CyberPatriot Securing Windows 10 Guide

1. Tool Familiarization:

• CRYPTII: Understand how to decode various ciphers (e.g., ROT13, Base64) using CRYPTII, which is helpful for decrypting encoded messages during forensic challenges.
• Hash Generators: Familiarize yourself with MD5 and SHA hash generators for creating and verifying hash values, crucial for verifying file integrity and identifying malware.

1. Task Manager Usage:

• Identifying Processes: Use Task Manager (Ctrl+Shift+Esc) to monitor running processes. Look for unfamiliar or suspicious processes, especially those with high CPU or memory usage.
• Terminating Processes: If suspicious activity is detected, terminate the process and investigate further using forensic tools or antivirus scans.

1. Virus Scans with Windows Defender:

• Manual Scans: Regularly perform full system scans using Windows Defender (Start Menu > Windows Security > Virus & threat protection > Quick scan or Full scan). Ensure definitions are up to date before each scan.
• Quarantine and Removal: Quarantine detected threats and follow up with removal to prevent further infection or compromise.

Check for Updates

1. Manual Update Check:

• Navigating to Settings: Click on the Start Menu and select Settings (gear icon).
• Accessing Windows Update: Go to Update & Security > Windows Update.
• Manual Check: Click on Check for updates to ensure the system is up to date with the latest security patches.
• Restarting Windows Update Service: In cases where automatic updates are disabled or updates fail to install, restart the Windows Update service (services.msc) to resolve issues promptly.

Firewall and Policy

1. Managing Windows Defender Firewall:

• Accessing Firewall Settings: Open Control Panel (Start Menu > Control Panel) and click on Windows Defender Firewall.
• Advanced Settings: Click Advanced settings to configure inbound and outbound rules.
• Rule Management: Create specific rules for necessary applications (e.g., FTP, Telnet) and disable unused rules to reduce the attack surface.
• Monitoring: Regularly review firewall logs (wf.msc) to detect and respond to unauthorized network activity.

Password Policies

1. Configuring Password Requirements:

• Local Group Policy Editor: Open Local Group Policy Editor (Start Menu > type gpedit.msc).
• Navigating to Password Policies: Go to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
• Setting Password Parameters:
  • Password History: Configure to remember 7 passwords to prevent reuse.
  • Maximum Password Age: Set to 99 days for regular password expiration.
  • Minimum Password Age: Ensure passwords cannot be changed more frequently than every 15 days.
  • Minimum Password Length: Set to 10 characters to enforce complexity.
  • Password Complexity: Enable complexity requirements (e.g., include uppercase, lowercase, numbers, special characters).
  • Store Passwords Using Reversible Encryption: Disable for enhanced security.

Account Lockout Policy

1. Preventing Brute-Force Attacks:

• Using Local Group Policy Editor: Navigate to Account Lockout Policy under Account Policies in Security Settings.
• Thresholds and Settings: Set lockout thresholds between 5-10 invalid attempts to prevent automated password guessing.
• Adjust Settings: Configure lockout duration and reset options based on competition guidelines and security best practices.

Audit Policies

1. Enhancing System Monitoring:

• Using Local Group Policy Editor: Navigate to Advanced Audit Policy Configuration under Security Settings.
• Enabling Auditing: Enable auditing for critical events (e.g., logon attempts, file access) to track and respond to security incidents effectively.
• Review and Analysis: Regularly review audit logs (Event Viewer) for anomalies and unauthorized activities, ensuring compliance with competition rules.

User Rights Assignment

1. Securing System Access:

• Local Security Policy: Open Local Security Policy (Start Menu > type secpol.msc).
• Navigating to User Rights Assignment: Go to Local Policies > User Rights Assignment.
• Managing Accounts: Disable guest accounts and rename or disable the default administrator account (Administrator) to mitigate unauthorized access attempts.
• Least Privilege: Ensure user roles (administrator vs. standard user) are assigned based on the principle of least privilege to limit potential damage from compromised accounts.

Security Options

1. Enhancing Authentication Security:

• Local Group Policy Editor: Navigate to Security Options under Local Policies in Security Settings.
• Configuring Interactive Logon: Enable “Interactive logon: Require Ctrl+Alt+Delete” to ensure authentication on genuine Windows logon screens, preventing spoofing or interception of credentials.

Remote Desktop Protocol (RDP)

1. Securing Remote Access:

• Configuring RDP Settings: Open Settings (Start Menu > Settings) and search for Remote Desktop settings.
• Access Control: Enable RDP with strong passwords or disable if not required.
• Firewall Configuration: Configure firewall rules (wf.msc) to restrict RDP access to authorized IP addresses or networks, preventing unauthorized remote access attempts.

User Accounts

1. Managing User Security:

• Control Panel: Open Control Panel (Start Menu > Control Panel) and click on User Accounts.
• User Management: Create and manage user accounts with appropriate roles (e.g., administrator, standard user).
• Password Enforcement: Ensure all user accounts, especially privileged ones, have strong, unique passwords and adhere to defined password policies (as configured in Password Policies).

Windows Defender

1. Ensuring Endpoint Security:

• Windows Security: Open Windows Security (Start Menu > Windows Security).
• Virus & Threat Protection: Navigate to Virus & threat protection.
• Configuration: Keep virus definitions updated and enable real-time protection to detect and respond to malware threats effectively.
• Customization: Configure exclusions as necessary for competition-specific tools or directories to avoid false positives during scans.

Browser (Firefox)

1. Enhancing Web Security:

• Configuring Firefox Settings: Open Mozilla Firefox.
• Accessing Options: Click the menu icon (three horizontal lines) at the top-right corner and select Options.
• Privacy and Security: Enable Do Not Track and Block pop-up windows to enhance privacy and prevent intrusive elements.
• Protection Against Deceptive Content: Enable Deceptive Content Protection to block access to known malicious websites and phishing attempts.

File Sharing and Hidden Files

1. Managing File Visibility and Access:

• File Explorer: Open File Explorer (Start Menu > File Explorer).
• View Settings: Click on the View tab and check Hidden items to show hidden files and folders.
• File Sharing: Disable file sharing for non-essential folders and review shared folder permissions (\computername\c$) to prevent unauthorized access and data leaks.

Media and Suspicious Files

1. Cleaning System Resources:

• File Explorer: Navigate to drives (e.g., C:) to search and remove non-work-related media files (e.g., .mp3, .mp4) and unauthorized software (e.g., gaming applications, peer-to-peer clients).
• Software Management: Uninstall unauthorized software (e.g., Steam, TeamViewer) unless explicitly permitted by competition guidelines to reduce attack surface and potential vulnerabilities.

Additional Tips

1. Regular Updates:

• Software Patching: Keep all software, including operating system and applications, updated with the latest security patches to mitigate known vulnerabilities.
• Monitoring and Response: Actively monitor system logs (Event Viewer) for suspicious activities or anomalies, promptly investigating and responding to potential security incidents.
• Compliance: Refer to CyberPatriot competition guidelines for specific scoring criteria and compliance requirements to ensure adherence to rules and maximize competition performance.

By following these steps and considerations, you can effectively secure Windows 10 environments for CyberPatriot competitions.