A hardened approach to system security

Hardening software to prevent security breaches is coming back into fashion. And, yes, it's worth the trouble.

By John Edwards, Computerworld |  Security

Glenn Phillips, president of Pelham, Ala.-based Forté, says that the dedicated Windows workstations his company sells to hospital emergency room administrators must not only be secure, but absolutely tamperproof as well. After all, lives depend on the machines' flawless operation.

Forté's applications show emergency medical technicians the emergency room's current availability status, "so our software must be the program that is always running," Phillips says. "We cannot have anyone closing our program, adding games, changing Windows settings and so on."

Phillips and others who need to create highly secure workstations or servers are turning to hardening to create a virtual steel wall against intruders. The hardening process involves removing nonessential tools and utilities from an operating system or application, any of which could be used to help an attacker gain unauthorized access to system settings or data.

The approach can be used to substitute for or, more commonly, complement other security practices and technologies, such as network firewalls.

Hardening is a technique that's been around since the earliest days of networked computers, but it gradually fell into disuse as software vendors boosted the security of their products and IT managers adopted new security technologies and practices.

Even so, the security improvements haven't made hardening any less practical or useful. "It's still one of the least expensive and most effective ways of protecting yourself or preventing infections or outages," says Chris Rafter, vice president of consulting services at Logicalis Group, a systems integrator in Bloomfield Hills, Mich.

Peter Makohon, a senior security and privacy manager at the New York office of professional services firm Deloitte & Touche, says hardening is coming back into fashion as more enterprises face pressure to patch every possible security hole that could conceivably be exploited as a pathway into a corporate system. Regulatory compliance is another factor that's inspiring many enterprises, particularly those in highly regulated industries, to take another look at hardening.

Just about any enterprise can benefit from hardening, Rafter says. "Operating systems and applications are definitely a lot more secure than they were a long time ago, but there's still logic to turning off unnecessary services and basically only activating and using what you really need," he contends. "Plus, it doesn't require a great deal of effort."

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question