Network Hardening Made Easy
Default configurations of technologies may be convenient and user-friendly, but they’re rarely optimal from a security perspective. That’s where hardening comes in.
Default configurations of technologies, such as networks, operating environments, servers, applications, and databases, are largely designed to create a convenient, user-friendly, and functional experience, leaving security to be something the user must keep in mind. Without hardening, these technologies are extremely vulnerable to malicious attack and put information assets at high risk for compromise.
“Hardening” is a term used to describe the act of implementing best practices, controls, techniques, and tools to secure networks and systems and reduce IT security vulnerabilities and risks.
As mentioned above, there are several components of security hardening, each intended to close loopholes that malicious actors could exploit across a given IT environment:
1. Application hardening makes tampering with applications, or reverse engineering them, more difficult for hackers. This type of hardening can include the performance of code integrity checks, binary-level code obfuscation, string encryption, root and jailbroken device detection, and the deletion of unused code and metadata.
2. Operating system (OS) hardening helps reduce the likelihood of endpoint attacks. Methods include instating automatic updates, service packs, and patches, enforcing strong passwords, logging system activity and warning messages, implementing least privilege, and removing or disabling unused software and services, which can serve as backdoors into the system for hackers.
3. Server hardening entails much of the same as OS hardening. Servers must be routinely updated to negate known vulnerabilities that could allow attacks such as remote code execution or local privilege escalation. Users should use strong passwords and change them regularly; third-party software should either be kept up to date or removed from the server entirely; and basic hygiene measures, like firewalls and antivirus software, should always be deployed and configured properly.
4. Database hardening involves controlling user access to ensure the right people have the right level of access. To accomplish this, define privileged access controls, turn on node checking to verify users and applications, encrypt data in transit and at rest, delete unused accounts, and implement role-based access controls.
5. Network hardening is fundamental to IT security. To protect the network from intruders, organizations should deploy a business-grade firewall, customize its configuration, disable any and all unused services, including file and printer sharing and web and mail servers, block unneeded open ports, and encrypt network traffic.
This is not a finite list of hardening tactics but should be enough to get the conversation started around what IT security currently looks like at an organization— and where it should go. For a comprehensive checklist, organizations should turn to the Center for Internet Security (CIS) Benchmarks, which provide a deeper dive into technology-specific hardening techniques.
For those unsure where to begin with network/system hardening, Securance offers the first-ever Online Hardened Network Security Assessment. This free tool provides an immediate, customized report with your organization’s security maturity rating intended to help your organization build a secure, reliable IT environment.
Network Hardening Made Easy was originally published on LinkedIn by Securance President Paul Ashe.