After this lesson, you will be able to: Harden Windows and Linux: user accounts, permissions, disabling services.
Hardening = removing default-on attack surface. Disable services you don't need, lock down accounts, configure firewalls. Most malware is stopped here, not by AV.
Don't browse the web as admin/root. Create a low-priv user for daily work, separate admin user for installs. UAC on Windows / sudo on Linux makes the prompt friction visible.
Run as root or with sudo:
# Update systemsudo apt update && sudo apt upgrade# Enable firewallsudo ufw enablesudo ufw default deny incoming# Disable root SSHsudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_configsudo systemctl restart ssh# List running servicessystemctl list-units --type=service --state=running
1. Full-disk encryption on.
2. Auto-updates enabled.
3. Standard (non-admin) daily user.
4. Firewall on, default-deny inbound.
5. Unnecessary services off.
6. Strong password / passphrase.
7. MFA on every account that supports it.
Sign in and purchase access to unlock this lesson.