Hardening (computing)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.

There are various methods of hardening Unix and Linux systems. This may involve, among other measures, applying a patch to the kernel such as Exec Shield or PaX; closing open network ports; and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. There are also hardening scripts and tools like Lynis, Bastille Linux, JASS for Solaris systems and Apache/PHP Hardener that can, for example, deactivate unneeded features in configuration files or perform various other protective measures.

Hardening activities include:

  • Keeping security patches updated
  • Installing firewall
  • Closing certain ports
  • Not allowing file sharing among programs
  • Installing virus and spyware protection
  • Using containers or virtual machines
  • Creating strong passwords
  • Keeping a backup
  • Disabling cookies
  • Using encryption when possible
  • Disabling weak encryption

See also[edit]

External links[edit]