The protection of data and information is a high priority in companies, partly due to regulatory requirements. To ensure that company-relevant information is protected in the best possible way, those responsible must rely on system hardening, among other things. Here we explain exactly what that is.
What does system hardening mean?
Since highly sensitive company information and personal data are processed and stored on IT systems, the systems must be subjected to special protective measures.
System hardening is a very effective security measure. It secures the operating system, regardless of whether it is a physical, virtual or cloud-based system.
Why IT systems are specially configured
Common IT systems with operating systems such as Microsoft Windows or Linux are configured by their manufacturer’s perspective for the broadest possible compatibility and feature set. The systems are therefore equipped with potentially vulnerable, but often unused components.
This means that operating systems do not have restrictive security configurations by default. It is precisely these often unused and unconfigured functionalities that attackers such as hackers frequently exploit as an attack vector.
The goal of system hardening is: These functionalities as well as their exposed interfaces are deactivated or even uninstalled.
What threats exist
The main threats to non-hardened IT systems are:
- Identity theft, e.g. attacks on the central identity management structure.
- Data manipulation of personal data and sensitive company data
- Data leakage, e.g. hackers copy entire databases
- Manipulation of applications or related systems
- Sabotage or espionage of operational and production processes
- Infiltration and distribution of malware.
As current figures show (like the Cyberthreat Report 2021), many companies are affected by hacker attacks, data theft and espionage. That’s why information security and system hardening is more important than ever!
System-hardening: examples of measures
System hardening is a technical building block to reduce possible weaknesses (“vulnerabilities”) of IT systems and IT infrastructures. The free handout from the german association TeleTrust recommends the following measures, among others, in chapter 3.2.21:
- Regularly reviewing the need for enabled services
- Operate running services only with minimal rights
- If possible: operate running services in an isolated environment
- Minimal assignment of rights for maintenance interfaces and accesses
- Restrict access to operating system configuration files
- Changing all existing default passwords with passwords according to a company-internal password policy
- Disabling of
- error or debug messages for end users
- insecure, obsolete, and/or unneeded interfaces
- unneeded autostart mechanisms
- unnecessary operating system components incl. background services
- a screen saver with password protection
- strong user account control (UAC)
- the antivirus program during the boot process
- the logging
- the CPU security functions
- the BIOS access password
- a specified boot sequence
TeleTrust adds: “A large part of the hardening measures listed above is feasible through technical settings. These settings can be distributed automatically to all server systems in the company via a hardening package (e.g. using scripts).”
In addition, the following applies: New server systems should be provided with the appropriate standardized configuration immediately after the installation is completed, and exceptions to hardening should be managed centrally.
#NoCodeHardening: The solution for automated system hardening.
The hardening of IT systems is very complicated and, in the case of large companies, also very complex. Normally, the system administrators have to make thousands of settings manually – which eats up time. And it ties up a lot of resources that are needed elsewhere.
Nevertheless, system hardening must not be neglected under any circumstances! Otherwise, the probability increases that cyber criminals will succeed with their cyber attacks.
How can an IT department reduce its time spent on system hardening? Via automation! Self-programmed scripts ensure that many system hardening processes run independently. But developing and customizing the code also takes time.
To reduce this effort as well, the #NoCodeHardening initiative was born. The alliance of several IT companies, which includes FB Pro GmbH, is advancing the automation of system hardening through specialised tools. Tools like the Enforce Administrator, which is a part of the powerful Enforce Suite.
Need more information?