2.5 Hardening Techniques

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

System Hardening

Involves tightening security on devices like servers by applying best practices.

  • Installing OS updates and patches

  • Enforcing strong password policies

  • Limiting user account privileges to only what’s needed

  • Always protect the system with antivirus, anti-malware, or endpoint detection

  • If you’re accessing a device across the network limit who may have access to this particular system (Include an IP address range that’s permitted to access this server)

2
New cards

Encryption

Another good hardening technique is to encrypt any data that you would like to protect on these systems.

  • File system encryption like Windows EFS secures specific files or folders

  • Full Disk Encryption (FDE), such as BitLocker or FileVault, protects everything on the drive.

  • To secure data in transit, use encryption methods like VPNs

  • Many applications also include built-in encryption to protect their own data exchanges (like HTTPS)

3
New cards

The Endpoint

Endpoints like desktops, laptops, tablets, and smartphones all require hardening

  • Each platform may run different operating systems and apps, requiring tailored security.

  • Must defend against both inbound and outbound attack

  • A layered, defense-in-depth approach—using various tools across platforms—is essential to stopping attackers.

4
New cards

Endpoint Detection and Response (EDR)

A next-gen security solution designed to detect and respond to malware threats “modernly”

  • Uses more than just signature-based detection

  • Applying behavioral analysis, machine learning, and process monitoring through a lightweight agent on the endpoint.

  • Can perform root-cause analysis, isolate infected systems, quarantine threats, and even roll back changes—all automatically

  • Are often driven by APIs and reported to a central management console

5
New cards

Host-based Firewall

A software firewall that runs directly on an endpoint, like a personal computer.

  • Can allow or block incoming and outgoing application traffic, with full visibility into data before or after encryption (is sitting on your operating system itself)

  • Though installed on individual systems, host-based firewalls can be centrally managed

6
New cards

Finding Intrusions

Host-Based Intrusion Prevention Systems (HIPS) are often integrated into EDR or anti-malware tools to detect known attacks and vulnerabilities directly on a device

  • HIPS can monitor inbound traffic, application configurations, operating system changes, and verifies updates

  • Uses methods like signatures, heuristics, and behavioral analysis to detect threats such as buffer overflows, unauthorized registry changes, file writes to sensitive folders, or access to unencrypted data.

  • Because it's installed on the operating system, HIPS has deep visibility into how that system operates.

7
New cards

Open Ports & Services

Every outward-facing service opens ports on a system, which can be accessed over the network and potentially exploited.

  • To reduce risk, only necessary ports should remain open.

  • Firewalls, especially next-gen firewalls, can help manage this by filtering traffic not just by port, but by service.

  • Some ports may open unknowingly during OS or application installs

  • Tools like Nmap should be used to scan and verify open ports

  • Some apps irresponsibly suggest opening all ports instead of specifying just the ones they actually use.

8
New cards

Default Password Changes

Devices like routers, switches, firewalls, and applications often come with default login credentials for management interfaces

  • These interfaces can contain sensitive data

  • Are widely known and easy for attackers to find.

  • While some systems prompt you to change the password on first login, many do not

  • Wise to add extra security layers after like requiring additional logins or using third-party authentication solutions.

9
New cards

Removal of Unnecessary software

Every application on a system introduces potential vulnerabilities, even if they haven't been discovered yet.

  • Removing unused or unnecessary software reduces the system’s attack surface and lowers risk

  • With many applications installed—each using its own update process—managing security becomes harder.