Module 4 - 03-1 Flashcards
Introduction to security hardening
Define Security hardening
The process of strengthening a system to reduce its vulnerability and attack surface
Define Attack surface
All the potential vulnerabilities that a threat actor could exploit
Let’s use an example that compares a network to a house. The attack surface would be all the doors and windows that a robber could use to gain access to that house. Just like putting locks on all the doors and windows in the house, security hardening involves minimizing the attack surface or potential vulnerabilities and keeping a network as secure as possible.
What devices or systems can Security hardening be conducted on (5)?
- Hardware
- Operating systems
- Applications
- Computer networks
- Databases
What are examples of hardening procedures?
- Software updates, also called Patches
- Device or application configuration changes
- Security configuration change - example - requiring longer passwords or more frequent password changes
- Configuration check - example - updating the encryption standards for data that is stored in a database
- Removing or disabling unused applications and services
- Disabling unused ports
- Reducing access permissions across devices and network
What is another name for Software updates?
Patches
Define Penetration test
A simulated attack that helps identify vulnerabilities in a system, network, website, application, and process
What is another name for Penetration test?
Pen test
____ refers to all the potential vulnerabilities a threat actor could potentially exploit in a system.
- Penetration testing
- Configuration testing
- Attack surface
- Security hardening
Attack surface
An attack surface is all the potential vulnerabilities a threat actor could potentially exploit in a system.
