Beyond the Basics
Now that the doors are locked, let's install the alarm system and reinforcing bars.
1. Group Policy Objects (GPO)
For Windows environments, GPO is the most powerful tool for enforcing security settings across a fleet of computers.
- Concept: Define a policy once (e.g., "Disable USB drives") and push it to 1,000 computers.
2. Application Whitelisting
Instead of trying to block bad software (Antivirus), simply block everything except what is known to be good.
- Windows: AppLocker.
- Linux: fapolicyd.
3. SSH Hardening
Passwords can be brute-forced. Cryptographic keys are mathematically impossible to guess.
- Action: Disable Password Authentication in
/etc/ssh/sshd_config. - Action: Enforce Key-Based Authentication.
- Action: Disable Root Login over SSH.
🔬 Lab Exercise: SSH Keys
Objective: Log in without a password.
- On your host machine, generate a key pair:
ssh-keygen -t rsa -b 4096. - Copy the public key to your Linux VM:
ssh-copy-id user@vm-ip. - Try to log in. It should not ask for a password!
- Edit the VM's SSH config to disable password auth entirely.