Device Auditing and Hardening
The best way to understand what device hardening and how to do it, is to follow CIS Benchmarks. This organization has developed standards for hardening different operating systems and applications to a proper level in an enterprise environment. Not only do they have step by step walk-troughs of what to look for and how to do it, they also have scripts that can check and even automate the hardening for you. As a security analyst of any level or specialty, learning the available configuration based vulnerabilities of the platforms you work with on a daily basis, is one of the most valuable things you can do to improve you skillset.
​AuditScripts is another great set of tools that can perform configuration hardening audits based on different requirements, including the choice of those defined by CIS.

Security Auditing Tools

  • Auditing toolkits
    • ​Lynis (Linux Security Auditing) - Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself.
    • ​Seatbelt (Windows Security Auditing) - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
    • ​BTPS: Blue team Powershell Toolkit - A collection of PowerShell tools that can be utilized to protect defend an environment based Microsoft's recommendations.
  • ​Bloodhound Enterprise - Enterprise grade attack path management solution
  • ​Purple Knight - An enterprise grade Active Directory Defense solution with AD mapping, security reports, security indicators and remediation guides.
  • ​debsums - Utility for checking installed debian packages and comparing that hashes against a list of known good ones. Handy to run every once
  • ​PSPKIAudit - PowerShell toolkit for auditing Active Directory Certificate Services (AD CS).

Hardening Tools


Apache Web Server

Hardening Resources

AD hardening

Certificate Pinning

Email Defense Hardening

Hardening Commands

Note: These may inadvertently break communication of devices and should be tested. It may also require a restart.