System hardening is the process of securing a server or computer system by minimizing its attack surface, or surface of vulnerability, and potential attack vectors. It’s a form of cyberattack protection that involves closing system loopholes that cyberattackers frequently use to exploit the system and gain access to users’ sensitive data.
One official definition of system hardening, according to the National Institute of Standards and Technology (NIST), is that it’s “a process intended to eliminate a means of attack by patching vulnerabilities and turning off non-essential services.”
Part of the system hardening elimination process involves deleting or disabling needless system applications, permissions, ports, user accounts, and other features so that attackers have fewer opportunities to gain access to a mission-critical or critical-infrastructure computer system's sensitive information.
But at its core, system hardening is a method for protecting a system against attacks perpetrated by cybercriminals. It involves securing a computer system’s software mainly but also its firmware and other system elements to reduce vulnerabilities and a potential compromise of the entire system.
Now you know why system hardening exists, but you might be wondering about its practical purpose and why businesses and organizations implement system hardening practices.
The basic purpose of implementing system hardening techniques and practices is to simply minimize the number of potential entryways an attacker could use to access your system and to do so from inception. This is oftentimes referred to as following a secure-by-design philosophy.
There are five main types of system hardening:
- Server hardening
- Software application hardening
- Operating system hardening
- Database hardening
- Network hardening