What is Security Hardening?
A hardening standard defines the baseline standards for each system. Each new system must meet the hardening standard upon introduction. Several industry standards, such as CIS, give benchmarks for various operating systems and apps. Each hardening standard may include requirements such as:
Physical security - controlling the environment around sensitive areas |
Operating systems – patching and locking firmware access |
Creating rules for programme installation and default setups |
Securing security equipment – ensuring anti-virus is implemented and reported |
Remove unneeded services (e.g. FTP) and enable secure protocols (e.g., ssh, sftp) |
System auditing and monitoring — providing event traceability |
Access control - renaming or disabling default accounts |
Encryption cyphers to employ (e.g., SHA-256) |
Ensure patches and updates are successfully deployed |
System backup – properly configured backups |
Do Hardening Standards Matter?
Consistently secure setups across all platforms keep system risks to a minimum. Keeping each system's risk as low as possible reduces the possibility of a compromise. A breach occurs when the hardening standard is not followed, which is prevalent in our engagements. It's nearly always a new or legacy system that lacks hardening and is utilised to pivot. Attackers on your network are waiting for these openings, therefore harden before deployment.
Maintaining Your Hardening Standard
As part of your hardening standard, you must periodically check for missing security configurations or fixes. The best method to do this is through a frequent compliance scan. The vulnerability scanner will try to log into any system it can, and this will reveal any unpatched systems and new issues that can be added to your hardening standard. Continually testing for faults reduces the time a system is non-compliant.