Configuration Hardening: Proactively Guarding Systems Against Intrusion - Security Boulevard
Saturday, December 4, 2021
  • Who Is the Network Access Broker ‘Babam’?
  • BSidesKC 2021 – Kevin Shekleton’s ‘The Future of Computer Security’
  • Cl0p Ransomware Gang Tries to Topple the House of Cards
  • Cybersecurity News Round-Up: Week of November 29, 2021
  • $150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Data Security Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Configuration Hardening: Proactively Guarding Systems Against Intrusion

SBN Configuration Hardening: Proactively Guarding Systems Against Intrusion

by Megan Freshley on September 12, 2018

The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of hardened fortifications and bunkers.

FinConDX 2021

But what does this state of “being hardened” mean in the context of information systems? What do we mean when we talk about operating system hardening techniques to repel exploits and withstand intrusions? Much of this is captured in three simple concepts:

  1. Ensure a system’s security configurations are appropriately set given the job it needs to do.
  2. Ensure operating system software, firmware  and applications are updated to stay ahead of exploits that attack flaws in the underlying code.
  3. Ensure this process runs continually, leveraging and employing as much automation as possible.

What is Configuration Hardening?

Configurations are, in an almost literal sense, the DNA of modern information systems. “Configuration settings” are the attributes and parameters that tell these systems—from servers to network devices and from databases to desktops and applications—how to act and how to behave.

Unfortunately, these systems are made to “do work” and not to “be secure.” In other words, they’re shipped infinitely capable but effectively insecure. Modern computer systems have over 1,000 well-known ports with which to get work done. They also have another 40,000 or so “registered” ports and yet another 20,000 or so “private” ports. These in turn support a vast number of services and processes.

There’s a nice analogy that helps us get our arms around this: If we translate a server’s “ports and processes and services” to the “doors and gates and windows” in a house, we see information systems as unimaginably large, fundamentally porous houses.

Security configuration (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/automation-action-proactively-hardening-systems-intrusion/

September 12, 2018September 12, 2018 Megan Freshley 20 Critical Security Controls, Application Security, attacks, Council on Cybersecurity, Data Loss Prevention, Featured Articles, Hardening Guidelines, Inventory Management, IT Security and Data Protection, Security Configuration Management, Security Strategies, system hardening, Vulnerability Management, vulnerability scanners
  • ← Enterprises Still Struggle to Put the Sec in DevOps
  • Butlin’s data breach affects 34,000 customers →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Cyberattacks in 2021 Highlighted Critical Infrastructure Risks
Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious
Debunking Myths About CMMC 2.0
Cybercriminals: Frenemies China, Russia, North Korea
Searching for Bugs in Open Source Code
Cyber Security Predictions for 2022
IoT Protocols and Standards (IPv6, 6LoWPAN, RPL, 6TiSCH, WoT, oneM2M, etc.)
GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures
Security for IoT Networks Needs to Reflect an OT Mindset
What We’ve Learned About SSH Brute Force Attacks

Upcoming Webinars

Mon 06

Code Tampering: 4 Keys to Risk Reduction

December 6 @ 3:00 pm - 4:00 pm
Wed 08

Cloud Security

December 8 @ 12:00 pm - 1:00 pm
Thu 09

SCA: Your First Step Toward Supply Chain Security

December 9 @ 11:00 am - 12:00 pm
Jan 11

Securing Infrastructure-as-Code From Tampering and Misconfigurations

January 11, 2022 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Widespread Threats Target Automotive Companies
Cybersecurity Data Security Industry Spotlight IoT & ICS Security Network Security Security Awareness Security Boulevard (Original) Threat Intelligence Vulnerabilities 

Widespread Threats Target Automotive Companies

December 3, 2021 Pauline Losson | Yesterday 0
Cyberattacks in 2021 Highlighted Critical Infrastructure Risks
Cybersecurity Data Security Endpoint Industry Spotlight IoT & ICS Security Malware Network Security Security Boulevard (Original) Threat Intelligence Vulnerabilities 

Cyberattacks in 2021 Highlighted Critical Infrastructure Risks

November 30, 2021 Chen Fradkin | 3 days ago 0
Debunking Myths About CMMC 2.0
CISO Suite Cyberlaw Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Network Security Security Awareness Security Boulevard (Original) 

Debunking Myths About CMMC 2.0

November 29, 2021 Ed Bassett | 4 days ago 0

Top Stories

$150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks
Analytics & Intelligence Application Security Best of 2021 Blockchain Cloud Security Cyberlaw Cybersecurity Digital Currency Editorial Calendar Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

$150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks

December 3, 2021 Richi Jennings | Yesterday 0
Dell Allies with AWS to Protect Data
Application Security Cloud Security Cybersecurity Data Security Endpoint Featured Incident Response Network Security News Security Boulevard (Original) Spotlight 

Dell Allies with AWS to Protect Data

December 1, 2021 Michael Vizard | 2 days ago 0
Aviatrix Adds Security Capabilities to Cloud Management Platform
Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Aviatrix Adds Security Capabilities to Cloud Management Platform

November 30, 2021 Michael Vizard | 3 days ago 0

Security Humor

XKCD 'Edge Cake'

XKCD ‘Edge Cake’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2021 Techstrong Group Inc. All rights reserved.