Operating system hardening

Further information on cyber supply chain risk management can be found in the ‘Cyber supply chain risk management’ section of the Guidelines for procurement and outsourcing.

Further information on vendors that have made a pledge to implement Secure by Design and Secure by Default principles and practices can be found on the United States’ Cybersecurity & Infrastructure Security Agency’s Secure by Design Pledge website.

Further information on patching or updating operating systems can be found in the ‘System patching’ section of the Guidelines for system management.

Further information on hardening Microsoft Windows operating systems can be found in ASD’s Hardening Microsoft Windows 10 workstations and Hardening Microsoft Windows 11 workstations publications.

Further information on hardening Microsoft Windows operating systems can also be found in Microsoft’s Windows 11 Security Book and on the Microsoft Security Baselines Blog website.

Further information on hardening Linux workstations and servers can be found in ASD’s Hardening Linux workstations and servers publication.

Further information on exploit protection functionality within Microsoft Windows is available from Microsoft.

Further information on implementing application control can be found in ASD’s Implementing application control publication.

Further information on Microsoft’s recommended application blocklist and vulnerable driver blocklist are available from Microsoft.

Further information on command line process logging is available from Microsoft.

Further information on the use of PowerShell can be found in ASD’s Securing PowerShell in the enterprise publication.

Further information on the use of PowerShell by blue teams is available from Microsoft.

Further information on obtaining greater visibility through PowerShell logging is available from Google.

Further information on independent testing of security products’ ability to detect or prevent various stages of network intrusions is available from MITRE.

Further information on independent testing of antivirus applications is available from AV-Comparatives and AV-TEST.

Further information on the use of removable media can be found in the ‘Media usage’ section of the Guidelines for media.

Further information on event logging can be found in the ‘Event logging and monitoring’ section of the Guidelines for system monitoring.

Further information on security-relevant events to monitor for Apple macOS, Linux and Microsoft Windows operating systems can be found in the following ASD publications:

• Hardening Microsoft Windows 10 workstations
• Hardening Microsoft Windows 11 workstations
• Priority logs for SIEM ingestion: Practitioner guidance
• Windows event logging and forwarding.