Security Encyclopedia

Hardening

Hardening, when applied to computing, is the practice of reducing a system’s vulnerability by reducing its attack surface.

Hardening may involve a reduction in attack vectors by culling the pathways, or vectors, attackers would use. It may range from adhering to blanket policies such as Zero Trust, the Principle of Least Privilege (PoLP), or Defense In Depth, but also manifest as certain task lists such as implementing workforce training, segmenting resources, automating security updates, resetting default passwords, hashing passwords, and ceasing to store or transmit data unless it is encrypted.

Reducing attack vectors through hardening also involves system owners cutting unnecessary services or processes. Overall, a system that provides more services has a much broader attack surface than one performing just one function.

Example:

“Hardening our systems to make them more resistant to attack will entail discontinuing unneeded or unused services, as these entry points needlessly provide attack vectors through which cyberattacks are deployed. The fewer doors — the fewer unwanted visitors.”