Difference between revisions of "Operating Systems/Windows/Windows Desktop/Windows 10 (Desktop)"

From Vista Ridge Cyberpatriot
Jump to navigation Jump to search
Line 18: Line 18:
 
* Remove Prohibited Software
 
* Remove Prohibited Software
  
 +
Computer Configuration (LGPO):
 +
* Security Settings
 +
** Password Policy
 +
*** Password must meet complexity requirements should be enabled
 +
*** Store passwords using reversible encryption should be disabled
 +
*** Minimum password age should be configured to 5 days
 +
*** Maximum password age should be configured to 30 days
 +
*** Enforce passwords history to 20 passwords remembered
 +
*** Minimum passwords length should be 10 characters
 +
** Account Lockout Policy
 +
*** Account lockout duration should be configured to 60 minutes
 +
*** Reset account lockout counter can also be configured to 60 minutes
 +
*** Account lockout threshold should be configured to 5 attempts
 +
** Audit Policy
 +
*** Set all to audit success and failures, typically only successful attempts are needed for points
 +
** User Rights Assignment
 +
*** Look through every single policy and determine if the right users have the permission, be especially careful when changing users it can cause issues if an essential
 +
** Security Options
 +
*** Policies [attach a link for a page that details all the policies]
  
Security Settings (LGPO):
+
* Administrative Templates (LGPO):
* Password Policy
+
** It's good practice to look through every single policy setting to configure properly, but it is extremely tedious and time-consuming so save it for the end of the competition when the team is struggling to find the last points. Windows Components, and System are where most of your time should be sent
** Password must meet complexity requirements should be enabled
 
** Store passwords using reversible encryption should be disabled
 
** Minimum password age should be configured to 5 days
 
** Maximum password age should be configured to 30 days
 
** Enforce passwords history to 20 passwords remembered
 
** Minimum passwords length should be 10 characters
 
* Account Lockout Policy
 
** Account lockout duration should be configured to 60 minutes
 
** Reset account lockout counter can also be configured to 60 minutes
 
** Account lockout threshold should be configured to 5 attempts
 
* Audit Policy
 
** Set all to audit success and failures, typically only successful attempts are needed for points
 
* User Rights Assignment
 
** Look through every single policy and determine if the right users have the permission, be especially careful when changing users it can cause issues if an essential
 
*Security Options
 
** Policies [attach a link for a page that details all the policies]
 
  
 
=== Categories ===
 
=== Categories ===

Revision as of 18:16, 20 August 2022

Checklist

  • User Management
    • Remove Unauthorized Users
    • Add Authorized Users
    • Assign Administrator Privileges
    • Remove Administrator Privileges
    • Change Insecure Passwords/Creating Passwords
  • Enable Firewall Protection
  • Disable/Remove Unauthorized Services
    • FTP
  • Updates
    • Enable Daily Checks for Updates
    • Install Security Updates
  • Program Settings
    • Enable Pop-Up Blocker (Firefox)
  • Remove Prohibited Files
  • Remove Prohibited Software

Computer Configuration (LGPO):

  • Security Settings
    • Password Policy
      • Password must meet complexity requirements should be enabled
      • Store passwords using reversible encryption should be disabled
      • Minimum password age should be configured to 5 days
      • Maximum password age should be configured to 30 days
      • Enforce passwords history to 20 passwords remembered
      • Minimum passwords length should be 10 characters
    • Account Lockout Policy
      • Account lockout duration should be configured to 60 minutes
      • Reset account lockout counter can also be configured to 60 minutes
      • Account lockout threshold should be configured to 5 attempts
    • Audit Policy
      • Set all to audit success and failures, typically only successful attempts are needed for points
    • User Rights Assignment
      • Look through every single policy and determine if the right users have the permission, be especially careful when changing users it can cause issues if an essential
    • Security Options
      • Policies [attach a link for a page that details all the policies]
  • Administrative Templates (LGPO):
    • It's good practice to look through every single policy setting to configure properly, but it is extremely tedious and time-consuming so save it for the end of the competition when the team is struggling to find the last points. Windows Components, and System are where most of your time should be sent

Categories




Windows Checklist:


Things to look out for in/during Comps: Points - Solving Forensics Questions to the best of your ability (Google is your Best Friend!) - Checking Windows for Updates - Removing Unauthorized Users - Changing Insecure Passwords for Users - A Secure Password Length is being required - Sufficient Password History is being kept - Firewall Protection is Enabled - Checking Updates for Firefox - Removing any/all Hacking Tools (i.e. NMAP, Cleaners, etc.) - FTP Disabling - Media File Deleting (i.e. Music, Games, etc.)


Things that you should check but not prioritize first in Comps: Likely No Points - Turning off Network/FileShares - Setting Windows to "Automatic Updates" - Adjusting Firefox's Security Settings (Very Likely to not be counted in later Comps) - Password/Network Policies - Media File Deleting (Will Either be nonexistent or net you few points in later Comps)

Retrieved from "https://cypat.rainbowunicorn.org/index.php?title=Operating_Systems/Windows/Windows_Desktop/Windows_10_(Desktop)&oldid=131"