█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/End User Device Management/Operating System Security
50 minIntermediate

Operating System Security

After this lesson, you will be able to: Harden Windows and Linux: user accounts, permissions, disabling services.

Hardening = removing default-on attack surface. Disable services you don't need, lock down accounts, configure firewalls. Most malware is stopped here, not by AV.

Prerequisites:What is Endpoint Security?

User account principles

Don't browse the web as admin/root. Create a low-priv user for daily work, separate admin user for installs. UAC on Windows / sudo on Linux makes the prompt friction visible.

Linux hardening basics

Run as root or with sudo:

bash
# Update system
sudo apt update && sudo apt upgrade
# Enable firewall
sudo ufw enable
sudo ufw default deny incoming
# Disable root SSH
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart ssh
# List running services
systemctl list-units --type=service --state=running

💡 Windows hardening basics

Use BitLocker (full disk encryption). Enable Windows Defender with all features. Disable SMBv1. Run `secpol.msc` for security policy editor. Standard user for daily work.

Hardening checklist

  1. 1

    1. Full-disk encryption on.

  2. 2

    2. Auto-updates enabled.

  3. 3

    3. Standard (non-admin) daily user.

  4. 4

    4. Firewall on, default-deny inbound.

  5. 5

    5. Unnecessary services off.

  6. 6

    6. Strong password / passphrase.

  7. 7

    7. MFA on every account that supports it.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←What is Endpoint Security?
Back to End User Device Management
Endpoint Protection Platforms→