Harden Your Systems: Best Practices

The current geopolitical situation with Russia and Ukraine continues to evolve. With the reported cyber attack against Ukraine’s financial infrastructure by Russia, financial firms worldwide are evaluating their cybersecurity readiness and ensuring that their IT systems are “hardened,” or properly secured.

Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. Hardening demands a methodical approach to audit, identify, close, and control potential security vulnerabilities throughout the entire IT lifecycle. The following are best practices.

Networks

Network hardening involves securing the communication of multiple servers and computer systems operating within a network. One way to do this is through establishing an IPS (intrusion prevention system) or IDS (intrusion detection system) to monitor and report suspicious activity in a network. IPS also prevents unauthorized access to the network. Additional functions include configuring and securing network devices, auditing network rules and network access privileges, disabling unused or unnecessary network protocols/ports, encrypting network traffic, and disabling network services and devices not in use. Also, vulnerabilities in devices are corrected to prevent exploitation which can lead to network access.

• Ensure external facing devices like firewalls are properly configured and rules are regularly audited and updated
  
• Secure remote access points and remote users
  
• Disable unused protocols and services
  
• Block unnecessary network ports
• Encrypt network traffic

Servers

Server hardening involves securing data, ports, functions, and permissions of a server. Additionally, establishing a strong password policy, protecting sensitive data with AES encryption or self-encrypting drives, and implementing firmware resilience technology and multi-factor authentication are all recommended. This should be completed system-wide on the hardware, firmware, and software layers.

• Servers should be established in a secure datacenter
• Harden servers before connecting them to the networks
• Only install required software on a server
• Compartmentalize servers with proper control
• Use the principle of zero trust when setting up administrative users

Applications

Application hardening pertains to patching and updating vulnerabilities. It involves updating application code to further enhance its security or using additional security solutions. It also involves software-based security measures to protect any standard or third-party application installed on a server. Application hardening focuses on securing specific applications, such as web browsers, spreadsheet programs, or custom software.

• Remove unnecessary components or functions
• Remove or reset default passwords
• Restrict access to applications based on user roles
• Allow installation only from trusted application repositories
• Audit application integrations
  

Databases

Database hardening involves reducing vulnerabilities in digital databases and database management systems. This is used to harden repositories of data, as well as applications used to interact with that data.

• Implement access control and restrict permissions to limit what users can do in a database
• Enforce secure passwords
• Use user verification process
• Remove unused accounts
• Encrypt data in transit and at rest

Operating Systems

Much like application hardening, an operating system involves patch management that can monitor and install updates, patches, and service packs.

• Implement patch management system to apply OS updates and patches
• Remove unnecessary drivers, services, and applications
• Restrict registry and other systems permissions
• Log appropriate activities, errors, and warnings
• Encrypt local storage