Dated: 31-10-2024
Ch01. what is the Information Security Hardening
It Assets
(network, systems, application, databases, mobile, physical security) come with default settings which are not suitable for security.
Security Hardening
Security hardening is the process of configuring IT assets to maximize security of the IT asset and minimize security risks.
Security in the "Trenches"
- Security at the most fundamental operational layer
- Security where it matters most
- Usually (but not always) involves junior staff who need extra guidance, training, and scrutiny.
Steps to Information Hardening
- Identify critical assets (& asset owner)
- Research on applicable security controls
- Checklist of applicable controls
- Document controls into SOP
- Implement controls on test setup
- Validation of control implementation
- Change management process for PROD
- Implement on PROD & monitor
Why is Security Hardening, the First step in the Security Transformation Model
- Most basic security settings
- If not adequately addressed here, rest of the security measures hardly matter
Example of Cisco Router Security Hardening
- Remote access through SSH and not through telnet
- Turn off all unused services
- Session timeout and password retry lockout
Post Assessment
In terms of security hardening, SSH stands for
- Small Shell
- Select Shell
- Secure Shell
- Smart Shell
Which of the following is the process of configuring IT assets to maximize security of the IT asset and minimize security risks
- Security test
- Security breach
- Security guide
- Security hardening