SECURITY POSTURE
A transparent log of defensive configurations currently under research and laboratory stress-testing.
Security Thesis:In OT, availability is king. This registry tracks my progress in 'Physical-First' security—moving from basic IT hardening to industrial-grade protection strategies like VRF isolation and broadcast suppression.
Management Plane Isolation
Researching the separation of SSH/SNMP traffic into a dedicated VRF or Management VLAN.
Risk_Mitigation
Unauthorized infrastructure access
Sticky Port Security
Drafting MAC-address limiting configurations to prevent unauthorized physical hardware injection.
Risk_Mitigation
Physical layer breach / Rogue devices
Unused Service Deactivation
Identifying and disabling non-essential services like Telnet, HTTP, and CDP on virtual nodes.
Risk_Mitigation
Attack surface reduction
Broadcast Storm Control
Studying threshold limits to prevent Layer 2 loops from crashing time-critical OT traffic.
Risk_Mitigation
Availability loss / Denial of Service
Laboratory_Disclaimer
The configurations above represent a pedagogical roadmap. Systems are not marked as "Production_Verified" until they have survived physical stress-testing in the hardware lab.