Server Hardening
Server hardening is a general system hardening process that involves securing the data, ports, components, functions, and permissions of a server using advanced security measures at the hardware, firmware, and software layers.
These general server security measures include, but are not limited to:
- Keeping a server’s operating system patched and updated
- Regularly updating third-party software essential to the operation of the server and removing third-party software that doesn’t conform to established cybersecurity standards
- Using strong and more complex passwords and developing strong password policies for users
- Locking user accounts if a certain number of failed login attempts are registered and removing needless accounts
- Disabling USB ports at boot
- Implementing multi-factor authentication
- Using self-encrypting drives or AES encryption to conceal and protect sensitive information
- Using firmware resilience technology, memory encryption, antivirus and firewall protection
Software application hardening
Software application hardening, or just application hardening, involves updating or implementing additional security measures to protect both standard and third-party applications installed on your server.
Unlike server hardening, which focuses more broadly on securing the entire server system by design, application hardening focuses on the server’s applications, specifically, including, for example, a spreadsheet program, a web browser, or a custom software application used for a variety of reasons.
At a basic level, application hardening involves updating existing or implementing new application code to further secure a server and implementing additional software-based security measures.
Examples of application hardening include, but are not limited to:
- Patching standard and third-party applications automatically
- Using firewalls
- Using antivirus, malware, and spyware protection applications
- Using software-based data encryption
- Using CPUs that support Intel Software Guard Extensions (SGX)
- Using an application like LastPass to manage and encrypt passwords for improved password storage, organization, and safekeeping
- Establishing an intrusion prevention system (IPS) or intrusion detection system (IDS)
Operating system hardening
Operating system hardening involves patching and implementing advanced security measures to secure a server’s operating system (OS). One of the best ways to achieve a hardened state for the operating system is to have updates, patches, and service packs installed automatically.
OS hardening is like application hardening in that the OS is technically a form of software. But unlike application hardening’s focus on securing standard and third-party applications, OS hardening secures the base software that gives permissions to those applications to do certain things on your server.
Oftentimes, operating system developers, such as Microsoft and Linux, do a fine and consistent job of releasing OS updates and reminding users to install these updates. These frequent updates - and we’ve all ignored them - can actually help keep your system secure and resilient to cyberattacks.
Other examples of operating system hardening include:
- Removing unnecessary drivers
- Encrypting the HDD or SSD that stores and hosts your OS
- Enabling and configuring Secure Boot
- Limiting and authenticating system access permissions
- Limiting or eliminating the creation and logging in of user accounts