This is a nice list, but for the novices it’s obviously meant for, it’s a bad learning experience.
Why? Because it doesn’t explain any of the reasoning behind what it asks you to do.
Why are we changing the default SSH port, for example? Someone who is seasoned might identify this is a somewhat limited attempt to obscure our attack surface, but to a novice it’s inscrutable and meaningless.
More important than telling people what to do is explaining why, because it puts the learning in context and makes it stick by giving a reason to care.
This is a nice list, but for the novices it’s obviously meant for, it’s a bad learning experience.
Why? Because it doesn’t explain any of the reasoning behind what it asks you to do.
Why are we changing the default SSH port, for example? Someone who is seasoned might identify this is a somewhat limited attempt to obscure our attack surface, but to a novice it’s inscrutable and meaningless.
More important than telling people what to do is explaining why, because it puts the learning in context and makes it stick by giving a reason to care.