Network Hardening: One loose thread unravels a sweater

By Chuck Smith, Locknet Senior Security Engineer, CISSP

It’s a long-held security concept that you just don’t go to the local big box store, buy a computer and plug it into your network. You want to make sure it is set up to the same security standards as the rest of your system.

Otherwise, that new machine can become the weakest link in your security chain. Remember, it only takes one loose thread to unravel a sweater.

Before you introduce new equipment, you want to “harden” it. That means installing antivirus software, making sure the operating system is patched and up-to-date, and making sure the firewall settings are consistent with the rest of the network.

The same type of hardening activity should take place when you make any kind of change to your network, from adding new computers and peripherals to installing new server applications or even changing users.

No network is static, and all these upgrades and modifications can create security holes. Any change should be reviewed in the context of the whole network: What was the change? What might it impact? What controls do we need to check?

It’s kind of like walking through the house after a party, retrieving stray wine glasses and forgotten scarves—you just want to be sure everything is back where it belongs.

The business case for networking hardening is clear. You get a stable network to support your business, avoid costly security breaches, and maintain customer trust.