martes, 9 de mayo de 2023

WINDOWS. Security tips

==========================================================
Some important security tips that will strengthen the security of Windows
==========================================================
Change the KRBTGT password regularly, at least every 180 days

Don't use domain administrator credentials to log in to client PCs

Eliminate breached passwords in the environment

Encourage the use of passphrases for passwords

Enforce least privilege in your Active Directory environment

Enforce strong passwords using good password policies

Implement good security practices for domain controllers, protecting privileged accounts with strong passwords

Implement the Microsoft Local Administrator Password Solution (LAPS) for local accounts

Increase your overall security posture by following best practices in the environment

Limit the number of users with admin rights

Monitor accounts with the adminCount attribute set to "1"

Monitor changes to domain groups and other activity

Monitor for suspicious activity, such as unnecessary Kerberos ticket requests

Monitor service account use and other privileged accounts

Monitor the adminSDHolder ACL regularly for rogue users or groups

Prevent account password reuse

Prevent the use of incremental passwords or breach passwords

Protect your environment from privilege escalation attacks

Remove unnecessary accounts from Active Directory, including service accounts

Use extremely strong passwords on service accounts and rotate these

Use hardened workstations as admin jump boxes

Use strong passwords

Use strong passwords across the board

Use strong passwords on all protected accounts and service accounts

Use strong passwords, especially for admin and service accounts



by GoN | Published: May 9 2023 | Last Updated: