Windows Cyber Security – STIGs for Beginners

Paul Hill

February 1, 2022

This tutorial will show you how you can get started learning the technical side of Cyber Security for Windows environments. This tutorial is going to show you how to use STIGs (Security Technical Implementation Guides) to identify low, medium and high vulnerabilities and patch them in your Windows Environments.

What is a STIG?

A STIG is a checklist of known vulnerabilities for a given technology. It tells you what vulnerabilities your service has and how you can fix them. You can use free websites like stigviewer.com/stigs to see the list of STIGs available to you. In this lesson we are going to look at the Windows 10 STIG:

image 1
Windows 10 STIG

Click here for the direct link to the Windows 10 STIG

Lab Environment

For this post, we will be using the Server Academy IT labs. Specifically, the Active Directory Users & Computers IT lab:

image 2
Active Directory Users and Computers IT lab

This lab requires a full access membership which you can get here if you don’t already have one. Alternatively you can setup your own lab on Hyper-V or VirtualBox, Install Windows Server 2016 (or whatever year you prefer) and the AD DS server role. Finally install Windows 10 as a client computer and join it to your domain.

Understanding the STIG Overview

At the top of the page you will see an overview. This shows the CAT Is (ones), CAT IIs (twos) and CAT IIIs (threes):

  • CAT I – Severe vulnerabilities
  • CAT II – Medium vulnerabilities
  • CAT III – Low vulnerabilities
image 3
STIG Overview

You can download this list under the downloads section. Most of the time you will have a vulnerability scanner that can automatically check your computer systems to see which of these vulnerabilities you need to fix – but if you don’t you will want to download the Excel (csv) file so you can track your progress through the STIG.

STIG Findings

Below the STIG overview you will see the list of findings sorted by category (starting with CAT Is):

image 4
STIG Findings

In the real world, you will want to use the spreadsheet (or scanning software) to document each finding and either it has been fixed or why it cannot be fixed. Sometimes you cannot fix a finding / vulnerability if it will break your network.

Let’s look at the first example: V-220708 titled Local volumes must be formatted using NTFS. Imagine you have hardware or software that is not compatible with NTFS – you would not be able to complete the fix text which is to format the volume with NTFS because it would break your network. In this case you would document why you cannot fix it.

STIGs are an excellent way to become more proficient with IT admin tools like Group Policy, Active Directory and they will increase your overall knowledge of your computer systems because it will have you configuring settings you have never seen before. Use them as a learning tool!

Let’s fix a finding!

Let’s fix V-229832 titled “Anonymous access to Named Pipes and Shares must be restricted.” Under the description we can see that if we don’t fix this that this provides the potential for unauthorized system access. Not good!

image 6
Unauthorized System Access

Under the fix text, we see that this is fixed by configuring Group Policy.

image 7
STIG Fix Text

In our lab, on the domain controller we need to create a new GPO or use an existing GPO if you prefer:

image 8

Navigate to the specify GPO path and right-click the setting and select Properties:

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> “Network access: Restrict anonymous access to Named Pipes and Shares”

image 9
Network access: Restrict anonymous access to Named Pipes and Shares

Enable the setting and click OK:

image 11
Enable GPO setting

Now let’s switch over to your Windows 10 Computer. If you’re using the Server Academy IT labs, then just click the Windows 10 computer in the Resources tab:

image 15
image 15

Hit start, then search for and open CMD. Once it loads, run gpupdate /force. This will grab the newly configured Group Policy from our Domain Controller.

image 12
GPUpdate /force

Next we can confirm that the setting was applied by opening RSOP.msc:

image 13
RSOP.msc

Now we can browse to the setting we configured in Group Policy and make sure that it is applied on our Windows 10 computer:

image 14
RSOP.msc

And that’s it! This finding is now resolved on our computer. If we were using vulnerability scanning software it would now report that this is no longer an open vulnerability.

Blogpostctadesktop

Sign up free and start learning today!

Practice on REAL servers, learn from our video lessons, interact with the Server Academy community!

More from our blog

How to Become a Hacker

By Paul Hill | October 15, 2022

Becoming a hacker can be an exciting and rewarding six-figure job. Any product that uses digital technology is a potential target to be hacked – that means not just computers and phones but also your car, thermostats, garage door openers, smart coffee machines, and any other smart home device. That is why ethical/white hat hackers…

System Administrator Salary in 2022

By Ricardo P | August 27, 2022

Before deciding to become a System Administrator full-time, you might ask yourself, what is the system administrator salary and what can you expect? And, it is reasonable to research if becoming a System Administrator full-time will be a lucrative career. But the answer is that it all depends on your education, certifications, skills, location, and…

How to Easily Automate Tasks with PowerShell

By Ricardo P | July 1, 2022

You might know PowerShell as the improved command prompt version of Microsoft Windows, but PowerShell is more than that. It is also a scripting language that can be used for automation, and in this article we’ll show you how to automate tasks with PowerShell.

Assign License to a User using Licensing Group

By Jefferd Facundo | March 13, 2022

In this lesson, we will go through the steps on how to add user(s) to a licensing group in your Microsoft 365 tenant. Step 1: Access Microsoft Admin Center to manage the user’s license. On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email…

Running Message Trace in Exchange Admin Center

By Jefferd Facundo | February 5, 2022

In this tutorial, you will learn how to run a message trace using Exchange Admin Center to track any messages that was not delivered correctly or simply getting the status of the message sent or supposed to be received by the user(s). Step 1. Log in to Exchange Admin Center for Exchange Online. On your…

How to Create a Licensing Group in Microsoft 365 Tenant

By Jefferd Facundo | February 4, 2022

In this lesson, we will go through the steps on how to Create a Licensing Group in your Microsoft 365 tenant. Step 1: Access Azure Active Directory On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email format and then enter your password on…

Creating Mail Flow Rules

By Jefferd Facundo | January 19, 2022

In the lesson you will access the Exchange Admin Center for Exchange Online and create a mail flow rule that checks for sensitive information in emails sent from inside your organization. Step 1. Log in to Exchange Admin Center for Exchange Online. On your browser, login to Microsoft 365 Admin Portal via https://admin.microsoft.com On the…

How to run SQL Commands from PowerShell

By Paul Hill | July 23, 2021

If you want to run SQL commands from your PowerShell terminal you can do so by simply installing the SQLServer module with the command below: You will be prompted to install from an untrusted source. Type “A” to accept and install the module. Once it is complete you can see all the new commands you…

Adding Multiple Cloud Users to Microsoft 365 tenant.

By Jefferd Facundo | July 18, 2021

In this lesson, you will learn how to import multiple cloud users to your Microsoft 365 tenant. If you want to learn about getting started with Microsoft 365, click here. Step 1. Create your users’ information into CSV file using the given template in your tenant. On your browser, login to Microsoft 365 Admin Portal…

How to enable Advanced Features in Active Directory

By Paul Hill | June 29, 2021

Active Directory includes an Advanced Features view that will allow you to access several items that are hidden by default. This tutorial will show you how you can enable the Advanced Features view within Active Directory Users and Computers. Step 1. Start Server Manager Click the Windows button and select Server Manager: Step 2. Start…