Hardening Techniques

Hardening

The process of securing a system by reducing its "surface of vulnerability." This involves disabling unnecessary services, removing unused software, closing open ports, and applying strict configuration settings to make the system more resistant to attack.

Change Management

A formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without forethought, introducing faults into the system or undoing changes made by other users.

Least Privilege

The security concept that a user, system, or process should have only the minimum access rights necessary to perform its function, and nothing more.

Disable Unnecessary Services

The practice of turning off background programs and protocols that are not required for the system's primary function. This prevents attackers from exploiting vulnerabilities in software that shouldn't be running in the first place.

Patch Management

The strategic process of acquiring, testing, and installing code changes (updates) to existing software and systems. It ensures that known vulnerabilities (CVEs) are fixed before attackers can exploit them.

Baselining

The process of measuring and establishing a "standard" state of a system's performance and security configuration. This "snapshot" is used as a reference point to detect anomalies later.

Group Policy (GPO)

A feature of Microsoft Windows Active Directory that allows an administrator to manage the configuration of users and computers centrally. It can enforce security settings across thousands of machines instantly.

Full Disk Encryption (FDE)

A hardening method that encrypts the entire storage drive of a device. If the device is lost or stolen, the data remains unreadable without the decryption key, protecting it from offline attacks.