System Hardening Tips
Default configurations of technologies may be convenient and user-friendly, but they are rarely optimal when it comes to security. That is where these system hardening tips come in.
“Hardening” is a term used to describe the act of implementing best practices, controls, techniques, and tools to secure networks and systems and reduce vulnerabilities and risks.
Upon installation, the default configuration of most technologies, including networks, operating environments, servers, applications, and databases, is meant to be convenient and user-friendly. Default configurations allow the end-user to be functional as quickly as possible, not as securely as possible. Without hardening, these technologies are vulnerable to malicious attacks and at substantial risk for compromise. Therefore, security is something the user must consider and configure for themselves.
Below are our top elements of security hardening, each intended to close loopholes that malicious actors could manipulate across an IT environment:
1. Application Hardening
Application hardening makes tampering with applications, or reverse engineering them, more difficult for hackers. Code integrity checks, binary-level code obfuscation, string encryption, root and jailbroken device detection, and the deletion of unused code and metadata are all application hardening methods.
Consider the following when beginning application hardening:
- Limit software installation to applications from trusted sources
- Install antivirus and malware protection
- Choose software with data encryption
- Update to the latest versions
2. Server and Operating System Hardening
Operating system (OS) hardening helps reduce the likelihood of endpoint attacks. Methods include setting automatic updates, service packs, and patches; enforcing strong passwords; logging system activity and warning messages; and implementing access controls based on least privilege. Removing or disabling unused software and services, which can serve as backdoors into the system for hackers, will also harden an OS.
Review these basic OS/Server hardening measures:
- Restrict access privileges
- Enable optional security features, such as Microsoft Defender in Windows or FileVault in MacOS
- Update drivers or delete them when unused
- Use automatic patching or a patching management system
4. Database Hardening
Database hardening involves limiting access to the right people at the right level. Implement role-based access control policies (RBAC) and monitor database accounts closely. Configure the database to encrypt data in both rest and transit.
Securing a database to store sensitive data requires many security controls, but these four tips will get you started:
- Restrict administrative privileges
- Define privileged access controls
- Delete unused accounts and lock accounts with suspicious activity
- Adhere to configuration standards and frameworks
5. Network Hardening
Network hardening is fundamental to IT security. Organizations should deploy a business-grade firewall to protect the network from intruders. It is also essential to customize the firewall configuration by blocking unneeded ports and disabling unused services, including file and printer sharing and web and mail servers. As always, encrypt network traffic.
Document your existing network design and check for the following:
- Use and configure firewalls and antivirus software
- Audit network access privileges
- Disable unneeded ports and protocols
- Encrypt network traffic
These considerations are not a finite list but will start the conversation about improving IT security at your organization. For more information including system hardening tips, take Securance’s Online Hardened Network Security Assessment. This free tool provides an immediate, customized report with your organization’s security maturity rating intended to help your organization build a secure, reliable IT environment.