macos_security
windows_hardening
macos_security | windows_hardening | |
---|---|---|
18 | 14 | |
1,565 | 2,167 | |
2.5% | - | |
9.1 | 7.3 | |
about 19 hours ago | 7 days ago | |
YAML | PowerShell | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macos_security
- Windows Security Compliance project
-
FIPS 140 and MacOS
For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)
-
Nist controls and acceptable artifacts and evidence. Does anyone have a controls spreadsheet that lists all 800-53 controls and evidence required to satisfy that control?
https://github.com/usnistgov/macos_security - for macOS this would help.
-
Need reporting about device CIS compliance
I’d highly recommend checking out the usnistgov/macos_security on GitHub. You can generate a benchmark and then feed the output into extension attributes to trigger policies on.
- CIS Benchmark deployment approach
-
Could use some advice on my career change
Study about cybersecurity, or how to harden a macOS fleet against published security frameworks.
-
Enrolling devices in ABM/Mosyle
Weigh the pros and cons about having your end-users be standard users or admins on their Macs. If they are already admins (probably), consider the political blowback if you take away their admin rights and flexibility and autonomy they've become used to. Conversely, consider the security posture of your organization. If it has to adhere to some well-known guides (like 800-171 o 800-53r5), then you may not be able to allow end-users to be admins. Take a look at the macOS Security Compliance Project.
-
Here's a recap of the top-voted webinar: How to Harden Macs!
NIST Compliance Benchmarks: github.com/usnistgov/macos_security
- Hardening macOS
-
Disabling Bonjour on monterey
Like OP, I'm trying to disable both bonjour and netbios. I'm using this script: https://github.com/usnistgov/macos_security/blob/main/includes/enablePF-mscp.sh
windows_hardening
-
Enabling Services on Windows 10 to Improve System Security
You can try this tool, or some other similar tool. It hardens Windows 10 using the latest guidelines from several organisations. Of course you need to be careful doing this, it can very easily ruin your Windows installation.
-
Any firewall has a solution to this 2020 problem?
Endpoint-based prevention: Harden endpoints, including browser settings (https://www.cisa.gov/uscert/publications/securing-your-web-browser; https://stigviewer.com/stig/google_chrome_browser/) and software firewall including ingress and egress rules (https://www.stigviewer.com/stig/microsoft_windows_firewall_with_advanced_security/2021-10-15/). If you're primarily worried about Windows endpoints, take a look at Hardening Kitty and the solid STIG-based Windows Firewall list (https://github.com/0x6d69636b/windows_hardening/blob/master/lists/finding_list_dod_windows_firewall_stig_v1r7.csv) for some relatively easy wins.
- CIS Benchmark deployment approach
- Moved my All-in-one pentest lab from a 2u case to a sub 4L sff case
- Windows hardening (10 and 11)
-
How can I batch convert H264 to H265 this command on Window?
#1: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #2: For those that work in IT Admin, what are the key Powershell Commands that every admin should know? #3: I wrote the mother-of-all onboarding scripts and now everyone blames me for everything...
-
Securing domain users pc's via Windows policy
The above documents mandate a lot of testing and analysis, together with potential design decisions you are not in a position to make; still - you should dedicate the time to do it "properly" from the beginning. Anyhow, in case you are a renegade daredevil - HardeningKitty to the rescue https://github.com/0x6d69636b/windows_hardening =]
-
Automation Query - WinZip
#1: /u/betterthangoku has passed away #2: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #3: For those that work in IT Admin, what are the key Powershell Commands that every admin should know?
- "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." (/r/PowerShell)
- "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list."
What are some alternatives?
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
Installomator - Installation script to deploy standard software on Macs
awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
CIS-macOS-Security
Audit-Test-Automation - The Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.
heimdall2 - Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
Hard_Configurator - GUI to Manage Software Restriction Policies and harden Windows Home OS
CIS-for-macOS-BigSur-Intel-M1 - CIS Benchmarks for macOS Big Sur
OpenMediaVault - openmediavault is the next generation network attached storage (NAS) solution based on Debian Linux. Thanks to the modular design of the framework it can be enhanced via plugins. openmediavault is primarily designed to be used in home environments or small home offices.
TheMacHardeningScripts - Scripts to secure and harden Mac OS X
microsoft-windows-10-stig-baseline - InSpec profile for Microsoft Windows 10, against DISA's Microsoft Windows 10 Security Technical Implementation Guide (STIG) Version 1, Release 19