Guide to Industry-Accepted Hardening Standards
The goal of systems hardening is to further protect your organization by reducing vulnerabilities in your applications, systems, and information technology infrastructure. By doing so, you’re creating less opportunity for malicious attacks and operational malfunctions because you are removing unnecessary programs, applications, and access points that increase the security of your system. Just as removing unnecessary hazards on a busy interstate increases traffic flow and reduces risk of accidents, removing unnecessary technology in your system decreases the risk of malicious activity and can increase overall operational productivity.
System Hardening Standards
For all the parts of your ever-changing systems, you want to prevent attacks and vulnerabilities as best you can. Hardening your network, servers, applications, database, and operating systems is a great start to meeting industry-accepted configuration standards. Your hardening standards will vary as your systems and technology will differ, but you can focus on developing standards to implement these five areas of system hardening:
Network Hardening
- Firewall configuration
- Regular network auditing
- Limit users and secure access points
- Block unnecessary network ports
- Disallow anonymous access
Server Hardening
- Administrative access and rights are allocated properly
- Secure your data center where servers are located
- Disallow shut down initiation without log in
Application Hardening
- Application access control
- Remove default passwords
- Implement password best practices
- Configure account lockout policy
Database Hardening
- Implement admin restrictions on access
- Encrypt data entering and leaving the database
- Remove unused accounts
Operating System Hardening
- Apply necessary updates and patches automatically
- Remove unnecessary files, libraries, drivers, and functionality
- Log all activity, errors, and warnings
- Limit sharing and system permissions
- Configure file system and registry permissions
The implementation of these hardening techniques is by no means a comprehensive approach to security, but it’s a great start to ensure your organization is headed in the right direction for a more secure information security program. By gathering the right tools and techniques, you can set yourself up for security success.
Industry-Recognized Experts on System Hardening
The information security industry has endless information on industry-accepted system hardening standards through experts such as CIS, NIST, and SANS. You can dive deeper into hardening standards through NIST’s National Checklist Program for IT Products, NIST’s Guide to General Server Security, and security hardening checklist examples from SANS and The University of Texas at Austin. These experts have extensive resources to provide you with industry-accepted standards for all your security needs. At KirkpatrickPrice, our security practices are influenced and built upon the foundation of these industry-recognized experts. As you establish your own system hardening techniques, you can turn to these experts and the information security specialists at KirkpatrickPrice for security guidance. Contact us, today, to learn how we can help you further establish your security presence.
More Resources
Compliance is Never Enough: Hardening and System Patching
PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities
SOC 2 Academy: Detect and Monitor Changes in Your System Configurations