https://me.harvester.fr/tags/hardening/HardeningHugoBlox Kit (https://hugoblox.com)en-usMon, 20 May 2024 00:00:00 +0000https://me.harvester.fr/media/icon_hu_59c72f5082cfcb9b.pnghttps://me.harvester.fr/tags/hardening/https://me.harvester.fr/project/ad-hardening/Mon, 20 May 2024 00:00:00 +0000https://me.harvester.fr/project/ad-hardening/<p><strong>ad-hardening</strong> is a comprehensive guidebook and reference repository dedicated to securing and hardening Active Directory (AD) environments in air-gapped, isolated networks. While physical isolation eliminates many remote threats, it places a heavier security premium on internal access control, endpoint hygiene, and physical media management.</p> <p>This project outlines step-by-step guidance, configurations, and templates to establish a resilient security posture inside sensitive, non-internet-connected directory environments.</p> <h3 id="core-hardening-pillars">Core Hardening Pillars</h3> <ul> <li><strong>Tiered Administrative Model:</strong> Isolating Tier 0 (Domain Controllers/Admins) credentials from Tier 1 (Servers) and Tier 2 (Workstations) to eliminate lateral escalation risks.</li> <li><strong>Offline Authentication &amp; MFA:</strong> Strategies for deploying local, offline-capable multi-factor authentication without internet-based validation services.</li> <li><strong>Service Account Securing:</strong> transitioning legacy service accounts to Group Managed Service Accounts (gMSAs) to enforce automatic password rotation.</li> <li><strong>Audit &amp; Event Analysis:</strong> Configuration templates for offline Windows Event Forwarding (WEF) and local security log auditing.</li> <li><strong>Removable Media Control:</strong> Hardening USB and other removable hardware access policies via Group Policy Objects (GPOs) to combat sneakernet malware propagation vectors.</li> </ul>