System Hardening and Baselines

Antispam – Technology used to combat unsolicited junk e-mail, or spam.

Antivirus (AV) – Technology employed to screen for and block the execution of viruses and other malware.

Application hardening – The steps taken to harden an application, mitigating vulnerabilities and reducing the exploitable surface.

Application vulnerability scanner – Technology used to scan applications for potential vulnerabilities and weaknesses.

Baseline – A system or software as it is built and functioning at a specific point in time. Serves as a foundation for comparison or measurement, providing the necessary visibility to control change.

Baselining – The process of establishing a system’s security state.

Bennchmarks – Along with secure configuration guides offer a set of guidance for setting up and operating systems to a secure level that is understood and documented.

blacklisting – The term used to describe the exclusion of items based on their being on a list (blacklist).

Continuous monitoring - Describes a system that has monitoring built into it, so rather than monitoring being an external event that may or may not happen, monitoring is an intrinsic aspect of the action.

Desired state configuration - is a PowerShell-based approach to configuration management of a system.

Elasticity - The ability of a system to increase the workload using additional hardware resources—commonly dynamically added on demand—in order to scale out.

Firmware update – An update process that occurs when small software is loaded onto internal nonvolatile RAM (NVRAM).

Globally unique identifier (GUID) – A unique reference number used as an identifier of an item in a system.

Group policy – The mechanism that allows for centralized management and configuration of computers and remote users in a Microsoft Active Directory environment.