWORD /d 00000001 /freg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersWDigest" /v UseLogonCredential /t REG_DWORD /d 0 /freg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersWDigest" /v Negotiate /t REG_DWORD /d 0 /f# Enable Firewall Logging# ---------------------netsh advfirewall phối currentprofile logging filename %systemroot%system32LogFilesFirewallpfirewall.lognetsh advfirewall mix currentprotệp tin logging maxfilekích cỡ 4096netsh advfirewall phối currentprotệp tin logging droppedconnections enable#Disable AutoRun# ---------------------reg add "HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /freg add "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f##Show known tệp tin extensions and hidden files# ---------------------reg add "HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "HideFileExt" /t REG_DWORD /d 0 /freg add "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "HideFileExt" /t REG_DWORD /d 0 /freg add "HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "Hidden" /t REG_DWORD /d 1 /freg add "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "Hidden" /t REG_DWORD /d 1 /freg add "HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "ShowSuperHidden" /t REG_DWORD /d 1 /freg add "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v "ShowSuperHidden" /t REG_DWORD /d 1 /f#### Microsoft Windows Security Update Registry Key Configuration Missing (ADV180012) (Spectre/Meltdown Variant 4) ########Impact : An attacker who has successfully exploited this vulnerability may be able lớn read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker khổng lồ exploit this vulnerability. In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern website browsers, it may be possible for an attacker khổng lồ supply JavaScript that produces native sầu code that could give rise lớn an instance of CVE-2018-3639#Set-ItemProperty -Path "hklm:SYSTEMCurrentControlSetControlSession ManagerMemory Management" -Name "FeatureSettingsOverride" -Value "00000008"Set-ItemProperty -Path "hklm:SYSTEMCurrentControlSetControlSession ManagerMemory Management" -Name "FeatureSettingsOverrideMask" -Value "00000003"##### Windows Registry Setting To Globally Prevent Socket Hijacking Missing ########Impact: If this registry setting is missing, in the absence of a SO_EXCLUSIVEADDRUSE check on a listening privileged socket, local unprivileged users can easily hijaông chồng the socket và intercept all data meant for the privileged process #####Set-ItemProperty -Path "hklm:SYSTEMCurrentControlSetServicesAFDParameters" -Name "ForceActiveDesktopOn" -Value "00000001"####MS15-011 Hardening UNC Paths Breaks GPO Access -Microsoft Group Policy Remote Code Execution Vulnerability (MS15-011) #########Impact: The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system lớn connect to lớn an attacker-controlled network ###Set-ItemProperty -Path "hklm:SOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths" -Name "\* etlogon" -Value "RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=1"Set-ItemProperty -Path "hklm:SOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths" -Name "\*sysvol" -Value "RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=1"##### Enabling strong cryptography for .NET V4...#x64Set-ItemProperty -Path "HKLM:SOFTWAREWow6432NodeMicrosoft.NetFrameworkv4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -Type DWord#####Disable SMBv3 SMBGhost RCE (CVE-2020-0796)Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" DisableCompression -Type DWORD -Value 1 -Force#####Fix CredSSPREG ADD HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters /v AllowEncryptionOracle /t REG_DWORD /d 2 /f#####Disable NLAreg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f#Audit Logauditpol /set /category:"System" /failure:enable /success:enableauditpol /set /category:"Account Management" /failure:enable /success:enableauditpol /set /category:"Account Logon" /failure:enable /success:enableauditpol /phối /category:"Logon/Logoff" /failure:enable /success:enableauditpol /phối /category:"Policy Change" /failure:enable /success:enable#Fix DNS 2020-1350reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /fnet stop DNS &và net start DNSWrite-Host "Hardening successfully "Invoke-Commvà -ScriptBlochồng gpupdate /force #Create new user Admin & add lớn group Administrators#Base64 decode $SystemObfuscation to get your password$SystemObfuscation = "UmVwbGFjZV9teV93aXRoX2Jhc2U2NF9lbmNvZGU="$SystemConvert = ::UTF8.GetString(::FromBase64String($SystemObfuscation))net user /add admin $SystemConvertnet localgroup administrators admin /add#####Set user admin password never expireSet-LocalUser -Name "admin" -PasswordNeverExpires 1#################################################
Bài viết liên quan

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *