Hardening (computing)

The term hardening is understood in computer technology, to increase the security of a system by only dedicated software is used, which is necessary for the operation of the system, and their can be guaranteed safety aspects correct sequence. The system should thus be better protected against external attacks.

The Federal Office for Security in Information Technology known as hardening in the IT Security "[ ... ] the removal of all software components and features that are not absolutely necessary to perform the intended task by the program. ".

The aim is to create a system that can be used by many, even less trustworthy individuals. For example, there is the hardened project that compiles a kernel version and other system services that a secure Linux system can also be provided for foreign users for Gentoo Linux.

Objectives

In practice, have emerged as targets of hardening measures:

  • The reduction of the ways to exploit vulnerabilities
  • Minimizing the possible attack methods
  • The restriction of an attacker after a successful attack tools available
  • The minimization of an attacker after a successful attack available privileges
  • Increasing the probability of detection of a successful attack

As a secondary objective of curing a possible reduction in the complexity and maintenance requirements of the system can be seen, which may lead to a higher controllability and thus a minimization of administration errors.

Methods

Conventional methods of curing include:

  • Removal or deactivation of non-essential for the operation of software components
  • Use an unprivileged user accounts to run server processes
  • Adjustment of file system rights and their inheritance
  • Use of chroot jails or other for the execution of software
  • Use of Mandatory Access Control
  • Use of encryption, such as for data transmission
  • Use completely error-free software with no known vulnerabilities

An operating system can be described as " hardened system ":

  • In which only the components and services are installed, which are needed to the actual operating
  • All user accounts are not required are deleted
  • All ports not needed are closed
  • Restrictive permissions are set
  • Tight system policies are forgiven

Hardening measures are to be considered separately from other security measures such as patch cycles, the introduction of anti- virus solutions, firewalls or IDS / IPS that represent complementary methods of prevention.

Intrusion Prevention System Information security
377174
de