System Hardening
What is System Hardening?
System HardeningReducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.
Hardening turns out-of-the-box systems into resilient ones by disabling unused services, removing default accounts, applying least privilege, enforcing strong authentication, enabling encryption, configuring logging, and restricting network exposure. It applies to operating systems, applications, databases, containers, cloud services, network devices, and firmware. Practitioners reference benchmarks such as CIS, DISA STIG, NIST SP 800-53, and vendor hardening guides, then automate the controls through configuration management. Hardening complements patching: even a fully patched system can be exploited if it is misconfigured or runs unnecessary functionality.
● Examples
- 01
Hardening a Linux server by disabling root SSH, applying SELinux, and removing compilers in production.
- 02
Hardening Kubernetes by enforcing pod security standards and disabling the anonymous API endpoint.
● Frequently asked questions
What is System Hardening?
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults. It belongs to the Defense & Operations category of cybersecurity.
What does System Hardening mean?
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.
How do you defend against System Hardening?
Defences for System Hardening typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for System Hardening?
Common alternative names include: OS hardening, Server hardening.