Device Hardening

Pluralsight is not an official partner or accredited training center of EC-Council. Reducing the attack surface is important to secure the enterprise. This course provides insight as to how IT systems can be hardened to protect digital IT assets.
Course info
Level
Beginner
Updated
Sep 26, 2017
Duration
2h 29m
Table of contents
Description
Course info
Level
Beginner
Updated
Sep 26, 2017
Duration
2h 29m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Hardening ensures IT systems comply with organizational security guidelines. In this course, Device Hardening, you'll acquire skills that will let you secure your IT environment. First, you'll explore how hardening applies to a wide variety of computing solutions. Next, you'll learn how to apply security requirements to harden network devices and hosts. Finally, you'll discover how to secure virtualization environments and application servers. When you're finished with this course, you'll have the skills and knowledge needed to properly harden your IT ecosystem. Software required: Microsoft Windows Server 2016, System Center Configuration Manager 2016, Red Hat Enterprise Linux 7.1, Amazon Web Services, and Microsoft Azure.

About the author
About the author

Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.

More from the author
Computer Fundamentals: Hardware
Beginner
2h 42m
Jan 14, 2019
More courses by Daniel Lachance
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, I'm Dan Lachance. Welcome to my course, Device Hardening. Organizations develop security policies to protect their employees, their assets, and their business processes. Hardening consists of configuration steps that result in a reduced attack surface. Whether we apply these settings manually, or whether they're deployed centrally, there are common solutions for hardening all IT systems, but at the same time there are specific IT configurations that improve the organization's security stance for certain types of systems. Some of the major topics that we will talk about include defining the meaning and scope of hardening, techniques used to harden network devices and hosts, and also techniques used to harden virtualization environments and application servers. By the end of this course, you'll understand how to not only harden a variety of IT systems, but also how to ensure compliance over time. I hope you'll join me to learn about hardening your IT environment within the Device Hardening course here at Pluralsight.

Hardening Network Infrastructure Devices
Hello, and welcome back to Pluralsight. I'm Dan Lachance, and we're going to talk about device hardening. In this module specifically, we're going to get into the hardening of network infrastructure devices. So this module is going to provide an overview of hardening, and specific techniques that would be used to reduce the attack surface on network equipment such as switches and routers, whether they be on-premises or cloud-based. So specifically in this module we'll start by doing an overview of what hardening is. Then we'll take a look at some examples of how to harden various IT system components, whether we're talking about use or authentication, or whether we're talking about things like how to harden a switch to reduce the possibility of attacks on switches with vulnerabilities. The same thing goes with network routers. What can we do to harden a router to prevent the possibility of attack, or maybe not even an attack, we want to make sure that there aren't any exploits that take advantage of misconfigurations? So join me as we talk about these details.

Hardening Hosts
Hardening hosts is one of the more difficult aspects of securing our network ecosystem, and the reason for this is because an operating system installed on a disk potentially could be deigned to do millions of things. Now, of course, there are streamlined operating systems that might be embedded in firmware devices, but here we're talking about general operating systems like Windows and Linux, or the Android operating system for a mobile device, or the Apple IOS. So in this module, we're going to take a look at how we might harden Windows environments. This would be taking a look at things like removing unnecessary components that are specific to the Windows environment, or patching Windows systems, making sure Windows system are properly firewalled at the host level, and so on. We're going to do the same type of thing, but we're going to put a Linux slant on it, to make sure we remove unnecessary components, change default configurations. We'll take a look at some host-level firewall configuration options for Linux. And we'll do the same types of things again at the mobile device level. What can we do to harden mobile devices that users may be taking on the road with them all over the place, So the potential for being lost or stolen is greater than it might be for an Office desktop computer, so things like SD card encryption, and again, host-based firewalling at the mobile device level will be some of the many things that we'll take a look at in this module.

Hardening Virtual Machine Environments
Most organizations are using virtualization these days either directly or indirectly, such as on-premises or in the cloud. So in this module we're going to focus on how to secure the environment that's used to host virtual machines, including the physical hypervisor hosts, as well as the network and storage ecosystem. Now we don't have as much responsibility to secure that. In a public cloud environment, that's the cloud provider's job. So, specifically, we're going to start talking about what hypervisors are, and we'll focus on type 1 and type 2 hypervisors. Then we'll talk about the virtual machine guests that run on the hypervisors, and what we need to consider in terms of reducing the attack surface on them.

Hardening File Systems and Applications
Hi, welcome back. I'm Dan Lachance. This module will have a focus on the hardening of file systems, as well as on applications. To begin with, we're going to take a look at how to harden file systems on the Windows and the Linux platforms to prevent unauthorized access to that data. We'll then get into data loss prevention, otherwise called DLP. DLP really deals with ensuring that sensitive data either doesn't leave the organization, or if it does, it's still protected. We'll talk about application server hardening, whether we're talking about a database server, a web server, a mail server, and so on, because of those types of servers will have their own specific hardening techniques unique to that type of service that's being offered.