Hardening Windows 8.1
From CVL Wiki
(Created page with "This page contains notes on how to harden Windows 8.1. The intent of these changes to the default OS install is to reduce overall exposure to attack, while still remaining usa...") |
|||
Line 8: | Line 8: | ||
*'''Client for Microsoft Networks''': Used to access other shared resources on your local network running the File and Printer Sharing for Microsoft Networks protocol. | *'''Client for Microsoft Networks''': Used to access other shared resources on your local network running the File and Printer Sharing for Microsoft Networks protocol. | ||
− | ** Required for mapping SMB network drives | + | ** Do not disable. Required for mapping SMB network drives |
− | *'''QOS Packet Scheduler''': Used to provide traffic management on your network for applications that support the protocol. | + | *'''QOS Packet Scheduler''': Used to provide traffic management on your network for applications that support the protocol. |
− | *'''File and Printer Sharing for Microsoft Networks''': Used to share your printer and files on your computer with other computers on your local network. | + | ** Disable |
− | *'''Microsoft Network Adapter Multiplexor Protocol''': provides the ability to load balance between two or more network cards. | + | *'''File and Printer Sharing for Microsoft Networks''': Used to share your printer and files on your computer with other computers on your local network. |
− | *'''Microsoft LLDP Protocol Driver''': Used to create the network map used in the Network browser and Networking and Sharing Centre. | + | ** Disable unless sharing folders or printers |
− | *'''Link Layer Topology Discovery Mapper I/O Driver''': Used to discover other computers connected to your local network. | + | *'''Microsoft Network Adapter Multiplexor Protocol''': provides the ability to load balance between two or more network cards. |
− | *'''Link Layer Topology Responder''': Used to identify your computer to other computers connected to your local network. | + | ** Disable |
+ | *'''Microsoft LLDP Protocol Driver''': Used to create the network map used in the Network browser and Networking and Sharing Centre. | ||
+ | ** Disable | ||
+ | *'''Link Layer Topology Discovery Mapper I/O Driver''': Used to discover other computers connected to your local network. | ||
+ | ** Disable | ||
+ | *'''Link Layer Topology Responder''': Used to identify your computer to other computers connected to your local network. | ||
+ | ** Disable | ||
*'''Internet Protocol Version 6 (TCP/IPv6)''': A new version of the IPv4 protocol. Unless you are connected to an IPv6 network (most of you are not), you can safely disable this protocol. | *'''Internet Protocol Version 6 (TCP/IPv6)''': A new version of the IPv4 protocol. Unless you are connected to an IPv6 network (most of you are not), you can safely disable this protocol. | ||
** Do not disable | ** Do not disable | ||
*'''Internet Protocol Version 4 (TCP/IPv4)''': Primary network communication protocol. | *'''Internet Protocol Version 4 (TCP/IPv4)''': Primary network communication protocol. | ||
** Do not disable. | ** Do not disable. | ||
+ | |||
+ | ==Services== | ||
+ | |||
+ | Disable the following: | ||
+ | '''DNS client''' (automatic) (caches previously looked up domain names) | ||
+ | '''Family Safety''' (manual) (compatability stub for Vista apps) | ||
+ | '''Function Discovery Provider Host''' (manual) (HomeGroup) | ||
+ | '''Function discovery resource publication''' (manual) (HomeGroup) | ||
+ | '''HomeGroup Listener''' (manual) (HomeGroup) | ||
+ | '''HomeGroup Provider''' (manual) (HomeGroup) | ||
+ | Internet Connection Sharing (disabled) (makes PC act as router) | ||
+ | KtmRm for Distributed Transaction Coordinator (manual) (MS recommends to stop this service if not needed) | ||
+ | Link Layer Topology discovery mapper (manual) (network discovery) | ||
+ | Microsoft iSCSI Initiator Service (manual) (allows LAN or Internet based storage) | ||
+ | Net. TCP port Sharing service (disabled) | ||
+ | Network Access Protection Agent (manual) (reports security configuration) | ||
+ | Network Connected Devices Auto-Setup (manual) (autosetup devices in the network) | ||
+ | Network Connectivity Assistant (manual) (works with DirectAccess to provide setup of network devices. Relies on DNS client, IP Helper, Network Store Interface Service and Base Filtering Engine) | ||
+ | Peer Name Resolution Protocol (manual) | ||
+ | Peer Networking Grouping (manual) (HomeGroup, remote assistance) | ||
+ | Peer Networking Identity Mgr (manual) (HomeGroup, remote assistance) | ||
+ | Performance Counter DLL Host (manual) (allows remote query to performance counters) | ||
+ | Performance Logs & Alerts (manual) (collects remote and local perf data) | ||
+ | PNRP Machine Name Publication Service (manual) (server that responds with a machine name) | ||
+ | |||
+ | |||
+ | |||
===Resources Used=== | ===Resources Used=== | ||
http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html | http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html |
Revision as of 09:59, 3 February 2015
This page contains notes on how to harden Windows 8.1. The intent of these changes to the default OS install is to reduce overall exposure to attack, while still remaining usable for the majority of uses.
In particular, these tips apply to ITAR computers and GTA tablets.
Networking
Control Panel->Network and Sharing Center->Ethernet->Properties
- Client for Microsoft Networks: Used to access other shared resources on your local network running the File and Printer Sharing for Microsoft Networks protocol.
- Do not disable. Required for mapping SMB network drives
- QOS Packet Scheduler: Used to provide traffic management on your network for applications that support the protocol.
- Disable
- File and Printer Sharing for Microsoft Networks: Used to share your printer and files on your computer with other computers on your local network.
- Disable unless sharing folders or printers
- Microsoft Network Adapter Multiplexor Protocol: provides the ability to load balance between two or more network cards.
- Disable
- Microsoft LLDP Protocol Driver: Used to create the network map used in the Network browser and Networking and Sharing Centre.
- Disable
- Link Layer Topology Discovery Mapper I/O Driver: Used to discover other computers connected to your local network.
- Disable
- Link Layer Topology Responder: Used to identify your computer to other computers connected to your local network.
- Disable
- Internet Protocol Version 6 (TCP/IPv6): A new version of the IPv4 protocol. Unless you are connected to an IPv6 network (most of you are not), you can safely disable this protocol.
- Do not disable
- Internet Protocol Version 4 (TCP/IPv4): Primary network communication protocol.
- Do not disable.
Services
Disable the following: DNS client (automatic) (caches previously looked up domain names) Family Safety (manual) (compatability stub for Vista apps) Function Discovery Provider Host (manual) (HomeGroup) Function discovery resource publication (manual) (HomeGroup) HomeGroup Listener (manual) (HomeGroup) HomeGroup Provider (manual) (HomeGroup) Internet Connection Sharing (disabled) (makes PC act as router) KtmRm for Distributed Transaction Coordinator (manual) (MS recommends to stop this service if not needed) Link Layer Topology discovery mapper (manual) (network discovery) Microsoft iSCSI Initiator Service (manual) (allows LAN or Internet based storage) Net. TCP port Sharing service (disabled) Network Access Protection Agent (manual) (reports security configuration) Network Connected Devices Auto-Setup (manual) (autosetup devices in the network) Network Connectivity Assistant (manual) (works with DirectAccess to provide setup of network devices. Relies on DNS client, IP Helper, Network Store Interface Service and Base Filtering Engine) Peer Name Resolution Protocol (manual) Peer Networking Grouping (manual) (HomeGroup, remote assistance) Peer Networking Identity Mgr (manual) (HomeGroup, remote assistance) Performance Counter DLL Host (manual) (allows remote query to performance counters) Performance Logs & Alerts (manual) (collects remote and local perf data) PNRP Machine Name Publication Service (manual) (server that responds with a machine name)
Resources Used
http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html