Toggle Side Panel
Close search
Lesson 1 of 0
In Progress

Practical Lab – OS Hardening

Lab 1: Windows 10/11 Hardening 

Tasks: 

User Accounts 

    • Create a new Standard user account. 
    • Disable the Guest account.
    • Remove unused admin accounts.

Password Policy (via secpol.msc or gpedit.msc)

    • Set the minimum password length to 10.
    • Enforce password history (5 passwords).
    • Enable account lockout after 5 failed attempts.

UAC Configuration 

    • Set UAC to the highest setting. 

Disable Unused Services 

    • Open services.msc
    • Disable services like Remote Registry and Xbox Services.

Windows Firewall & Defender 

    • Ensure the firewall is enabled for all network profiles.
    • Scan the system using Windows Defender.

Enable BitLocker (if supported) 

    • Encrypt the system drive using BitLocker. 

Expected Outcome: 

  • Hardened user access policies. 
  • Fewer running services. 
  • Firewall and Defender are actively protecting the system. 

Lab 2: Kali Linux Hardening (Debian-based) 

Tasks: 

  1. Disable Root Login Over SSH 
    • Edit /etc/ssh/sshd_config:
    • nginx
    • CopyEdit
    • PermitRootLogin no
    • Restart SSH: sudo systemctl restart ssh
  1. Create a Non-root User with sudo Access 
    • bash
    • CopyEdit
    • sudo adduser student
    • sudo usermod -aG sudo student
  1. File Permission Practice
    Create a file and change its permissions:
    • bash
    • CopyEdit
    • touch secure.txt
    • chmod 600 secure.txt
    • chown student:student secure.txt
  1. Install and Configure fail2ban 
    • bash
    • CopyEdit
    • sudo apt install fail2ban
    • sudo systemctl enable fail2ban –now
  1. Check and Harden Running Services 
    • Run: sudo netstat -tulpn
    • Stop/disable unnecessary services:
    • bash
    • CopyEdit
    • sudo systemctl stop apache2
    • sudo systemctl disable apache2 

Expected Outcome: 

  • SSH access secured. 
  • Root usage minimized. 
  • File ownership and access rights are correct. 
  • Intrusion prevention enabled (fail2ban). 

Lab 3: macOS Hardening 

Tasks: 

  1. Create a Standard User Account 
    •  Go to: System Settings > Users & Groups > Add User. o Select “Standard” instead of “Admin”. 
  1. Enable FileVault Encryption 
    • System Settings > Privacy & Security > FileVault > Turn On.

     3. Gatekeeper Settings 

Terminal:

    • bash
    • CopyEdit
    • spctl –status
    • sudo spctl –master-enable
    • Only allow apps from the App Store or verified developers. 
  1. Disable Automatic Login 
    • System Settings > Users & Groups > Login Options > Disable Auto-login.

      5. Enable Firewall 

    • System Settings > Network > Firewall > Turn On. 
  1. Audit Startup Items 
    • Go to System Settings > General > Login Items.
    • Remove anything unnecessary or suspicious. 

Expected Outcome: 

  • Encrypted file system. 
  • App execution limited to verified sources. 
  • Auto-login and other insecure defaults disabled. 

Optional Worksheet for All Labs 

Ask students to fill out: 

  • What services did you disable? 
  • What security setting surprised you most?
  •  How would you apply this knowledge to a real workplace?

You cannot copy content of this page

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .