Every IT infrastructure consists of a variety of devices and infrastructure components. Each of those belong to a different vendor and runs a different operating system as well as set of applications.

There needs to a carefully designed process to install and manage each component, whereby the security of those is ascertained at a granular level. With a rapid increase in the usage of mobile equipment's, multiple security problems are introduced too.

By large, installing the right software and configuring for the security purpose to be served are the steps to begin with, while uninstalling unnecessary software and correcting the configurations is a periodic job towards continued security. Hardening process does not have any specific standard, however typically CIS (Centre for Internet Security) as well as vendor specific guidelines are followed.

System hardening means securing and configuring a system in such a way that it reduces its surface of vulnerability to a great extent. This is done largely by removing unnecessary software, hardening default credentials, disabling unnecessary services, and modifying other configuration parameters from default values so that the system works securely for a focused set of services.

Hardening is usually done by following industry standard configuration guidelines, such as from CIS (Centre for Internet Security) and/or vendor hardening guidelines. These need to be carefully modified to ensure that the functionality of the system is not impacted.

Security software such as antivirus, spyware blockers prevent malicious software from running on the machine. Even with these security measures in place, computers will be vulnerable to outside access. System hardening or OS minimizes these security vulnerabilities. Its purpose is to eliminate as many security risks as possible by removing all non-essential software programs and utilities from the computer. While these programs offer useful features to the user, they can also act as backdoors to the system; hence they must be removed during system hardening.

Advanced system hardening might involve reformatting the hard disk; installing the bare necessities only for required functioning. For example, file and print sharing might be turned off if not necessary. For authorized security access, various measures are typically taken.

Usually, guest account is disabled; administrator account is renamed and secure passwords are created for all user login. Auditing features are enabled to monitor unauthorized access attempts. These steps are done in tandem with other configuration hardening measures that security and system administrators do to boost system security.

The underlying principle for all security hardening measures is defence-in-depth, i.e. building security in multiple layers so that surface area of exposure is reduced and at the same time the primary functionality of the system is not negatively impacted.

Our teams have worked with numerous technology platforms across operating systems such as Windows, Linux, Databases such as MS SQL Server, mySQL, Web Servers, Mail Servers, Network Devices, as well as security devices such as Firewalls, IPS, etc. and are therefore, very well-versed with hardening standards and processes.

Reference Links:

CIS Security Benchmarks

NSA Security Configuration Guides

Microsoft Baseline Security Analyzer

Database Hardening Guidelines - Berekeley Security