Home / Mission-Critical Computing / Security Hardening

Security hardening, also called system hardening, is the process of reducing the vulnerability of a computer system to make it more secure. The more functions a system performs, the more vulnerability it has; therefore, a single-function system is more secure than a multipurpose system. Reducing system vulnerability may include changing default passwords, removing unnecessary software, deleting unnecessary usernames or logins, and disabling or removing unnecessary services. The purpose of security hardening is to eliminate as many risks as possible. For example, removing all non-essential software programs and utilities from a computer can reduce risk. Advanced security hardening may involve reformatting the hard disk and only installing the bare necessities that the computer needs to function. Large enterprises perform regular security audits to maintain the protection of their IT environments.

Security hardening for a Linux system may involve applying kernel patches, closing open network ports, deactivating unneeded features in configuration files, and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. Other security hardening activities include keeping security patches updated, disallowing file sharing among programs, installing virus and spyware protection, creating strong passwords, keeping a backup, disabling cookies, disabling guest accounts and using encryption.

Database systems often store sensitive data and are therefore popular targets for hacker attacks. Reducing risk for a SAP HANA database includes security hardening for the underlying operating system as well as in-memory data. Most hacker attacks target the operating system first instead of directly attacking the database. Once a hacker has gained access and sufficient privileges within the operating system, he or she can then attack the running database application. SUSE Linux Enterprise Server for SAP Applications includes a security hardened operating system and a firewall solution specifically for SAP HANA in-memory data.