// COVER PENDING The Study Guide to Network and System Hardening

– BOOKS · HANS STUDY · FIRST EDITION, 2026

The Study Guide to Network and System Hardening

A Field Reference for Systems and Security Integrators

By Hans Study, CISSP.

PaperbackKindle DWG · SG-COV · REV 01
Paperback listing coming Kindle listing coming

Questions, review copies, errata, bulk orders, translation rights: book@hans.study

A field reference for the network and security work that determines whether a deployment is defensible. Hardening and tuning across the enterprise networks and the Windows servers and workstations that run security platforms.

What the book covers

Network hardening. Switch baselines, VLAN segmentation, trunk discipline, port security, BPDU guard, DHCP snooping, DAI, AAA, SSH, syslog and time. Cisco IOS, Aruba CX, and where the same patterns land on ALE and Juniper.

Identity and access. Active Directory tiering, named admin accounts, LAPS, service-account discipline, group policy at scale, and the audit posture that supports a real evidentiary chain.

System hardening. Microsoft Windows server and workstation baselines (Server 2019, 2022, 2025; Windows 10 and 11). Defender configuration with scoped exclusions for VMS workloads. BitLocker. Advanced audit policy with process creation (Event 4688). Windows Event Forwarding. Sysmon with a tuned config. Patch cadence under the VMS-compatibility lag.

Tuning. The settings that keep a hardened system performing under operational load. Where the hardening conflicts with throughput, what to test, and how to negotiate the trade-offs with stakeholders who care about uptime as much as audit posture.

Platforms named

Microsoft Windows (server and workstation), Cisco, Aruba, and Genetec Security Center are the primary stacks throughout. Adjacent stacks (Axis, Bosch, Milestone, Avigilon, C-CURE, Fortinet, Palo Alto, Juniper, ALE) are named where they matter.

Who it is for

Systems and security integrators responsible for the hardening posture of a deployment. IT generalists handed a network and security environment they did not design and need to bring to a defensible baseline. Network engineers moving into security work. Practitioners studying CISSP-adjacent material who want to see how the principles translate into a working baseline.

Who it is not for

Readers looking for CISSP exam prep. The book is a field reference, not a study guide for the exam. Readers expecting a vendor-specific deep-dive on one platform. The book is cross-stack on purpose.

By Hans Study, CISSP. Independent network and security consultant and advisor based in Ontario, Canada.