Today cybersecurity is a challenge that we all face, in the XXI century our life has become a true cybernetic tour since since we woke up we immerse ourselves in a myriad of social networks that, in one way or another, They facilitate communication and information and the amount of information that we must supply in order for said networks or applications to function properly is uncountable. Although our equipment and electronic devices have features that offer security , sometimes it is not enough.
Antivirus programs , software and spyware besiegers limit external access by preventing malicious programs from running on our computer. Since dealing with these problems can represent a great challenge, we developed this post indicating step by step what we must do to have a hardened, resistant system that helps us avoid any type of intrusions and leaks.
- What is Hardening of operating systems?
- What is the main function of Hardening?
- What benefits does Hardening have on devices?
- What are the most important aspects when hardening an operating system?
- What digital tools can we use to do Hardening?
- Calcom Server Hardening Solution
- CalCom Security Solution for IIS
- Chef: Chef Enterprise Automation Stack (EAS)
What is Hardening of operating systems?
It is a protection method that consists of hardening the operating system, completely eliminating as many security risks as possible, reducing the exposure of our system to threats . At that point, what is known as an ‘attack surface’ or vulnerability surface comes into action, which is nothing more than the sum of different sites from which an unauthorized user can try to enter or delete data from our computer, by making a Hardening to our system we shrink those sites.
In short, what we are looking for with this procedure is to minimize vulnerabilities that can lend themselves to infiltrations. It is important to mention that it is not necessary to strengthen all the systems at the same time, it will be enough to plan a tactic to follow based on the previously identified risks and using a phased approach to correct the most serious failures.
What is the main function of Hardening?
As mentioned before, Hardening seeks to find the ideal middle point between an abrupt operating system and a totally emancipated or free one, trying an environment in which it is possible to continue using our equipment either at work for example, with peace of mind and security that comes from knowing that our data and information are safe, we can only achieve this when we correctly configure the systems according to the way they operate.
Configurations are the backbone of information systems, they represent those quantifications, parameters and properties that tell systems from servers to network devices how they should behave and proceed. And since in general the systems are not designed from a safe aspect but rather efficient, it is necessary to harden them.
What benefits does Hardening have on devices?
Although it requires a relentless effort, the benefits are many, by eliminating accesses, unused ports, applications of little use and programs that do not serve any function, attack programs and viruses have less chance of breaking the web server. In addition, since there are fewer programs and therefore less functionality, there are also fewer operational problems, misconfigurations and incompatibilities.
Another practical benefit of Hardening is that because the attack surface is minimized, it also reduces the risks of data leakage , unauthorized access, and malware incursions. Likewise, when there are fewer accounts and programs in the system, the medium is less complex and therefore the audit of said medium ends up being simpler and more transparent.
What are the most important aspects when hardening an operating system?
Some of the most important aspects to consider when hardening our operating system may be: programming a frequent backup system to the state of the system and the files, as far as possible via the network and taking them to physical drives away from the equipment that they use. originates. Encrypting files or drives according to the needs of the system can be very useful, especially if we consider external storage for encryption keys including also encryption systems for instant messaging and emails.
Other aspects to consider, is the appropriate configuration of user accounts, working the longest amount of time with limited access accounts and disabling the administrator accounts, it is better to use the user impersonation option instead of logging in as administrator. Additionally, it is good to disable remote access in cases where it is not necessary, if at any time we require this option we simply re-enable it.
Likewise, configure security options for the different programs such as Internet browsers , emails, networks, as well as the security permissions on files and folders of the system, flatly denying any file permission to unknown access accounts or those that do not have a password. Configuring the network protocols can provide greater security to our system, we could use address translation systems to address the internal equipment of an organization, disable any unnecessary network protocol in the system and limit its use.
Finally, it is vital to activate system audits so that we can have records of very common attacks such as trying to know passwords, limiting software, configuring general security options, especially those related to shared paths, system shutdown and login. . If we take into account all these aspects when strengthening our operating system , the result will be satisfactory and reassuring when using our computer.
What digital tools can we use to do Hardening?
Since hardening implies the improvement of the security of the entire computer operating system , the importance of establishing different Hardening strategies for each component of the system must be considered, differentiating the type according to the role, version and environment in order to be as effective as possible. In this sense, we can say that there are two types of very useful tools that we must check before starting a strengthening project.
Such proprietary tools for hardening operating systems are: ‘Hardening’ automation tools that provide a complete hardening resource carrying out the entire testing process automatically and reporting the impact of each change, configuration management tool of security described as management and control of configurations for an information system whose objective is to allow security and manage risk. Each offers a solution for a different stage in the hardening project.
Calcom Server Hardening Solution
It is a server hardening automation solution designed to reduce operational costs and increase security as well as server compliance. ‘Calcom Server Hardening Solution’ minimizes hardening costs and eliminates outages indicating the impact of a variance in hardening security on production services by ensuring an invulnerable, constantly harsh and monitored server environment.
CalCom Security Solution for IIS
Like the previous one, it refers to a hardening automation solution specifically outlined for Web Server Malware. It is designed to reduce operational costs as well as increase the security and discipline of the web. Automatically establishes the impact of configuration changes on production servers, reducing hardening costs. It also supports strong and supervised web servers.
Considered a security configuration management tool, it is an engine that computes the processes to prepare and manage the configuration, carry out the applications and organize them. Although it is not a specific tool for ‘Hardening’, it can be used for it and brings as a benefit the saving of time, guarantee and reduction of complicated tasks at the time of its execution in repetitive tasks on several servers. Some of its characteristics are: it does not require the installation of agents for its operation, it can be operated with little knowledge, it does not have a graphical environment and, unlike other tools, it does not require difficult configurations.
Chef: Chef Enterprise Automation Stack (EAS)
It is a tool that provides teams that apply the DevSecOps (Development-Security-Operations) system with guidance in the automation of infrastructure configuration through integrated validation and configuration testing, compliance auditing and application delivery. Like ‘Ansible’ it is not specific for hardening of operating systems but it is very useful for that type of project
It is nothing more than a multiplatform configuration management tool that uses an open sauce license, designed to manage the configuration of UNIX-like systems, allowing different tasks to be carried out in parallel on multiple servers. Additionally, it has open source technology and its operation requires the user to describe the system resources and their states using the declarative language offered by this tool. Like the previous ones, it is not a specific tool for hardening the operating system but it is very effective for this purpose.