System hardening means to eliminate as many security risks as possible. Hardening your system is an important step to protect your personal data and information. This process intends to eliminate attacks by patching vulnerabilities and turning off inessential services. Hardening a system involves several steps to form layers of protection.
Commissioning phase
-
Protect the hardware from unauthorized access.
-
Be sure the hardware is based on a secure environment.
-
Disable unused software and services (network ports).
-
Install firewalls.
-
Disallow file sharing among programs.
-
Install virus and spyware protection.
-
Use containers or virtual machines.
-
Create strong passwords by applying a strong password policy.
-
Create and keep backups.
-
Use encryption when possible.
-
Disable weak encryption algorithms.
-
Separate data and programs.
-
Enable and use disk quotas.
-
Strong logical access control.
-
Adjust default settings, especially passwords.
Verification phase
-
Verification of antivirus: Check antivirus is active and updated.
-
Verification of the identification: Check that test and unauthorized accounts are removed.
-
Verification of intrusion detection systems: Check malicious traffic is blocked.
-
Verification of audit logging: Check audit log is enabled.
-
You can use the checklist out of the ⮫ cyber security white paper.
Operation phase
-
Keep software up-to-date, especially by applying security patches.
-
Keep antivirus up and running.
-
Keep antivirus definitions up-to-date.
-
Delete unused user accounts.
-
Lock an active session whenever it is unattended, e.g., lock the screen of the PC or of the control panel (HMI).
Decommissioning phase
-
Delete licenses
-
Delete certificates
-
Delete user accounts
-
Delete applications and user data
-
Safe disposal
References: ⮫ Hardening in Wikipedia (2021)