Hardening Is A Process With Distinct Steps
It seems like most Hardening tools skip half the steps, let’s use a metaphor to help.
Hardening a server is very much like locking up your house when you go on vacation. Your home will be unattended, much like servers in production which have the goal of being unattended.
Homes are designed to be useful, people coming and going, features like doors, windows, driveways have lots of activity. These homes are decided “attended” to, so bad actors may not see them as targets, at all.
Until you go on vacation, and now all the useful features of your home, become security flaws. Before leaving you thoughtfully “harden” your home, very much like a production server.
You make a list of the vulnerabilities in your home, you also make a list of details that need investigation. You are the home-security scanner, you visit the basement, the garage, various windows and doors throughout your home. You find out what vulnerabilities you have in your home.
After you “Scan” your home, you go about mitigating these vulnerabilities, you “Harden” each vulnerability. Sometimes, you simply lock and existing lock, but sometimes you have no answer for the vulnerability and need to address it. Installing locks, alarms, repairing configurations, and sometimes removing features of your home entirely. Bars over some windows may be installed, removing their functionality while securing them as a vulnerability.
As you “Harden” each vulnerability, you “Verify” each mitigation, each hardening you do. You test a lock, you set off an alarm, you pull on the bars, all to “Verify” that the risk that you “Scanned” and the mitigations you “Hardened” are compliant with our security policy.
Next, you make a list of your “Hardening” steps, you “Report” them, because someone needs access to feed the cat, read the meter, etc. You may need to documentation for next year’s vacation. Other people, like tenants, housesitters, and family may need to know the extent of your “Hardening”.
Vacation Anxiety, Same As Operations Anxiety
We may not express our vacation preparation in terms like this, but a thorough protection of your home includes these steps. Great anxiety is produced on vacation, without these explicit steps.
Your production servers are very similar. Features in development environments are open, easy to use, and unsecured. To build your security policy, the same steps are taken.
- Scan for vulnerabilities,
- Harden through mitigation,
- Verify success of your actions, and
- Report every step to others.
If you’re not completing these steps, great anxiety will develop, while you wonder if you covered all the bases, and you are safe from risk.
In the Enterprise IT Security marketplace, many products exist. Of these products, be sure your chosen solution completes this process, it should Scan, Harden, Verify and Report. You may have several tools to get every step done, but they all need to be done.
HardPrime.com was built to Scan, Harden, Verify and Report in an integrated solution. This allows your IT project team to provide Security First in its agile project workflow.
HardPrime.com doesn’t skip any of the steps, make sure your tools don’t skip steps.
So you can go on vacation without anxiety about your unattended production home.