Hardening (computing)
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
A Blue Team is a group of highly skilled individuals who conduct systematic examinations of Information Systems (IS) or products to determine adequacy of security measures, to identify security deficiencies, to predict effectiveness of proposed security measures, and to confirm adequacy of such measures after implementation.
There are various methods of hardening Unix and GNU systems. This may involve, among other measures, applying a patch to the kernel such as Exec Shield or PaX; closing open network ports; and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. There are also hardening scripts and tools like Lynis, Bastille Linux, JASS for Solaris systems and Apache/PHP Hardener that can, for example, deactivate unneeded features in configuration files or perform various other protective measures.
See also
- Computer security
- Computer network security
- Network security policy
- Address space layout randomization
- Position-independent code
- Security-focused operating system
- TrustedBSD, HardenedBSD
- Security-Enhanced Linux
External links
- IT Security Topic — Hardening at University of Colorado
- Hardening Your Computing Assets PDF at globalsecurity.org