Monday, February 24, 2020
  • Cisco Looks to Unify Cybersecurity Management
  • Raccoon: The Story of a Typical Infostealer
  • How to Scope Your Organization for NERC CIP
  • Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials
  • BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Data Security Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Application Security » Configuration Hardening: Proactively Guarding Systems Against Intrusion

Configuration Hardening: Proactively Guarding Systems Against Intrusion

by Megan Freshley on September 12, 2018

The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of hardened fortifications and bunkers.

But what does this state of “being hardened” mean in the context of information systems? What do we mean when we talk about operating system hardening techniques to repel exploits and withstand intrusions? Much of this is captured in three simple concepts:

  1. Ensure a system’s security configurations are appropriately set given the job it needs to do.
  2. Ensure operating system software, firmware  and applications are updated to stay ahead of exploits that attack flaws in the underlying code.
  3. Ensure this process runs continually, leveraging and employing as much automation as possible.

What is Configuration Hardening?

Configurations are, in an almost literal sense, the DNA of modern information systems. “Configuration settings” are the attributes and parameters that tell these systems—from servers to network devices and from databases to desktops and applications—how to act and how to behave.

Unfortunately, these systems are made to “do work” and not to “be secure.” In other words, they’re shipped infinitely capable but effectively insecure. Modern computer systems have over 1,000 well-known ports with which to get work done. They also have another 40,000 or so “registered” ports and yet another 20,000 or so “private” ports. These in turn support a vast number of services and processes.

There’s a nice analogy that helps us get our arms around this: If we translate a server’s “ports and processes and services” to the “doors and gates and windows” in a house, we see information systems as unimaginably large, fundamentally porous houses.

Security configuration (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/automation-action-proactively-hardening-systems-intrusion/

September 12, 2018September 12, 2018 Megan Freshley 20 Critical Security Controls, Application Security, attacks, Council on Cybersecurity, Data Loss Prevention, Featured Articles, Hardening Guidelines, Inventory Management, IT Security and Data Protection, Security Configuration Management, Security Strategies, system hardening, Vulnerability Management, vulnerability scanners
  • ← Enterprises Still Struggle to Put the Sec in DevOps
  • Butlin’s data breach affects 34,000 customers →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

DISA Breach Could Impact 200,000, Says Trump’s IT Agency
Lesser-Known Social Engineering Tricks
Survey Confirms CISOs Stressed Out
Veritas Extends Reach of AI Compliance Tool
Democratic Presidential Campaigns Learn Cybersecurity Lesson
Juice Jacking: How Hackers Can Steal Your Info When You Charge Devices
Scammers Use Fake Website to Masquerade as Burning Man Organizers
Insecure Direct Object Reference (IDOR) — Web-based Application Security, Part 6
Securing the real perimeter – part 1
Hackers Were Inside Citrix for Five Months

Upcoming Webinars

Tue 25

New Paradigms for the Next Era of Security

February 25 @ 1:00 pm - 2:00 pm
Mar 04

Shift Application Security Knowledge Left to Deliver Secure Code On Time

March 4 @ 11:00 am - 12:00 pm
Mar 09

Best Practices to Secure Containerized Apps with Next-Gen WAF

March 9 @ 1:00 pm - 2:00 pm
Mar 23

The State of Open Source Security

March 23 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Cloud Security: Keeping Serverless Data Safe

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Best Practices for Vulnerability Disclosure Marketing
CISO Suite Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Best Practices for Vulnerability Disclosure Marketing

February 24, 2020 Matt Hutchinson | 6 hours ago 0
Chernobyl and its Cyber Lessons, Part 2: Incident Response
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Chernobyl and its Cyber Lessons, Part 2: Incident Response

February 21, 2020 Simon Lacey | 3 days ago 0
Lesser-Known Social Engineering Tricks
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Lesser-Known Social Engineering Tricks

February 20, 2020 David Balaban | 4 days ago 0

Top Stories

Cisco Looks to Unify Cybersecurity Management
Analytics & Intelligence Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Cisco Looks to Unify Cybersecurity Management

February 24, 2020 Michael Vizard | 8 minutes ago 0
DISA Breach Could Impact 200,000, Says Trump’s IT Agency
Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

DISA Breach Could Impact 200,000, Says Trump’s IT Agency

February 21, 2020 Richi Jennings | 2 days ago 0
Veritas Extends Reach of AI Compliance Tool
Cybersecurity Featured News Security Boulevard (Original) Spotlight Threat Intelligence 

Veritas Extends Reach of AI Compliance Tool

February 20, 2020 Michael Vizard | 3 days ago 0

Security Humor

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics .

From The Archive: Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 105’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.