|
Hardening the configuration of host computers allows us to reinforce the security of the network perimeter by following the principles of defense in depth. As with all components of a defense infrastructure, we rely on multiple security components to protect resources against attacks. This notion can be applied at the network and at the host level. The extent to which a system should be hardened depends on its role on the network and also accounts for the resources you have available to maintain the locked-down configuration. As we discussed in this chapter, default operating system installations rarely implement hardening best practices that allow us to build systems that are highly resistant to attacks. You can significantly improve the host's defenses if you take the time to disable or remove unnecessary services and applications, limit access to data, control user access and privileges, maintain logs, and apply patches. |
|