This project demonstrates practical implementation of operating system and network security hardening, combined with controlled penetration testing techniques to understand how defensive controls and monitoring mechanisms respond to stealthy network activity.
The objective was to strengthen wireless and endpoint security through configuration hardening, enforce firewall protections across network profiles, and analyze how decoy-based scanning techniques appear in network traffic. The work emphasizes a defensive security perspective, focusing on prevention, visibility, and detection rather than exploitation.
Harden wireless network infrastructure by securing administrative access and restricting device connectivity
Configure endpoint firewall protections for public network environments to reduce exposure on untrusted networks
Allow required services and applications while maintaining a restrictive firewall posture
Analyze network traffic generated by stealth scanning techniques using packet inspection
Demonstrate how penetration testing activity can be detected and analyzed through network monitoring
Operating Systems
Windows 10 / Windows 11
Linux (for controlled network scanning activities)
Network
Local LAN environment
Wireless router management interface
Windows Defender Firewall
Wireshark
Nmap / Zenmap
Ethical Notice
** All activities demonstrated in this project were performed in a controlled lab environment on authorized systems for educational purposes only. **
This scenario simulates a small corporate environment where a network technician is responsible for improving wireless security controls and endpoint firewall configurations to reduce unauthorized access risks.
- Updated default administrative credentials on the wireless controller to reduce unauthorized access risk
- Implemented MAC address allow-listing to restrict network access to authorized devices only
- Enabled firewall protections for public network profiles to reduce exposure on untrusted networks
- Configured firewall rules to allow required services and applications while maintaining a restrictive default posture
This scenario simulates a penetration testing engagement where stealth scanning techniques are analyzed to understand how attackers attempt to evade detection mechanisms, and how such activity appears in network monitoring tools.
Network Reconnaissance Analysis
-
Performed a simulated stealth scan using decoy traffic techniques
-
Captured and analyzed network traffic using Wireshark to observe scan behavior
- Identified multiple source IP addresses associated with decoy-based scanning activity
Created By:
• Author Name: Selfridge Oya Eloi • Author Contact: https:www.linkedin.com/in/christ-selfridge-oya-eloi-72342a113
