System Hardening

Most computers offer network security features to limit outside access to the system. Software such as antivirus programs and spyware blockers prevent malicious software from running on the machine. Yet, even with these security measures in place, computers are often still vulnerable to outside access. System hardening, also called Operating System hardening, helps minimize these security vulnerabilities.

The purpose of system hardening is to eliminate as many security risks as possible. This is typically done by removing all non-essential software programs and utilities from the computer. While these programs may offer useful features to the user, if they provide "back-door" access to the system, they must be removed during system hardening.

Advanced system hardening may involve reformatting the hard disk and only installing the bare necessities that the computer needs to function. The CD drive is listed as the first boot device, which enables the computer to start from a CD or DVD if needed. File and print sharing are turned off if not absolutely necessary and TCP/IP is often the only protocol installed. The guest account is disabled, the administrator account is renamed, and secure passwords are created for all user logins. Auditing is enabled to monitor unauthorized access attempts.

While these steps are often part of operating system hardening, system administrators may choose to perform other tasks that boost system security. While both Macintosh and Windows operating systems can be hardened, system hardening is more often done on Windows machines, since they are more likely to have their security compromised.

Updated: N/A