|This article does not cite any references or sources. (March 2009)|
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
There are various methods of hardening Unix and Linux systems. This may involve, among other measures, applying a patch to the kernel such as Exec Shield or PaX; closing open network ports; and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. There are also hardening scripts and tools like Lynis, Bastille Linux, JASS for Solaris systems and Apache/PHP Hardener that can, for example, deactivate unneeded features in configuration files or perform various other protective measures.
- Computer security
- Computer network security
- Network security policy
- Address space layout randomization
- Security-focused operating system
- TrustedBSD, HardenedBSD
- Security-Enhanced Linux
- IT Security Topic — Hardening at University of Colorado
- PDF at globalsecurity.org