Hardening
Hardening, when applied to computing, is the practice of reducing a system’s vulnerability by reducing its attack surface. Hardening may involve a reduction in attack vectors by culling the pathways, or vectors, attackers would use. It may range from adhering to blanket policies such as Zero Trust, the Principle of Least Privilege (PoLP), or Defense In Depth, but also manifest as certain task lists such as implementing workforce training, segmenting resources, automating security updates, resetting default passwords, hashing passwords, and ceasing to store or transmit data unless it is encrypted. Reducing attack vectors through hardening also involves system owners cutting unnecessary services or processes. Overall, a system that provides more services has a much broader attack surface than one performing just one function.
Here are a few common interpretations:
- Infrastructure:
- Infrastructure Hardening: In a broader sense, it can refer to strengthening the overall physical and technical infrastructure of an organization. This includes securing facilities, implementing access controls, and ensuring the resilience of critical systems.
- Materials and Manufacturing:
- Material Hardening: In metallurgy and materials science, hardening is a process that increases the hardness and strength of a material. This is often achieved through heat treatment or cold working, making the material more durable and resistant to wear.
- Psychological Resilience:
- Psychological Hardening: In psychology, hardening can refer to the process of developing resilience or toughness in the face of adversity. This might involve exposure to challenging situations to build emotional or mental strength.
- Military:
- Military Hardening: This can refer to the fortification of military installations or vehicles to withstand attacks or to make them less vulnerable to damage.