Skip to content

Instantly share code, notes, and snippets.

View hpaul-osi's full-sized avatar

Harry Paul hpaul-osi

3 followers · 1 following
View GitHub Profile
@hpaul-osi
hpaul-osi / Abstract - Extreme PI System Hardening.txt
Last active July 2, 2021 02:00
Examples from Extreme PI System Hardening at PI World 2018
Extreme PI System Hardening
High value systems warrant hardcore hardening measures. The PI System resides at a critical junction, communicating across strict network boundaries. Under this paradigm, the PI System acts as a 'safe harbor' for data, defending critical systems by reducing the number of users inside the security perimeter while enabling growth in the number of users getting value from OT data. An application can only be as secure as its operating platform, so this session will start from the ground up. We will establish a solid foundation with advanced hardening measures for the Windows operating system that OSIsoft has collected over many years working with the platform, such as security baselines, PowerShell’s Desired State Configuration, and arcane corners of the Windows Advanced Firewall. With the platform locked down, we will explore application hardening measures built within and tailored to the PI System. Emphasis will be on using the latest technology and tools available to embrace agility
@hpaul-osi
hpaul-osi / Examples from S4x18 sponsor talk
Last active June 23, 2020 12:23
Examples from the OSIsoft sponsor talk, Hardcore Windows Hardening, at S4x18.
This gist contains examples from the S4x18 sponsor talk, Hardcore Windows Hardening.
https://s4x18.com/sessions/sponsor-stage-13/
@hpaul-osi
hpaul-osi / EnableVBSFeatures.ps1
Last active December 19, 2017 20:47
DSC Configuration which enables virtualization based security features in Windows Server 2016 via Registry keys.
Configuration EnableVBSFeatures
{
param(
[System.String]
$NodeName = 'localhost'
)
Import-DSCResource -ModuleName 'PSDesiredStateConfiguration'
Node $NodeName
@hpaul-osi
hpaul-osi / EnableWER.ps1
Last active October 4, 2017 19:34
Enable WER
Configuration EnableWER
{
param(
[System.String]
$NodeName = 'localhost',
[System.String]
$DumpFolder = ''
)
@hpaul-osi
hpaul-osi / DisablingServicesOnServer2016wDE.ps1
Created June 11, 2017 01:41
Disable unnecessary services that on Windows Server 2016 Desktop Experience (based on MS Security Blog recommendations)
# Disable extraneous services on Server 2016 Desktop Experience
# https://blogs.technet.microsoft.com/secguide/2017/05/29/guidance-on-disabling-system-services-on-windows-server-2016-with-desktop-experience/
Configuration DisablingServicesOnServer2016wDE
{
param(
[String]$ComputerName = "localhost",
[ValidateSet('ShouldBeDisabledOnly','ShouldBeDisabledAndDefaultOnly','OKToDisable','OKToDisablePrinter','OKToDisableDC')]
[String]$Level = 'OKToDisable'
)
@hpaul-osi
hpaul-osi / StrongCipherSettings.ps1
Last active November 20, 2023 18:14
DSC Configuration to Require Strong Ciphers in Windows
# Tested with Server 2016 and Server 2012 R2, PS 4 and PS 5
Configuration StrongCipherSettings
{
param
(
$ComputerName = "localhost",
# TLS/SSL Security Considerations
# https://technet.microsoft.com/en-us/library/dn786446(v=ws.11).aspx
$schannelProtocols = @{
"PCT 1.0"=$false;