Category: Security

Virtual Machines are specialized software that allows someone to run a computer inside of another computer. These are especially useful for things like testing environments. They allow us to test code on a simulated environment before pushing it to production and breaking our environment, they allow researchers to see how malware will affect a machine in a safe way without doing harm harming their own environment, practice ethical hacking legally, among many other uses.

Kali Linux is a OS used for penetration testing (ethical hacking), this is one of, if not the most popular, OS used for pen testing. It comes with preinstalled tools to do all different kinds of hacking, from web apps, networks, and wireless.

You can learn more about Kali here.

VirtualBox

Open a browser and navigate to https://www.virtualbox.org/wiki/Downloads.

Select which operating system you want to use, download and install.

Kali Linux

Next, Open a browser and navigate to https://www.kali.org/get-kali/#kali-platforms.

You’ll want to select the Virtual Machines Box:

Next you’ll want to select the type of virtualization software you are using (this will also depend on what kind of OS your using) I’m using virtualbox. Select yours and download it.

After its downloaded Open virtual box and select New.

You’ll be greeted with a window that looks like this:

Name yours  whatever you like, I just chose Kali

Keep your VM folder in the default path unless you want it somewhere else.

Skip ISO image.

Skip OS edition.

Under OS select Linux.            

Under OS Distribution Select Debian.

OS Version is Debian 64 bit (If your not sure which version to use go to your search bar on Windows and type in system information, next to System Type you’ll see your architecture type).

Next Skip down to Specify virtual hard disk

Select Use an Existing Virtual Hard Disk File, Select the Folder with the Green arrow

A new Window will pop up.

Select Add.

Under Not Attached you should see kali-linux-YourVersion-virtualbox-amd64.vdi.

Select it (You’ll see a small blue bar to the left indicating your choice) then go to the bottom and hit Choose. (My image shows it in the attached section because I already did this step).

Once that is done select Finish on the bottom right of your ‘New Virtual Machine’ window.  You should now see a new machine populated on the left side of your Virtualbox Manger, under whatever you named it.

Before you Start it, right click on the machine and go to settings > Display > Video Memory and turn it all the way to the right (128MB) (This is to help it become full screen).

Next hit start and wait for the machine to start, you’ll be greeted with a login window. The default startup login credentials are kali:kali.

A security baseline is a recommendation of configured settings applied to every end-point, device, network, in effort to increase its protection. It’s likely that every organization will have their own way of hardening their networks and end points based off their needs, but many also follow a standard guide such as Microsoft’s security baseline guide or NIST.

I know there is much more in depth ways to harden an endpoint, but this is for POC, and showcasing a beginners way applying the most basic protections for a Windows 11 environment for a new machine and/or new user.

This beginner baseline guide will show how to:

• Enable Automatic Windows Updates (for the most up-to-date security updates)
• Verify Windows Defender is Enabled (anti-virus threat protection)
• Enable Windows Firewall (we want to block bad incoming traffic and enable good outgoing)
• Set a lock Screen Policy (for personal security hygiene)
• Remove Local Admin (Least Privilege)
• Enable BitLocker (For data encryption at rest)
• Enable SmartScreen (helps prevent phishing attempts, malicious sites, and malicious software)

Enabling Automatic Windows Updates

Go to Settings > Windows Updates

Check for immediate updates, if any are available apply them and restart

Next go to advanced options and turn on automatic updates:

Ensuring Windows Defender is Enabled

Go to Windows Security > Virus and Threat Protection

• Real-time protection = ON
• Cloud protection = ON
• Tamper protection = ON

Enable Windows Firewall

Go to Windows Security > Firewall and Network Protection

• Domain Network = ON
• Private Network = ON
• Public Network = ON

Setting a Lock Screen Policy

Go to Settings > Accounts > Sign-In Options

• Under ‘Additional Settings’ select ‘When PC wakes from sleep’

Next, go to Settings > System > Power

• Screen, sleep, and hibernation timeouts
• Select Turn off my screen after = 5 minutes
• Select Make my device sleep = 10 minutes

Remove Local Admin (least privilege)

Go to Computer Management > Local Users > Groups > Administrators

• Remove any user that is not Administrator

Enable BitLocker (Windows Pro, Server, or Enterprise editions only)

Go to Control Panel > System and Security > BitLocker Drive Encryption

• Be sure to save the Recovery Key in a safe place!

Enable SmartScreen

Go to Windows Security > App and Browser Control

• Enable Smartscreen for Apps
• SmartScreen for Edge

Recap

We learned how to enable protections on our Windows 11 endpoints to help make them a little less vulnerable than they otherwise would be without these basic protections applied. We hardened an endpoint via:

• Applying automatic patching, ensuring we have the most up-to-date security updates.
• Made sure our anti-virus was enabled, helping us prevent signature-based viruses getting on to our machine.
• Enabled our firewall, while only the default settings are enabled for now, this is certainly better then having no protection at all.
• We set up a lock screen policy, practicing good security hygiene.
• We applied the principle of least privilege by removing any local users who had admin access, we can give that access on as-needed basis.
• BitLocker was enabled, ensuring data is protected via encryption.
• Lastly, we enabled a feature within Windows called SmartScreen, an added protection against untrusted apps.