1.6 KiB
1.6 KiB
Lab SEC-7: Workstation Hardening Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
Goal
Inspect workstation hardening settings without weakening the system.
Windows Steps
Run:
manage-bde -status
net accounts
net user
net localgroup administrators
services.msc
ms-settings:autoplay
Optional, when ready to test locking:
rundll32.exe user32.dll,LockWorkStation
Record:
- BitLocker status:
- Password expiration/lockout settings:
- Local users:
- Local Administrators group:
- AutoPlay setting:
- One running service to research:
Do not disable services in this lab unless you know the impact.
Linux Steps
Run:
id
sudo -l
systemctl --type=service --state=running
lsblk -f
Record:
- User/group identity:
- Sudo permissions:
- One running service:
- Disk/filesystem info:
Optional macOS Steps
Run:
fdesetup status
id
groups
Record:
- FileVault status:
- User/group identity:
Scenario Matching
Choose the best hardening action:
- A laptop is lost in an airport.
- A shared workstation allows automatic login.
- A router still uses admin/admin.
- USB drives automatically open when inserted.
- A contractor account should stop working next week.
- A user is a local administrator but only needs standard access.
- An unused remote service is listening on the network.
What You Should Learn
- Hardening reduces attack surface.
- Encryption protects data at rest.
- Screen locks protect unattended devices.
- Strong passwords and lockout reduce brute force risk.
- Unused services and default accounts/passwords increase risk.