🛡️

System and Endpoint Hardening

Jul 23, 2025

Overview

This lecture covers system and endpoint hardening techniques to secure servers, workstations, and network devices against various cyber threats, emphasizing best security practices and modern tools.

Operating System Hardening

  • Regularly apply operating system security updates and patches to protect against vulnerabilities.
  • Enforce strong password policies, requiring minimum length and complexity (uppercase, lowercase, numbers, special characters).
  • Limit user account permissions; avoid giving administrative rights unless necessary.
  • Restrict remote access by allowing only specific IP address ranges.
  • Monitor systems using antivirus, antimalware, or advanced endpoint security tools.
  • Encrypt sensitive data at the file/folder level (e.g., Windows EFS) or use full disk encryption (e.g., BitLocker, FileVault).
  • Encrypt network traffic using VPNs or secure application protocols like HTTPS.

Endpoint Security and Defense in Depth

  • Apply appropriate security measures for all user endpoints: desktops, laptops, tablets, and mobile devices.
  • Use multiple layered security tools for robust protection (defense in depth).
  • Deploy advanced endpoint detection and response (EDR) to monitor behavior, detect unknown threats, and automate incident response.
  • EDR uses behavioral analysis, machine learning, and process monitoring for rapid threat identification and automated remediation (isolation, rollback).

Host-Based Security Tools

  • Enable host-based firewalls to control and monitor inbound/outbound traffic per process.
  • Use host-based intrusion prevention systems (HIPS) to detect and block known vulnerabilities and suspicious activity within the OS.
  • HIPS can monitor for behavioral changes, registry modifications, or unauthorized file access.

Port and Service Management

  • Close unused network ports to reduce attack surfaces on servers and workstations.
  • Use firewalls (including Next Generation Firewalls) for granular service and port control.
  • Utilize port scanning tools like Nmap to identify open/closed ports.
  • Avoid applications or setups that require excessive or unnecessary open ports.

Device and Software Configuration

  • Change all default passwords and settings on devices and management interfaces to prevent unauthorized access.
  • Enable multi-factor authentication or centralized authentication for added security.
  • Remove unused applications to minimize vulnerabilities and ease update management.

Key Terms & Definitions

  • System Hardening — Reducing vulnerabilities in an operating system or device by applying security measures.
  • EDR (Endpoint Detection and Response) — Advanced security tool for detecting and responding to threats on endpoint devices.
  • Full Disk Encryption (FDE) — Encryption of all data on a storage device.
  • HIPS (Host-based Intrusion Prevention System) — Security software that monitors and blocks suspicious activity on individual devices.
  • Nmap — A tool for scanning networks to discover open ports and services.

Action Items / Next Steps

  • Apply all pending OS and application security updates.
  • Review and update password and user access policies.
  • Audit open network ports using Nmap or equivalent.
  • Change default device passwords and configurations.
  • Remove unused or unnecessary applications from all systems.

Full transcript