Technology
Why is Network Switch Hardening Often Neglected?
I examine why network switch hardening is often overlooked, drawing from my real-world field experience. Closing security vulnerabilities...
#hardening
10 posts found.
Technology
BMC (iDRAC/iLO/IPMI) Hardening and Management Segmentation
An operating model for the BMC (iDRAC/iLO/IPMI) attack surface using segmentation, identity, audit, and break-glass to keep it secure and auditable.
Technology
Enterprise DNS Firewall with DNS RPZ: Threat Blocking and Operations
Build a sustainable DNS security control by blocking threat domains via RPZ at the recursive resolver, with proper exception handling and observability.
Tutorials
Linux kdump: Kernel Panic Crash Dump and Triage Runbook
Walks through kdump installation, validation and a sustainable production dump retention flow so you can capture vmcore and triage quickly when a kernel panics.
Tutorials
Local Admin Password Rotation with Windows LAPS (AD/Entra)
Cut down lateral movement risk by automatically rotating local admin passwords across servers and clients; build secure operations on top of delegation and…
Technology
Kubernetes Etcd Encryption at Rest + KMS Design
Protecting Secrets with real cryptography rather than just base64: encryption configuration, KMS integration, and an operational rotation model.
Tutorials
SSH + FIDO2: Phishing-Resistant Admin Access (Practical Runbook)
Hardening admin access with OpenSSH security keys (ed25519-sk) using PIN + touch confirmation, while keeping break-glass scenarios intact.
Technology
Secure Boot + TPM: A Root of Trust for Server Infrastructure
A practical model for making the trust chain from firmware to kernel measurable, without locking operations down in the process.
Tutorials
Hardening Services with systemd Sandboxing (ProtectSystem…
Constrain services into a tighter permission set without changing the application itself: filesystem, capability, syscall, and network limits.
Tutorials
Service-Based Linux Hardening with AppArmor
An AppArmor guide for securing server services through process-level constraints rather than generic hardening.