In most instances, new digital assets, such as servers and operating systems, come in an unconfigured state. When an asset is installed, everything is enabled by default. All application services are turned on, and all ports are open. At the same time, most new assets aren’t fully updated — they often require multiple software and firmware updates. This is where system hardening comes in.

System hardening is the process of configuring an asset in line with security best practices to reduce its vulnerability to cyber attacks. The process involves reducing the ‘attack surface’ of the asset by disabling unnecessary services, user accounts, and ports.

The purpose of system hardening is simple. The smaller an asset’s attack surface — i.e., the fewer entry points it has — the harder it is for an attacker to gain unauthorized access.

Establishing a System Hardening Baseline

One of the most important steps (Read more...)