Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system’s attack surface. By removing superfluous programs, accounts functions, applications, ports, permissions, access, etc. attackers and malware have fewer opportunities to gain a foothold within your IT ecosystem.
Systems hardening demands a methodical approach to audit, identify, close, and control potential security vulnerabilities throughout your organization. There are several types of system hardening activities, including:
- Application hardening
- Application access control
- Remove default passwords
- Implement password best practices
- Configure account lockout policy
- Operating system hardening
- Apply necessary updates and patches automatically
- Remove unnecessary files, libraries, drivers, and functionality
- Log all activity, errors, and warnings
- Limit sharing and system permissions
- Configure file system and registry permissions
- Network hardening
- Firewall configuration
- Regular network auditing
- Limit users and secure access points
- Block unnecessary network ports
- Disallow anonymous access
- Server hardening
- Administrative access and rights are allocated properly
- Secure your data center where servers are located
- Disallow shut down initiation without log in
- Database hardening
- Implement admin restrictions on access
- Encrypt data entering and leaving the database
- Remove unused accounts
Although the principles of system hardening are universal, specific tools and techniques do vary depending on the type of hardening you are carrying out. System hardening is needed throughout the lifecycle of technology, from initial installation, through configuration, maintenance, and support, to end-of-life decommissioning. Systems hardening is also a requirement of mandates such as PCI DSS and HIPAA.