Written on 5. January 2024

Enhancing PowerShell Security with the Activation of Constrained Language Mode

In addition to the PowerShell signing method discussed in my previous post, I’d like to introduce another crucial aspect of PowerShell security: the “Constrained Language Mode”. This mode is a powerful security feature in PowerShell that limits the language elements available to scripts, reducing the surface area for attacks.

What is Constrained Language Mode?

Constrained Language Mode restricts PowerShell to a subset of its language features, disabling potentially dangerous operations. This mode is especially useful in environments where security is paramount and the risk of script-based attacks is high.

Read more…
Written on 17. December 2023

Powershell Signing

In the realm of Windows domain security, ensuring the execution of only signed PowerShell scripts is a crucial aspect of maintaining a robust defense against unauthorized code. With the proliferation of scripts either written in-house or generated by AI tools, it’s increasingly important to have a mechanism that verifies the authenticity and integrity of these scripts. Signing your PowerShell scripts, and configuring a Group Policy to allow only signed scripts to run, plays a vital role in safeguarding your IT environment. In this step-by-step guide, we will walk through the process of creating a suitable certificate, signing a PowerShell script, verifying its signature, and setting up a Group Policy Object (GPO) to enforce the execution of only signed scripts across all clients and servers.

Read more…
Written on 17. December 2023

Move FSMO Roles and demote old Domain Controller

In the dynamic world of my IT environment, a pivotal change was due. An old domain controller, running on Windows Server 2012, needed to be demoted and removed from the domain. This task required a meticulous approach, beginning with the transfer of FSMO roles to a newer server, followed by the decommissioning of the old one. Here’s a walkthrough of how I tackled this challenge.

Read more…
Written on 5. November 2023

How to Update VMware ESXi 8.x

In my private setup, I use VMware ESXi 8.x and find it essential to keep my system updated regularly. These updates not only introduce new features but also address potential vulnerabilities. In this guide, I’ll share my personal approach to updating my ESXi 8 server. Please note that this is based on my individual experience and is not intended as a recommendation or guarantee for businesses or professional environments.

Read more…
Written on 1. August 2023

Basic Security on Debian Server

One of my favorite server systems is Debian. After installing a Debian server system, there are a few security measures I always take as a first step.

Before we dive in, I want to make it clear that this article is not meant to be an exhaustive guide to Debian server security. These are just the initial steps I take to secure a new Debian server. Security is a vast and complex field, and it’s crucial to continually learn, adapt, and fortify your systems as best as you can. With that said, let’s get started!

Install Uncomplicated Firewall (ufw)

Uncomplicated Firewall, or ufw, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

Read more…