The term host hardening refers to taking a typical or default installation of an operating system (OS) and associated applications and then modifying the configuration to decrease the host's potential exposure to threats. The extent of hardening depends on the role the system performs. A properly locked-down host can act as an effective contributor toward a reliable network security perimeter.

This chapter presents core principles of the host-hardening process, with the goal of helping you devise standards and procedures for locking down system configurations in your organization. Rather than providing long checklists for every scenario and OS you might encounter, we focus on concepts that are common to most host-hardening ...