16 System Hardening
This chapter covers
- System Hardening
- Methods for system hardening
- Security baselines, patching, and updates
- Change management
- Secure Development Lifecycle
As discussed in previous chapters, cybersecurity attacks typically target the weakest link: the system or device with the most easily accessible vulnerability.
Since most systems prioritize functionality and ease of deployment over security, they often have unnecessary services enabled, open network ports, and weak default authentication mechanisms. While these settings are convenient, they significantly increase the attack surface and create predictable entry points for attackers.
Since new vulnerabilities are constantly being discovered, maintaining secure systems requires more than just an initial setup. A single misconfigured or unprotected system can compromise the security of the entire environment. Therefore, organizations must ensure that systems are deployed and maintained securely over time.
System hardening addresses this challenge by ensuring that systems are intentionally configured to minimize vulnerabilities and reduce the risk of attack. Rather than relying on default settings or user behavior, system hardening systematically enforces secure configurations across operating systems, applications, servers, network equipment, and other connected devices.