Article: Confessions of a security pro: I was wrong about host hardening

Source: https://www.csoonline.com/article/2624054/confessions-of-a-security-pro--i-was-
wrong-about-host-hardening.html

Author: Roger A. Grimes

Summary of the Article

The author in this article discusses the

practice of host hardening beyond default

security features available in the

computers by birth. The author has been in

favor of this practice for more than twenty

years. He has written several books and

articles containing useful advice about

host hardening. The author now realizes

that securing Windows beyond what

Microsoft recommends is not that significant. Almost every company dealing in system

software has now stronger security features and their products come with built-in malware

defenders. He is of the opinion that certain things have changed now rendering host

hardening a less effective or even an unsafe way.

Recapitulating the author’s viewpoint, there is little to say about a cyber-attack that could

have been done merely because an individual or a company did not take measures to
strengthen its security beyond what OS vendor suggests. What the attacks originate from is

the user not making use of default features to the fullest. The defaults like IPv6, least

privilege principle, strong password, secured router, robust firewall, Windows Defender

Antivirus, modified settings not needed anymore, removed extra software, vendor’s updates

and patches, cautions with email attachments and untrusted links, etc. are to shield the

computers from attacks far better than host hardening can do ("Security Tip (ST15-003)").

My Insights about the Article

The article compares and contrasts the Windows defaults and the host hardening as means of

computer security. The author states that time has changed, hence, the security means and

measures. The practice of host hardening has been undermined with the passage of time

especially after IPv6 had been published. After a number of years of preaching host

hardening, the author has surrendered and realized that the defaults can’t be beaten by the

practice. The author has discussed a few of the many default security features. He emphasizes

working under the restricted mode as malicious software can only adversely affect if the user

has relaxed any system settings. It is recommended to only operate using full privileges when

one desperately needs it e.g. adding or removing any program. Another handy clue that can

help fight malware infections is uninstalling any superfluous programs and turning off

redundant services enabled by default. This is going to defend the user from suspicious

attacks and make the way hard for intruders.

The main takeaway for me is that of the time factor. Due to the heightened competition, the

vendors selling computer programs now keep abreast of customer needs and demands, i.e.

information security. This is the reason why OS vendors now have stronger security

accompanying their products. Second, I believe complacency will lead to nothing. Individuals
and organizations, as users, both need to fully exploit the default security available in-built

and they’ll need nothing else to do for staying safe. It is just about strictly adhering to the

vendor recommendations.

The other way around, I believe, the more the technology goes advanced in terms of

advanced security the more it turns vulnerable to cyber-attacks. In fact, the progressive

technologies in the form of enhanced security features themselves have paved the way for

cybercrimes, malware, and scams. Today, cyber thieves outsmart the expert custodians of the

latest technologies. Security specialists, today, are to cope with risks posed by cloud

computing, wireless technologies, and other related concepts begot by the world of the

internet.

Last but not the least; external threats (i.e. cyber-attacks) generally are handled more

seriously than internal ones. However, the latter tend to be costlier as they may remain

mysterious for a long time. Therefore, I’d recommend everyone to feel responsible, keep to

the vendor instructions, and get strengthened internally, eventually STAY SAFE!
 Reference

Security Tip (ST15-003). (n.d.). Retrieved from https://www.us-cert.gov/ncas/tips/ST15-003