The solution's description
JHardening is a process of securing the system's configuration in a way, which reduces the occurrence of vulnerabilities that can be used by the attacker. Currently, systems' hardening is one of the basic security measures for information and companies' information system protection.
How does the hardening process work?
The process of ensuring a high level of the security of applications and operating systems is continuous. During systems' hardening, it is necessary to follow the following phases:
- Analysis – in the introductory phase systems are defined that will be the object of hardening. These systems are generally selected according to their cruciality and the importance that they have within the company's information system. The selection of a suitable tool for automated setting check can even be part of it.
- Creation of the hardening security policy - these are the technical and procedural regulations that determine the applications' and systems' configuration, including the implementation of check ups verifying the compliance with reality. During this phase we rely on pre-existing and tested standards, for example CIS, benchmarks, NIST, and others. Hardening security policies are created in this form to make it possible to evaluate them manually, not only within the internal audits, but in particular automatically, which saves on internal resources that are necessary for performing the check ups.
- Processes building – Documents and regulations for ensuring a high level of configuration are part of the hardening process, and so are processes for policies maintenance and their updates, management, monitoring, enforcement, and further development.
- Technical check up and its deployment – It is necessary to put the processes created and technical regulations into practice. The implementation of a tool that can verify the deployment of the hardening policy in the defined device and identify the non-compliances in comparison with the approved policies, is usually a part of this phase.
Which of the systems can be hardened?
Any applications, systems and platforms that are a part of the company's IT infrastructure are suitable for hardening. For example:
- Servers and their application (operation system, databases, web servers, application servers, and others)
- Hardware devices (e.g. SCADA, hardware firewalls, access points – WiFi access points).
- BYOD and MDM devices.
- Work stations and AD GPO (Group Policy), web browser setting, Java and .NET frameworks' behavior, and so on.
Which devices can be hardened or not and enforcing their check up is usually a part of the analysis phase.
Which products are suitable for automated check up?
For automated hardening policy check ups it is possible to use any VMS (Vulnerability Management System) product that can check and evaluate the system setting automatically. This product generally has the following features:
- „Zero-configuration“ setting option, i.e. the possibility of setting a configuration etalon for defined system.
- Performing „agent-less“ check ups.
- Modification and creation of own security policies.
- Evaluation of compliance and non-compliance, exceptions' management.
- Connecting with SIEM and ticket-based system.
- Reporting and alerting.