Sunday, January 17, 2021
  • Pcaps and the Tools That Love Them Part 1 of ???
  • Malware protection is easy – Malinformation protection is hard
  • DEF CON 28 Safe Mode IoT Village – Dewank Pant’s & Shruti Lohani’s ‘Your Connected World Isn’t Yours Now’
  • XKCD ‘1/100,000th Scale World’
  • DEF CON 28 Safe Mode IoT Village – Dr. Amit Bar On’s And Anahit Tarkhanyan’s ‘Future Of IoT Sec Baselines’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Data Security Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Configuration Hardening: Proactively Guarding Systems Against Intrusion

Configuration Hardening: Proactively Guarding Systems Against Intrusion

by Megan Freshley on September 12, 2018

The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of hardened fortifications and bunkers.

But what does this state of “being hardened” mean in the context of information systems? What do we mean when we talk about operating system hardening techniques to repel exploits and withstand intrusions? Much of this is captured in three simple concepts:

  1. Ensure a system’s security configurations are appropriately set given the job it needs to do.
  2. Ensure operating system software, firmware  and applications are updated to stay ahead of exploits that attack flaws in the underlying code.
  3. Ensure this process runs continually, leveraging and employing as much automation as possible.

What is Configuration Hardening?

Configurations are, in an almost literal sense, the DNA of modern information systems. “Configuration settings” are the attributes and parameters that tell these systems—from servers to network devices and from databases to desktops and applications—how to act and how to behave.

Unfortunately, these systems are made to “do work” and not to “be secure.” In other words, they’re shipped infinitely capable but effectively insecure. Modern computer systems have over 1,000 well-known ports with which to get work done. They also have another 40,000 or so “registered” ports and yet another 20,000 or so “private” ports. These in turn support a vast number of services and processes.

There’s a nice analogy that helps us get our arms around this: If we translate a server’s “ports and processes and services” to the “doors and gates and windows” in a house, we see information systems as unimaginably large, fundamentally porous houses.

Security configuration (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/automation-action-proactively-hardening-systems-intrusion/

September 12, 2018September 12, 2018 Megan Freshley 20 Critical Security Controls, Application Security, attacks, Council on Cybersecurity, Data Loss Prevention, Featured Articles, Hardening Guidelines, Inventory Management, IT Security and Data Protection, Security Configuration Management, Security Strategies, system hardening, Vulnerability Management, vulnerability scanners
  • ← Enterprises Still Struggle to Put the Sec in DevOps
  • Butlin’s data breach affects 34,000 customers →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Sonrai Security Marketing

Sonrai Security Closes 2020 with Record Growth and Customer Momentum

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

4 Steps to Mitigate Future Healthcare Cyberattacks
Soon, Quantum Computing Could Break Your Encryption
Object vs. File Storage: Why Security Is a Key Consideration
Digital Ocean Minds its MANRS Alongside Other Service Providers
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Breach of Trust: How Cyber-Espionage Thrives On Human Nature
Web Application Attacks on Healthcare Spike 51% As COVID-19 Vaccines are Introduced
Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain
Emotet: A Year in the Life of a Malware
AttackIQ’s Automated Threat-Informed Defense Approach is Transforming Cybersecurity

Upcoming Webinars

Tue 19

A New Year’s Ransomware Resolution

January 19 @ 1:00 pm - 2:00 pm
Tue 19

Shift Left with NGINX Layer 7 Security

January 19 @ 10:00 pm - 11:00 pm
Wed 20

Vulnerability Discovery in the Cloud

January 20 @ 3:00 pm - 4:00 pm
Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Your Quantum-Safe Migration Journey Begins with a Single Step
CISO Suite Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Your Quantum-Safe Migration Journey Begins with a Single Step

January 15, 2021 Paul Lucier | 2 days ago 0
4 Steps to Mitigate Future Healthcare Cyberattacks
Cybersecurity Data Security Governance, Risk & Compliance Incident Response Industry Spotlight IoT & ICS Security Network Security Security Boulevard (Original) Threat Intelligence 

4 Steps to Mitigate Future Healthcare Cyberattacks

January 13, 2021 Jonathan Langer | 4 days ago 0
How Hyperautomation Takes the Worry Out of Remote Work
Cybersecurity Governance, Risk & Compliance Industry Spotlight Network Security Security Boulevard (Original) 

How Hyperautomation Takes the Worry Out of Remote Work

January 11, 2021 Chris Goettl | Jan 11 0

Top Stories

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | 1 day ago 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | Jan 11 0
WhatsApp/Facebook Data Sharing: Pants On Fire?
Application Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

WhatsApp/Facebook Data Sharing: Pants On Fire?

January 7, 2021 Richi Jennings | Jan 07 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘1/100,000th Scale World’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.