System hardening is the process of securing a computer system by reducing the amount of vulnerabilities that it has. When a computer is initially purchased and set up, its default configuration can contain many non-essential services and settings that may be used by hackers to get access to the system. System hardening is the process of removing or changing these default settings so that a computer can be as secure as possible before it is used in production. In addition to being a great security practice, it is also required by some regulatory bodies such as PCI DSS and HIPAA. Here I’ll outline some of the best practices for system hardening and some of the overall benefits:
Best Practices for System Hardening
System hardening is most important for machines that have a specific function such as a web server or a DNS server. These machines have very limited functionality and will be internet facing, which means it’s very important that they are configured to be as secure as possible. Performing hardening on systems with multiple purposes is possible, but you will be limited in the services you can restrict on a multi purpose machine because it will need to run many different types of services.
Remove Unnecessary Programs: As mentioned earlier every program is a potential entry point for an attacker. It’s best to remove all programs that aren’t necessary for the purpose of that machine. You should close any computer ports that are not needed. Ports are interfaces that allow a computer to connect to another device.
Apply all Software Updates: Outdated software is a very common means for an attacker to hack into a system. Outdated software is filled with security vulnerabilities that are disclosed publicly, which means hackers will usually be able to find out about them and exploit them very easily. Use service packs and keep all software up to date.
Change Default or Hardcoded Passwords: Keeping the default username and passwords make the job easy for attackers that are trying to gain access to user accounts. The default username and password of an OS is one of the first combinations an attacker will try, so it’s important to change them before connecting to the internet.
Create Group Policies and remove unnecessary accounts: Group policies define what the members in each group have permission to do. By creating good group policies and deleting any unnecessary default accounts you help to implement a least privilege model, where users only have access to do what is necessary for their job.
Disable access to firmware: Firmware provides low-level access to a computer’s hardware, simply meaning that they give you a significant amount of access to the hardware of the machine. This access should be disabled/restricted if it is not needed.
Configure Security Features: This means enabling anti virus/anti-malware software, configuring firewall rules and enabling the secure version of the protocols you are using (ssh, sftp).
Enable Encryption: There should be up to date encryption for data at rest and data in transit.
System Monitoring: If your organization uses any type of SIEM or other monitoring tool, this should be configured on the computer. This way you can monitor the system for any suspicious activity.
Data Backups: Proper backups should be enabled for all machines holding company information. This doesn’t prevent a hack from occurring but it greatly minimizes the information lost in the event of something like ransomware. Also, it makes it easier to recover from a data breach if you have a recent data backup you can use to restore your systems.
Use Hardening Templates from Reliable Sources: Organizations like Microsoft and NIST have resources for helping you with securing your infrastructure. NIST has a guide to server hardening that goes over some of best practices for securing a server, while microsoft has a set of downloadable security baselines for their windows servers.
Why is System Hardening Important?
System hardening is the process of making a system as secure as possible. Most computer systems by default have many security vulnerabilities and default settings that make it susceptible to cyber attacks. If you do a good job in hardening your computer systems, it will significantly reduce the chances of getting hacked later on. This is especially important for any servers (such as a web server) that will be exposed to the internet. For these internet facing systems it’s not a matter of if someone will try to hack them, it’s a matter of when.