In this video you will learn about network device hardening best practices such as: changing default credentials, avoiding common passwords, upgrading firmware, patching & updating, file hashing, disabling unnecessary services, using secure protocols, generating new keys, & disabling unused ports.
Hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function is more secure than a multipurpose one. In order to reduce available ways of attack include the following:
Changing Default Credentials
At a minimum this should be done because the first thing an attacker will try is to utilize default usernames & passwords, which oftentimes can be found on the Internet.
Avoid Common Passwords
Organizations should prevent employees from using basic dictionary words in isolation because every English-language word can be found in cracking dictionaries.
Upgrade Firmware, Patching & Updating
You want to update unpatched or outdated software & firmware weaknesses immediately.
File Hashing
A cryptographic hash is a mathematical algorithm that maps data of an arbitrary size (often called the ‘message’) to a bit array of a fixed size (the ‘hash value’ or ‘message digest’). It is a one-way function that is practically infeasible to invert or reverse the computation. Cryptographic hash functions are used to achieve a number of security goals like message authentication, message integrity, & are also used to implement digital signatures (non-repudiation), and entity authentication.[1]
Disabling Unnecessary Services
Many computer break-ins are a result of people taking advantage of security holes or problems with these programs. The more services that are running on your computer, the more opportunities there are for others to use them, break into or take control of your computer through them.[2]
Using Secure Protocols
Security protocols & encryption prevent an attacker from tapping into the air and reading data as it passes by.[3]
Generating New Keys
You want to generate new cryptographic private keys periodically, if possible, to prevent an attacker from getting access to those keys which could lead to the attacker gaining unauthorized access to private information.
Disable Unused Ports
Disabling unused ports can stop attackers from plugging a malicious device into an unused port & getting unauthorized access to the network.[4] This includes both ports running IP and physical ports themselves.
References