Systems here mean servers, workstations, active network devices (firewalls, routers, switches, wireless base stations, etc.) and the like. Hardening, on the other hand, means changing the system's settings in such a way that the system's vulnerability area can be reduced.
Organization has defined operating processes through which:
- Only essential features, devices and services (in terms of usage and data processing requirements) are put into use. Redundancies are also removed at the BIOS level.
- There is a procedure in which systems are systematically installed so that the end result is a hardened installation.
- A hardened installation contains only such components and services, and users and processes rights that are necessary to meet operational requirements and ensure security.
- Software such as operating systems, applications, and firmware are set to collect the necessary log information to detect abuse.
- Starting the data system from an unknown (other than defined as primary) is blocked from the device.
- Software (e.g. firmware, applications) is kept up-to-date.
- Connections to the target, including management connections, are limited, hardened, user-identified and time-limited (session timeout).< /li>