Windows Cyber Security – STIGs for Beginners

Written by Paul Hill on February 1, 2022

Paul Hill is the founder of and IT instructor to over 500,000 students online!

This tutorial will show you how you can get started learning the technical side of Cyber Security for Windows environments. This tutorial is going to show you how to use STIGs (Security Technical Implementation Guides) to identify low, medium and high vulnerabilities and patch them in your Windows Environments.

What is a STIG?

A STIG is a checklist of known vulnerabilities for a given technology. It tells you what vulnerabilities your service has and how you can fix them. You can use free websites like to see the list of STIGs available to you. In this lesson we are going to look at the Windows 10 STIG:

image 1
Windows 10 STIG

Click here for the direct link to the Windows 10 STIG

Lab Environment

For this post, we will be using the Server Academy IT labs. Specifically, the Active Directory Users & Computers IT lab:

image 2
Active Directory Users and Computers IT lab

This lab requires a full access membership which you can get here if you don’t already have one. Alternatively you can setup your own lab on Hyper-V or VirtualBox, Install Windows Server 2016 (or whatever year you prefer) and the AD DS server role. Finally install Windows 10 as a client computer and join it to your domain.

Understanding the STIG Overview

At the top of the page you will see an overview. This shows the CAT Is (ones), CAT IIs (twos) and CAT IIIs (threes):

  • CAT I – Severe vulnerabilities
  • CAT II – Medium vulnerabilities
  • CAT III – Low vulnerabilities
image 3
STIG Overview

You can download this list under the downloads section. Most of the time you will have a vulnerability scanner that can automatically check your computer systems to see which of these vulnerabilities you need to fix – but if you don’t you will want to download the Excel (csv) file so you can track your progress through the STIG.

STIG Findings

Below the STIG overview you will see the list of findings sorted by category (starting with CAT Is):

image 4
STIG Findings

In the real world, you will want to use the spreadsheet (or scanning software) to document each finding and either it has been fixed or why it cannot be fixed. Sometimes you cannot fix a finding / vulnerability if it will break your network.

Let’s look at the first example: V-220708 titled Local volumes must be formatted using NTFS. Imagine you have hardware or software that is not compatible with NTFS – you would not be able to complete the fix text which is to format the volume with NTFS because it would break your network. In this case you would document why you cannot fix it.

STIGs are an excellent way to become more proficient with IT admin tools like Group Policy, Active Directory and they will increase your overall knowledge of your computer systems because it will have you configuring settings you have never seen before. Use them as a learning tool!

Let’s fix a finding!

Let’s fix V-229832 titled “Anonymous access to Named Pipes and Shares must be restricted.” Under the description we can see that if we don’t fix this that this provides the potential for unauthorized system access. Not good!

image 6
Unauthorized System Access

Under the fix text, we see that this is fixed by configuring Group Policy.

image 7
STIG Fix Text

In our lab, on the domain controller we need to create a new GPO or use an existing GPO if you prefer:

image 8

Navigate to the specify GPO path and right-click the setting and select Properties:

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> “Network access: Restrict anonymous access to Named Pipes and Shares”

image 9
Network access: Restrict anonymous access to Named Pipes and Shares

Enable the setting and click OK:

image 11
Enable GPO setting

Now let’s switch over to your Windows 10 Computer. If you’re using the Server Academy IT labs, then just click the Windows 10 computer in the Resources tab:

image 15
image 15

Hit start, then search for and open CMD. Once it loads, run gpupdate /force. This will grab the newly configured Group Policy from our Domain Controller.

image 12
GPUpdate /force

Next we can confirm that the setting was applied by opening RSOP.msc:

image 13

Now we can browse to the setting we configured in Group Policy and make sure that it is applied on our Windows 10 computer:

image 14

And that’s it! This finding is now resolved on our computer. If we were using vulnerability scanning software it would now report that this is no longer an open vulnerability.

Get the "Intro to IT" ebook FREE!

The ebook covers IT basics and will help you get started with building your IT career.  Enter your email below and we'll send you this powerful ebook along with other useful IT tips!

Table of Contents
    Add a header to begin generating the table of contents

    Sign up free and start learning today!

    Practice on REAL servers, learn from our video lessons, interact with the Server Academy community!