Info 1: Wat is hardening?

The cybersecurity field contains more than one term that - for most people - is a bit vage to say the least.

In our 'Info' series, we'd love to explain some terms and principles that could benefit from this.

Let's make the cybersecurity field a bit more transparent.

Wat is hardening?


Hardening

Hardening is an important concept in cybersecurity, but what is hardening exactly? While the concept may sound a bit strange and mysterious, its meaning is actually quite simple. On this page, we are happy to explain what hardening is and which risks you’re exposed to when you don’t harden your systems (e.g. servers, workstations, networking devices).

Configurations

Default configurations of operating systems are designed with a focus on usability. This compromises information security and makes systems extremely vulnerable to cyber attacks. Hardening is making adjustments to (default) system configurations to increase security and vastly decreases chances of being attacked by a cybercriminal. Actions include:

  • Removing or disabling unused functions and user accounts.
  • Assigning secure values to security settings.
  • Changing default passwords.

Hardened systems provide maximum security against cybercriminals by decreasing chances of an incident. When a cyber incident does occur, damage is limited and the costs and duration of repairs are too.

Risks

A system that is not (sufficiently) hardened is vulnerable and at risk of being compromised, the most important risks include:

  • Installation of malicious software (malware)
  • Unauthorised access to the entire network
  • Acces to sensitive information
  • Corruption or deleting of data
  • Disturbance or complete stop of critical applications and business processes
  • Denial of service situations where systems or entire networks are rendered unusable
  • Your compromised systems being used to launch denial of service attacks

Cyber essentials

Hardening is part of the cyber essentials. The cyber essentials are composed to help organisations to increase their cyber resilience. It is advised to start with these fundamentals for your organisation, before you explore additional cyber security solutions. Feel free to have a look at our homepage to learn more about other cyber essentials.



Would you like to learn more about choosing and auditing safe configurations for all your systems?