Windows Security Baseline Verification Hardening Assistant-Computer Knowledge-php.cn

Home

Computer Tutorials

Computer Knowledge

Windows Security Baseline Verification Hardening Assistant

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Mar 21, 2024 am 09:11 AM

windowsReinforcementthe software

Windows Security Baseline Verification Hardening Assistant

Originally I wanted to take a look at MBSA (Microsoft
Baseline Security
Analyzer), but found that Microsoft has stopped updating it for a long time. I remember that when I wrote "Network Offensive and Defense Practical Research on Vulnerability Exploitation and Privilege Elevation", I did it alone I have introduced that MBSA is used to check the patching of system vulnerabilities. After searching for the official Microsoft website for a long time, I could not find the software. There are some websites in China that provide downloads of the software. For security reasons, I did not download it locally for testing. I accidentally found a small tool. The Windows security baseline can be checked and reinforced. The original implementation mainly detects the Windows registry values and then reinforces them. Software name WindowsBaselineAssistant, download address https://github.com/DeEpinGh0st/WindowsBaselineAssistant. The software is open source software and can be compiled directly or the compiled program can be downloaded

https://github.com/DeEpinGh0st/WindowsBaselineAssistant/releases/download/v1.2.1

/WindowsBaselineAssistant-v1.2.1.zip.

1. Run WindowsBaselineAssistant

Although it is open source software, three files are extracted after downloading. Please refer to Figure 1. Scanned by Tinder antivirus software, no virus threats were found.

Figure 1 Program File Situation

The software can be run directly under Windows 10, Net
Framework 4.0 and above. Compilation requires some dependencies: SunnyUI 3.6.3, SunnyUI.Common
3.6.3, System.ValueTuple 4.5.0, NPOI 2.5.1, Costura.Fody 4.1.0.

1.Detection rules

If you want to detect the TCP connection threshold for retransmission now

The detection type is to retrieve the registry. The retrieved registry path is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

The detection item is TcpMaxHalfOpenRetried

The standard value is 400

The data type is DWord

When the detection value is less than this value, it is judged to be consistent

is implemented as:

Check the threshold for TCP connections that are in SYN_RCVD state and have been retransmitted at least once
xxxxxx
registry
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTcpipParameters
TcpMaxHalfOpenRetried
400
lessnumber
dword

Run WindowsBaselineAssistant.exe directly, and the running effect is shown in Figure 2.

Figure 2 Main interface of software operation

2. Detection and reinforcement

1. Detect system vulnerabilities

This tool software does not detect system patch repairs, but only detects some settings that may cause attacks, as shown in Figure 3. It is found that there are indeed many problems inside. It mainly depends on the test results. If there are non-conforming items, it will be displayed in red.

Figure 3 Security Test Results

2. Reinforcement

Click Reinforcement and the software will automatically correct the values in the registry. The reinforcement is completed. The author actually tested it and found it convenient.

3.Export results

Click "Export Results", as shown in Figure 4, you will be prompted to export the hardening results to the current directory of the program.

Figure 4 Export reinforcement results

4. View the reinforcement results

Open the "Windows Security Baseline Detection Hardening Results Summary Table-192.168.1.37.xlsx" file, as shown in Figure 5, to view detailed results.

Figure 5 Check the reinforcement results

5. Customized reinforcement rules

The software also provides custom rules, as shown in Figure 6, which detects based on registry values.

Figure 6 Customized reinforcement rules

3. Summary and evaluation

The software only detects some default settings. Through reinforcement, the security of the system can be enhanced to a certain extent. The only drawback is that it cannot view the patches for high-risk system vulnerabilities. Microsoft's MBSA2.3 version can detect patches for Windows systems. Compare and provide repair suggestions.

The above is the detailed content of Windows Security Baseline Verification Hardening Assistant. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:每日运维. If there is any infringement, please contact admin@php.cn delete

Download Hidester VPN/Proxy to Access Your Favorite Content - MiniToolApr 22, 2025 am 12:50 AM

Learn about Hidester VPN and Hidester proxy and download Hidester VPN for Windows, Mac, Android, and iOS to use this VPN service to view websites with no limit. For more useful free computer tools and troubleshooting tips, you may visit php.cn Softwa

Windows Keyboard Opening Shortcuts Instead of Typing [Fixed]Apr 22, 2025 am 12:48 AM

Have you ever encountered the trouble of “Windows keyboard opening shortcuts instead of typing”? In this post from php.cn, you will learn how to fix this issue.

Easy Ways to Add the Control Panel Icon to Desktop on Win 10 / 11Apr 22, 2025 am 12:46 AM

In this post, php.cn Software will introduce what Control Panel is and how to add the Control Panel icon to desktop on your Windows 10 or Windows 11 computer. You can also learn some related information about desktop icon settings.

Granblue Fantasy Relink Save File Location & Backup Save DataApr 22, 2025 am 12:45 AM

If you play Granblue Fantasy: Relink on your PC, you may wonder where you can find its save file. In this post, php.cn introduces everything you want to know - Granblue Fantasy Relink save file location and how to back up the savegame of this game.

How to Fix Event ID 1104: The Security Log Is Now Full? - MiniToolApr 22, 2025 am 12:44 AM

Event Viewer keeps track of activity for better management. However, if the upper limit of the security log is reached, no more events can be logged. In this post on php.cn Website, we will show you how to deal with Event ID 1104 the security log is

Watch: How to Enable Secure Boot on Gigabyte Motherboard?Apr 22, 2025 am 12:43 AM

Secure Boot is a security standard that can prevent your computer from booting with untrustworthy software. Enabling it will add an extra layer of security to your device. In this post from php.cn Website, we will show you how to enable Secure Boot o

Windows 11 23H2 Release Date: September 26, 2023 - MiniToolApr 22, 2025 am 12:42 AM

Coming to a new year, what Windows 11 users are looking forward to are not only the patch updates but also the annual major update for Windows 11. This post will talk about the Windows 11 23H2 release date. In addition, if you want to recover deleted

How to Turn off Bixby on Samsung Phone? See a Guide! - MiniToolApr 22, 2025 am 12:41 AM

Can you completely disable Bixby? How to turn off Bixby on Samsung phones? It is not hard to disable this voice assistant. In this post from php.cn, we will go to any length to help you find the method. Besides, a way to turn off “Hi, Bixby” is also

See all articles