System Hardening

Overview

System Hardening is the act of assessing a system or application and determining where it can be fortified to prevent attacks, and the damage that might occur from an attack. The ultimate goal of hardening any system is to reduce the attack vector of a particular application or system, while ideally not compromising any usability of the system.

Why Should You Harden Your Systems?

The most important reason why systems and applications should be hardened is to reduce the area where an attack could be mounted against your infrastructure or applications. Default installations of software, operating systems or services are not always ideal from a security perspective, and hardening your systems will help secure those systems from unnecessary threats.

The additional benefit to hardening your systems is that provides an organization the opportunity to regularly audit and evaluate the systems, policies and rules that are currently used and remove those that are no longer necessary. It is not uncommon for clients to find firewall rules that are no longer necessary, or development enviornments that are no longer required during the hardening process.

How do they Work?

System Hardening is a rather broad term that is used to describe the act of reducing an attack surface of a particular system, network or application, so each engagement will be different from the previous.

Some of the tasks we would perform during a hardening engagement is as follows.

  • Taking stock of the network and assets within the network to spot high value targets
  • Reviewing firewall rules and VLANs to ensure the rules are still accurate and are restrictive as possible
  • Determine the ability to remotely log into servers and services, and whether those mechanisms are secure
  • Password auditing & implementation of two-factor authentication if appropriate
  • Reviewing of software patching cycles
  • Auditing the services that are running on a server to determine if they are all required
  • Ensuring that only people that require access to specific sets of data are permitted to access that data
  • Determining what systems are accessible from wireless networks