My CompTIA Server+ Favorites: System Hardening

System hardening involves removing unneeded OS and application features and ensuring remaining software is up to date.

My CompTIA Server+ Favorites 4

Check out the other two articles in this series:

The importance of security needs no introduction to IT pros. This year alone, Gartner predicts that $150.4 billion will be spent on security mitigation technologies. This represents an anticipated 12.4% growth over 2020 (which saw a 6.4% increase over 2019).

CompTIA Security+ (SY0-601) is a go-to certification for many organizations that want to bring their IT staff up to speed on common threats and mitigation techniques. In fact, DOD directive 8570 requires CompTIA Security+ certification for many federal employees.

Much of the CompTIA Security+ content is built around hardening systems. That content
is also a cornerstone of CompTIA Server+, extending the CompTIA Security+ lessons directly into the server administration realm. I’ve selected system hardening as one of my three favorite topics from CompTIA Server+ (SK0-005) to dive into.

What Is System Hardening?

System hardening is a way of reducing vulnerabilities to decrease the risk of cyberattacks. Many CompTIA certifications include cybersecurity coverage, including CompTIA A+, CompTIA Network+, CompTIA Linux+, CompTIA Server+ and CompTIA Cloud+. I have spent two decades teaching these courses and whenever the topic of hardening comes up, I introduce it with this simple phrase: Remove what you don’t need and use the most current version of what’s left.

Clearly, that’s a simplification and needs additional detail to be useful. Still, it’s a start. Let’s look at how CompTIA Server+ addresses system hardening.

What Aspects of System Hardening Are Particularly Important?

It’s a common approach in cybersecurity to break systems down into layers. Let’s use that approach to delve deeper into system hardening:

  1. Services management
  2. Application hardening
  3. Operating system feature management
  4. System updates and patches

These are just four possible layers and are focused exclusively on standalone servers. Network security has not been included in this list. For more information on network security, see CompTIA Network+ and CompTIA Security+.

1. Services Management

Services management includes configuring what types of requests a server will respond to. For example, a file server will be configured to respond to share requests, including share enumeration (what shares exist), access to shared folders and file backup services.

In Linux, service management is usually handled by using the systemctl command. Windows relies on the Services console or PowerShell cmdlets such as get-service and restart-service.

Administrators must be able to evaluate what services should be running on the server and how best to configure those services to respond to legitimate client requests only. For example, a file server might be permitted to respond only to clients on a specific subnet.

2. Application Hardening

Applications must also be hardened. Many applications are complex and include optional feature sets. Administrators can choose to install some or all features. Some admins will install everything just in case the user needs a particular option.

However, unused features may not be consciously recognized and properly secured or patched. It’s just too easy to neglect a particular program when no one appears to be using it. Minimal application deployments and on-demand feature installations help make applications more secure.

3. Operating System Feature Management

Much like applications, operating systems also include additional feature enhancements that may be useful on some servers and unnecessary on others. SysAdmins must identify the features required for a given server’s role and ensure no extraneous components are installed. Anything extra that is installed must be actively secured and patched, and it will always expand the server’s attack surface.

Both Linux and Windows server operating systems include tools for identifying, removing and adding installed features. Linux relies on tools like RPM, dpkg and DNF to manage OS components, while Windows uses PowerShell cmdlets and graphical consoles to configure the OS.

4. System Updates and Patches

Thus far, we have focused on the “removing what you don’t need” aspect of hardening. The second part of the hardening concept is equally critical: use the most current version of whatever is left.

I’ve been in IT a long time, and I recognize that immediately jumping to a new software or OS version upon its release is not a good practice – and that’s not what I’m advocating here. The idea for using the most current version assumes that your organization has properly tested and approved the proposed version update by using a deliberate change management system.

Today, most organizations have a patch management system in place. For example, many Windows-based environments rely on Windows Server Update Services (WSUS) to keep operating systems (and some applications) up to date. CompTIA Server+ emphasizes the importance of these practices as part of an organization’s comprehensive security posture.

Applying the Hardening Concept

Server hardening is a critical component of managing an organization’s security landscape. By applying the general concept of “remove what you don’t need and use the most current version of what’s left,” administrators can better satisfy their company’s security requirements.

CompTIA Server+ does a great job examining the aspects of service management, application hardening, OS feature management and patching. The exam objectives properly emphasize the importance of these practices and allow certification candidates to apply CompTIA Security+ knowledge to server administration.

By the way, it’s a good idea to apply the hardening concept to your own devices. If you have applications installed on your home computer that you no longer use, uninstall them. Consider upgrading to a more current version of your preferred OS. Be very careful to keep your web browser of choice updated and do not add unnecessary features like plug-ins. Smartphones benefit from this same approach.

My Favorite CompTIA Server+ Topics: A Recap

As the author of the latest Official CompTIA Server+ Instructor and Student Study Guides, I have a unique perspective on the process of translating the exam objectives into learning materials. During that process, I found that some topics were more fun to write, more interesting to research and more practical based on my own experience.

In this series, I have identified a few of those topics and delved into them in more detail.

My three favorite CompTIA Server+ topics are:

Please feel free to comment or reach out with questions or observations regarding these CompTIA Server+ topics. And good luck on the new CompTIA Server+ exam!

Ready to get started? Download the exam objectives to see what else is on the new CompTIA Server+ exam.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment