TLDR: Too Long Didn’t Read

Windows Client Hardening Tips

• Use DNS services that filter know malicious domain names. QUAD9.net is a good provider of this service. To protect an entire organization, Cisco Umbrella has one of the best-paid DNS filtering services available. Cisco Umbrella offers logging and fine-grained controls over more than malicious domains. With Cisco Umbrella an administrator can control access to any type of content category, like social media, 3rd-party web email, and much more.

• Disable able Microsoft Office programs from running macros. There has been a new focus on tricking Users into opening documents with malicious code embedded in them. Add registry key that will force macros to be disabled.

• Set uncommonly used executable files to open by default in Notepad. This can help prevent unintentionally clicking on and running a file that contains malware.