Hardening | Cybersecurity

Hardening refers to providing various means of security in computer systems

  • Hardening security is provided at different layers and is often referred to as en-route security
  • Hardening layered security means protecting at the host level, user level, application level, operating system level, physical level, and all the sub-levels in between

In today’s world, hacking and cyber attacks have reached an all-time high. Until specific laws are passed and agencies funded with the explicit task of catching and prosecuting cyber criminals, each of us will have to be hyper vigilant in protecting our digital assets and data. Navigating the world of cybersecurity providers may lead to further issues of trust in both loyalty and competency. Often times you’ll find language which addresses only part of your issues. This is where LANTopia shines. Our analysis doesn’t only take security into account; we look at your environment from a holistic perspective.

Here's a real-life anecdote. In the early days of network security, the concept of “complex passwords” emerged as the answer to weak passwords. In addition, an expiration policy ensured that the user will change their password every couple of months, won’t be able to use their last 10 passwords, must use one upper case, one symbol, one number, minimum of 8 characters, etc. This got so complicated that users, to be more efficient, ended up writing their passwords on a stick-me note and sticking it to their monitors. Did these policies solve the problem or create a much worse one?

Our team of professionals are seasoned and understand the various user, management and developer issues when dealing with a professional environment. We, therefore, take the appropriate measures to ensure that not only is your data safe, but also in a comprehensive way that catches potential pitfalls down the road.

The rest of this article will outline the various methods of hardening your network and cyber security.

Data Protection and Privacy:

We can section “data” into 6 categories.

  • Documents and files
  • Code
  • Database
  • OS
  • Application/Software
  • Hosting Endpoints

In each of these categories, you want to grant the right people access to the right data. Don’t allow users access to anything more than what they need. 

At the file-level, each “need” should have its own folder structure, group, access control (read/write/modify) and documentation that outlines justification for creating and accessing this resource.

Code repositories have a very robust, secure and often free online source-control platforms. We can help you set this up.

Database backup and restore policies can range from on-premises and off-site to cloud-based solutions. Each environment (Dev, Test, Prod) would have access to different versions of data. In many environments, measures to safeguard information such as financial details, personally identifiable information (PII), and other confidential data are strongly considered. For example, developers might not need access to the sensitive data contained in the production environment and should, therefore, get a “scrubbed” version of the production data. Scripts with complex algorithms or generic randomizers to change the sensitive data can be implemented to achieve this end.

A robust backup policy should ensure that in case of a disaster, the data can be rescued and restored. Naming conventions and reduction/elimination of duplicate files can ensure more efficient storage and recovery.

The Operating System (OS) can be vulnerable to attacks from within the network or the internet. Network policies and software can be implemented to prevent users from installing things they aren’t supposed to, go to sites they shouldn’t be going to or downloading content that goes against your policies. In many cases, they shouldn’t be saving files on their local machines either. In the event of a crash, the down-time should be minimized. Ask us about our innovative ideas to achieve the lowest turn-around time for the end user. We’ve set up environments where 10% extra desktop computers (cheapest resource) have been purchased and role-specific images with all necessary software installed. If a user’s computer crashes, the technician simply needs to place another pre-imaged machine on their desk, policy pulls down their profile from the network and they are back working within half an hour as if a crash never took place. The old computer gets taken back to the IT lab for troubleshooting and, if necessary, re-imaged.

Software backups should be done with a repository of physical media as well as a network location where all software is backed up. A list of software can be pushed down to a computer based on group policy and network software can be made available to all users based on their need.

Everyone wants to be online and visible today. Online traffic accounts for a large portion of revenue for many businesses. Unfortunately, this visibility also comes with risks of hack attacks. We, at LANTopia specialize in cybersecurity and securing your endpoints from all manner of attacks. We set up firewalls, intrusion detection systems, and virtual private networks (VPNs) tailored to your business needs.

Having a background in the various aspects of security and use case scenarios gives us an edge over our competition. Contact us today to schedule a free, no-obligation consultation.

Proper documentation and user training can also go a long way towards ensuring greater security. It may not happen in the majority of the cases but enough number of cases have been found to raise significant concerns over data breaches originating from within the organization. All must do their part to help secure the interests of the organization.