Hardening

“Security hardening is the process of enhancing the security posture of a system or network by implementing a series of proactive measures to reduce vulnerabilities and mitigate potential risks. This includes configuring systems, applications, and infrastructure to adhere to best security practices, such as disabling unnecessary services, enforcing strong authentication mechanisms, applying patches and updates regularly, and configuring firewalls and intrusion detection systems. The goal of security hardening is to minimize the attack surface and strengthen defenses against cyber threats, reducing the likelihood of successful attacks and enhancing overall resilience to security breaches and unauthorized access.”

Some definitions are narrower, for example, NIST SP 800-152 defines hardening as “a process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services.” However, even if it doesn’t eliminate some means of attack, we consider processes that reduce vulnerabilities and mitigate potential risks as hardening.

See OpenSSF “Compiler Options Hardening Guide for C and C++” for compiler options for hardening C and C++ programs.

Source: https://www.atera.com/glossary/security-hardening/