T2022_05 Hardening Your Network (22nd April 2022)

What is Hardening?

Hardening is the process of eliminating a means of an attack by patching vulnerabilities, turning off non-essential services and configuring systems with security controls such as password management, file permissions and/or disabling unused network ports.

Description

The purpose of systems hardening is to reduce security risk by removing potential attack vectors and reducing the attack surface of the system. Attackers and malware will have less opportunities to develop a foothold within your IT ecosystem if you remove unnecessary programs, accounts, functions, apps, ports, permissions, and access.

Types of Hardening

Systems hardening requires a systematic approach to auditing, identifying, closing, and controlling any security vulnerabilities throughout your entire enterprise. There are a variety of activities that can be used to harden a system, including:

  • Application hardening
  • Operating system hardening
  • Server hardening
  • Database hardening
  • Network hardening

 Benefits of Hardening

Continuous effort is required for hardening. Benefits of hardening include but are not limited to the following:

  •  Enhanced functionality: Given that there are fewer applications and functions, there is a lower danger of operational problems, misconfigurations, incompatibilities, and compromise.
  • Improved security: A smaller attack surface means fewer data breaches, illegal access, system hacking, and virus attacks.
  • Smooth auditability: With fewer programs and accounts and a less complex environment, auditing is usually more transparent and straightforward.

 Recommendations for Hardening

  • Examine your current systems: Conduct a thorough examination of your current technology. To detect faults in the system and prioritize remedies, use penetration testing, vulnerability scanning, configuration management, and other security auditing technologies.
  • Create a system hardening strategy: You don't have to harden all of your systems at the same time. Instead, develop a strategy and plan based on the risks that have been identified in your IT environment, and address the most serious faults in a phased manner.
  • Secure remote access points and users: restrict any unwanted or superfluous open network ports; disable and delete unnecessary protocols and services; establish access lists; encrypt network traffic.
  • Hardening servers: Place all servers in a secure datacenter; never test hardening on production servers; always harden servers before connecting them to the internet or external networks; don't install unneeded software on a server; Ensure that superuser and administrative shares are properly configured, and that permissions and access are limited in accordance with the principle of least privilege.
  • Application hardening: Delete any components or functions that you don't require; restrict application access based on user roles and context (such as using application control); and remove all sample files and default passwords. Then, using an application password management/privileged password management solution that enforces password best practices, application passwords should be controlled (password rotation, length, etc.). Inspection of integrations with other applications and systems, as well as the removal or reduction of unneeded integration components and rights, should be part of application hardening.
  • Database hardening: Set admininstrative limitations on what users may do in a database, such as controlling privileged access; enable node checking to validate applications and users. encrypt database data in transit as well as at rest; impose strong passwords; Remove unused accounts and implement role-based access control (RBAC) privileges.
  • Hardening of the operating system:  Unnecessary drivers, file sharing, libraries, software, services, and functionality should all be removed; local storage should be encrypted; tighten permissions on the registry and other systems; All activity, problems, and cautions should be recorded; Privileged user controls should be implemented.
  • Vulnerabilities must be addressed immediately: Make sure you have a system in place for identifying and patching vulnerabilities that is automated and comprehensive.
  • Remove any accounts or privileges that are no longer needed: Remove unneeded accounts (such as orphaned and underused accounts) and rights from your IT infrastructure to enforce least privilege.

 

The Guyana National CIRT recommends that users and administrators review these recommendations and implement where necessary.

 PDF Download: Hardening Your Network.pdf

References