Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in modern apps, systems, infrastructure, firmware, and other areas. The goal of hardening is to reduce security risk by eliminating potential attack vectors and condensing the system’s attack surface. By removing superfluous programs, accounts functions, applications, ports, permissions, access, etc. attackers and malware have fewer opportunities to gain a foothold within your IT ecosystem.

Systems hardening demands a methodical approach to audit, identify, close, and control potential security vulnerabilities throughout your organization. There are several types of system hardening activities, including:

  • Application hardening

  • Operating system hardening

  • Server hardening

  • Database hardening

  • Network hardening

Although the principles of system hardening are universal, specific tools and techniques do vary depending on the type of hardening you are carrying out. System hardening is needed throughout the lifecycle of technology, from initial installation, through configuration, maintenance, and support, to end-of-life decommissioning.

Hardening to Reduce the "Attack Surface"

The “attack surface” is the combination of all the potential flaws and backdoors in technology that can be exploited by hackers. These vulnerabilities can occur in multiple ways, including:

  • Default and hardcoded passwords;

  • Passwords and other credentials stored in plain text files;

  • Unpatched software and firmware vulnerabilities;

  • Poorly configured BIOS, firewalls, ports, servers, switches, routers, or other parts of the infrastructure;

  • Unencrypted network traffic or data at rest;

  • Lack, or deficiency, of privileged access controls.