A hard approach to system security

Is hardening your systems worth the time and trouble? Most say yes.

Glenn S. Phillips, president of Pelham, Ala.-based Forte Inc., says that the dedicated Windows workstations his company sells to hospital emergency room administrators must not only be secure, but also absolutely tamperproof. After all, lives depend on the machines' flawless operation.

Forte's applications show inbound EMTs the emergency room's current availability status, "so our software must be the program that is always running," Phillips says. "We cannot have anyone closing our program, adding games, changing Windows settings and so on."

Phillips and others who need to create highly secure workstations or servers are turning to hardening to create a virtual steel wall against intruders. The hardening process involves removing nonessential tools and utilities from an operating system or application, any of which could be used to help an attacker gain unauthorized access to system settings or data.

The approach can be used to substitute for or (more commonly) complement other security technologies and practices, such as network firewalls.

Going old-school

Hardening, a technique that's been around since the earliest days of networked computers, gradually fell into the shadows as software developers incrementally boosted their products' internal security, and as newer and more sophisticated security technologies and practices arrived on the scene.

"Operating systems and applications are more secure than ever," observes Chris Rafter, vice president of consulting services at Logicalis, a systems integrator in Bloomfield Hills, Mich. Yet improved software security hasn't made hardening any less practical or useful. "It's still one of the least expensive and most effective ways of protecting yourself or preventing infections or outages -- just basically closing security holes that might affect your company adversely," Rafter says.

Peter Makohon, a senior security and privacy manager at the New York office of professional services firm Deloitte & Touche, says hardening is coming back into fashion as more enterprises face pressure to patch every possible security loophole that could conceivably be exploited as an entry pathway. He says that a growing push for stricter compliance measures from private and public regulators is inspiring many enterprises, particularly those involved in finance, health care and other highly regulated industries, to take another look at hardening. "They are now hardening, spending more time securing their more critical assets," Makohon says.

Just about any enterprise can benefit from hardening, Rafter says. "Operating systems and applications are definitely a lot more secure than they were a long time ago, but there's still logic to turning off unnecessary services and basically only activating and using what you really need," he contends. "Plus, it doesn't require a great deal of effort."

1 2 3 4 Page 1
Page 1 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon