Objective:

To simulate a security maturity assessment and improvement process in a home lab environment using the ASD Essential 8 and CIS Benchmarks across a small-scale hybrid infrastructure of cloud services and on-premises systems.

Environment:

  • Windows Server (Active Directory Domain Controller)
  • Windows 11 Workstation VM
  • Ubuntu Linux VM
  • Microsoft 365 Developer Tenant
  • Azure subscription (limited resources)
  • AWS free tier resources

Project Activities:

  • Performed a gap analysis against the ASD Essential 8 Maturity Model in my home lab environment, assessing the current maturity level for each control area:

    • Application Control: Configured AppLocker policies on Windows VMs

    • Patch Applications: Established manual patching processes for installed applications (Firefox, 7-Zip, Notepad++, Adobe Reader)

    • Configure Microsoft Office Macros: Implemented restrictive macro settings in Microsoft 365 apps

    • User Application Hardening: Disabled unnecessary features in browsers and applications

    • Restrict Administrative Privileges: Created tiered admin accounts with appropriate permissions

    • Patch Operating Systems: Implemented regular OS update schedule for all VMs

    • Multi-Factor Authentication: Configured MFA for Azure/Microsoft 365 accounts

    • Regular Backups: Established backup routines for critical configurations

  • Conducted CIS Benchmark assessments on my lab components:

    • CIS Microsoft 365 Foundations Benchmark v4.0 Level 1

    • CIS Microsoft Windows Server 2022 Benchmark

    • CIS Microsoft Windows 11 Benchmark

    • CIS Ubuntu Linux 20.04 LTS Benchmark

  • Created a baseline security profile for my home lab environment, documenting the current state of security controls and identifying key exposures (e.g., default configurations, unnecessary services, weak password policies).

  • Developed a prioritized remediation plan for my home lab, focusing on:

    • Critical security misconfigurations in Active Directory

    • Hardening Windows and Linux VMs

    • Implementing security best practices in Microsoft 365

    • Securing network communications between components

  • Implemented security improvements across the lab environment:

    • Hardened Active Directory configurations (LDAP signing, Kerberos settings)

    • Applied CIS-recommended settings to Windows and Linux VMs

    • Configured Microsoft 365 security features (data loss prevention, anti-phishing)

    • Enabled enhanced logging and monitoring

  • Tracked security posture improvements using:

    • Microsoft Secure Score for Microsoft 365 tenant (improved from 50% to 75%)

    • CIS-CAT Lite tool to measure benchmark compliance

  • Documented the entire process to create a repeatable methodology for security posture assessment and improvement that could be applied in professional environments.

Key Skills Practised:

  • Security framework implementation (ASD Essential 8, CIS Benchmarks)
  • Security posture assessment and gap analysis
  • Remediation planning and prioritization
  • Security hardening across multiple platforms
  • Security metrics and compliance measurement