Week 1: System Hardening Basics

Path: Defensive Operations | Module: 1 of 6

Locking the Doors

Default configurations are designed for usability, not security. "Hardening" is the process of securing a system by reducing its surface of vulnerability.

1. Updates & Patch Management

The single most effective security control. Most attacks exploit vulnerabilities that have already been fixed by vendors.

  • Action: Enable automatic updates for OS and Applications.
  • Concept: "Zero-Day" vs "N-Day" vulnerabilities.

2. Service Reduction

If you don't need it, turn it off. Every running service is a potential entry point.

  • Windows: Disable services like "Remote Registry" or "Print Spooler" (if not printing).
  • Linux: Use systemctl disable [service].

3. Host-Based Firewalls

A network firewall protects the perimeter; a host firewall protects the device itself.

  • Windows: Windows Defender Firewall. Block incoming connections by default.
  • Linux: ufw (Uncomplicated Firewall) or iptables. Example: ufw allow ssh then ufw enable.

🔬 Lab Exercise: CIS Benchmarks

Objective: Audit a system against industry standards.

  1. Search for "CIS Benchmark for Ubuntu" or "Windows 10".
  2. Download the PDF (or view a summary).
  3. Pick 5 recommendations (e.g., "Ensure password complexity is configured").
  4. Check if your VM meets these standards. If not, fix it!
Back to Syllabus Next: Advanced Hardening →