The Art of System Hardening - A Comprehensive Guide

The Art of System Hardening - A Comprehensive Guide

12 January 2013

Download the Complete Guide to System Hardening #

Introduction to System Hardening #

System hardening is the art of strengthening your computing environment against potential threats. At its core, the philosophy is about implementing the principle of ’least privilege.’ This involves:

  • Knowing exactly what services and applications need to run on a system
  • Creating documentation that outlines policy, standards, and guidelines
  • Securely configuring operating systems, virtual servers, and software
  • Managing application settings to enhance security
  • Streamlining database setup and configuration
  • Securing network devices and portable equipment

Why Platform Hardening Matters #

Platforms, such as servers or databases, are the foundation of your data infrastructure. Their integrity is crucial for the secure, reliable transfer and storage of information. As a best practice, ensure that your platforms are configured and maintained to repel unauthorized access and service interruptions.

Key Definitions in System Hardening #

  • Hardened System (H): This represents the secure state you aim to achieve for your system.
  • Baseline OS Hardening (Bos): Refers to the foundational security settings for the operating system.
  • Application/System Function Hardening (Af): Concerns the security configurations for applications like Apache, Oracle, and specific system functions like DNS or DHCP.
  • Base Hardening (B): It’s the sum of Baseline OS Hardening and Application/System Function Hardening (B = Bos + Af).
  • Custom Hardening (C): This involves extra security layers, such as DMZ settings, specialized security settings, or custom OS-specific controls like TCP Wrappers.
  • Virtual System Hardening: This pertains to hardening the virtual machines (VMs) themselves.

The Formula for a Hardened System #

To put system hardening into simple math, you could say:

[ H (Hardened System) = B (Base Hardening) + C (Custom Hardening) ]

This equation illustrates how a hardened system is the result of combining basic security configurations with custom layers of protection.

Hardening Virtual Systems #

In a virtualized environment, you can adapt the hardening formula as follows:

[ H (Hardened System) = Vos (Virtual OS Hardening) + B (Base Hardening) + C (Custom Hardening) ]

The addition of Virtual OS Hardening reflects the need to secure the virtual machine itself, alongside the base and custom hardening procedures.