Network Device Hardening | CompTIA Network+ N10-007 | 4.5

In this video you will learn about network device hardening best practices such as: changing default credentials, avoiding common passwords, upgrading firmware, patching & updating, file hashing, disabling unnecessary services, using secure protocols, generating new keys, & disabling unused ports.

Network Hardening

Hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function is more secure than a multipurpose one.  In order to reduce available ways of attack include the following:

Changing Default Credentials

At a minimum this should be done because the first thing an attacker will try is to utilize default usernames & passwords, which oftentimes can be found on the Internet.

Avoid Common Passwords

Organizations should prevent employees from using basic dictionary words in isolation because every English-language word can be found in cracking dictionaries.

Upgrade Firmware, Patching & Updating

You want to update unpatched or outdated software & firmware weaknesses immediately.

File Hashing

A cryptographic hash is a mathematical algorithm that maps data of an arbitrary size (often called the ‘message’) to a bit array of a fixed size (the ‘hash value’ or ‘message digest’).  It is a one-way function that is practically infeasible to invert or reverse the computation.  Cryptographic hash functions are used to achieve a number of security goals like message authentication, message integrity, & are also used to implement digital signatures (non-repudiation), and entity authentication.[1]

Disabling Unnecessary Services

Many computer break-ins are a result of people taking advantage of security holes or problems with these programs.  The more services that are running on your computer, the more opportunities there are for others to use them, break into or take control of your computer through them.[2]

Using Secure Protocols

Security protocols & encryption prevent an attacker from tapping into the air and reading data as it passes by.[3]

Generating New Keys

You want to generate new cryptographic private keys periodically, if possible, to prevent an attacker from getting access to those keys which could lead to the attacker gaining unauthorized access to private information.

Disable Unused Ports

Disabling unused ports can stop attackers from plugging a malicious device into an unused port & getting unauthorized access to the network.[4]  This includes both ports running IP and physical ports themselves.


  1. Balasubramanian, K. (2018). Hash Functions and Their Applications.
  2. Information Technology Services. UC Santa Cruz.
  3. Managing the Wireless World and Its Security.  Science Direct.
  4. Securing Ports by Using the Port Security Feature. Manning.