#114 - One Vendor to Secure Them All

Did you ever wonder how much security you can implement with a single vendor?  We did and were surprised by how much you can do using the Australian Top Eight as a template.  We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there.

Special thanks to our sponsor Praetorian for supporting this episode.

https://www.praetorian.com/

Full Transcripts:

https://docs.google.com/document/d/12HsuOhY9an1QzIw9wOREPMX0pXe5hqkJ

Helpful Links

1. Essential 8 https://www.microsoft.com/en-au/business/topic/security/essential-eight
2. Blocking Macros https://ite8.com.au/the-essential-8/office-macros-explained/ 
3. Windows Defender Application Control or WDAC (available from Windows 10 or Server 2016 or newer) previously Windows had App Locker (Windows 7 / 8)
   • https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager
   • https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
4. Windows Group Policies
   • https://techexpert.tips/windows/gpo-block-website-url-google-chrome/
   • https://chromeenterprise.google/policies/#SafeBrowsingAllowlistDomains 
   • https://data.iana.org/TLD/tlds-alpha-by-domain.txt 
   • Software Restriction Policies http://woshub.com/how-to-block-viruses-and-ransomware-using-software-restriction-policies/
   • Blocking websites URL - only allow (.com, .org, .net, edu, .gov, .mil, and the countries you want).   
   • Locking down Active Directory https://attack.stealthbits.com/tag/active-directory 
5. File Service Resource Management
   • http://woshub.com/using-fsrm-on-windows-file-server-to-prevent-ransomware/
6. Enable MFA for RDP
   • https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-remote-vm-access  
   • https://duo.com/docs/rdp
7. Enable MFA for SSH
   • https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ssh
   • https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux 
8. Windows Controlled Folder Access
   • https://support.microsoft.com/en-us/topic/ransomware-protection-in-windows-security-445039d6-537a-488a-ad53-48906f346363
9. Use Windows File History to create backups to one drive.
   • https://www.ubackup.com/windows-10/file-history-backup-to-onedrive-4348.html
10. Storing your files to One Drive which has ransomware detection
    • https://support.microsoft.com/en-us/office/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f
11. Windows Update
    • Select Start > Settings > Windows Update > Advanced options. Under Active hours, choose to update manually or automatically in Windows 11. 
    • https://support.microsoft.com/en-us/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde 
12. Microsoft Conditional Policies- https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common 
13. Microsoft Authenticator with Number Matching, Geo, & Additional Context
    • https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context 
    • https://websetnet.net/microsoft-rolls-out-new-microsoft-authenticator-features-for-enterprise-users/
14. Application Approve List- https://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/