security-hardening

SKILL.md

Proactive reduction of attack surface across infrastructure layers through systematic configuration hardening, least-privilege enforcement, and automated security controls. Applies industry-standard CIS Benchmarks and zero-trust principles to operating systems, containers, cloud configurations, networks, and databases.

Default Deny, Explicit Allow Start with all access denied, explicitly permit only required operations. Apply default-deny firewall rules and network policies, then allow specific traffic.

Least Privilege Access Grant minimum permissions required for operation. Use RBAC, IAM policies with specific resources, and database roles with limited permissions (no DELETE or DDL unless required).

Reduce la superficie de ataque en las capas de sistema operativo, contenedor, nube, red y base de datos utilizando puntos de referencia CIS y principios de confianza cero. Úselo para reforzar la infraestructura de producción, cumplir con los requisitos de cumplimiento o implementar una seguridad de defensa en profundidad. Fuente: ancoleman/ai-design-components.

Ver original