Hardening

Hardening is prevention — the work done so fewer things can go wrong in the first place. Firewalls and the edge router (see Software › OPNsense) limit what can be reached; hosts expose only the ports they must; experimental and life-critical workloads sit on separate networks, so a breach in one can’t walk into another.

This room collects the standing rules that reduce exposure across the enclave. It’s the counterpart to Watch: hardening tries to stop trouble, Watch notices it. Detection lives there; prevention lives here.

Has anything touched?

If reading this made you want to argue with it, extend it, or notice what's missing, that's the signal to show up.

:/back-to-top