Skip to main content

Home Security hardening

Security hardening

(also system hardening, server hardening, cyber hardening)

Security hardening definition

Security hardening, alternatively referred to as system hardening or cyber hardening, denotes the strategy of strengthening system security through various tactics; potentially incorporating configuration modifications, application of updates, and integration of patches; and enforcing security precautions that surpass the default setup. The fundamental objective of security hardening is to shrink the attack surface and curtail vulnerabilities by minimizing the likelihood of threat entry points, consequently enhancing the system's overall robustness and resilience.

See also: internet security, network security protocols, zero-trust

Security hardening examples

  • Operating systems: Security hardening can involve tightening security configurations of operating systems to reduce the potential for exploitation.
  • Software applications: Security hardening can also be applied to software applications, where unused features may be disabled to eliminate unnecessary vulnerabilities.
  • Network devices: Network devices like routers and switches can be hardened by disabling unnecessary services, changing default passwords, and updating firmware regularly.

Advantages and disadvantages of security hardening


  • Enhanced security: Security hardening significantly reduces a system's vulnerabilities, making it harder for attackers to gain unauthorized access.
  • Compliance: Many regulatory bodies mandate security hardening to ensure data protection.


  • Complexity: Security hardening can be a complex process that requires specialized knowledge and constant maintenance.
  • Potential service disruption: If not carried out properly, some security hardening measures could disrupt service.

Using security hardening

  • Implement a hardening policy that defines standards for the setup and configuration of systems and software.
  • Regularly update and patch all systems to protect against known vulnerabilities.