Baselines for Environment Hardening
What’s all this?
I often get asked where to begin securing this or that operating system, a network, or if a person should jailbreak their phone, or whatever. It’s become clear I need some basic reference material to point people to, so I give you (and myself): Baselines, a series of short guides to serve as a starting point of minimal environment hardening.
Environment hardening operates on the basis that your network and all its hosts, nodes and devices, all your accounts and applications in all your operating systems make up a single System or Environment, and that the whole is only as strong as the weakest individual. (Nothing new here.)
The goal of environment hardening is to strengthen and optimize all of these components into a single secure and efficient ecosystem, rather than having them exist loosely strung together with the security holes and inefficiencies that come with default settings and misapplication of resources. Systems theory, a sort of digital device holistic medicine or symbiosis…analogize however you like.
Oh, you mean I gotta do stuff?
Security is not a product. It it not a binary state of being secure or insecure, it is not a set-and-forget list of bullet points or a single magic program, and even at its best, security is never perfect or guaranteed. What security is, is a mindset. It’s a process always changing which is heavily reliant on situational awareness, vigilance and common sense.
There is a strong incentive to portray even the most basic computer security as something esoteric or incomprehensible, but little could actually be further from the truth. The core concepts and solutions in Baselines are remarkably easy to put in motion, even for non-technical people, yet are foundational for the most advanced intelligence agencies and security organizations in the world.
That is not meant to sound impressive. Rather, it’s intended to first premise just how easy it is to take minimal precautions to significantly harden your environment without negatively affecting your everyday activities. Second, it underscores just how insecure so many software vendors and manufacturers ship their products by default.
Thus, the threat model for Baselines is an admittedly low bar, if you could even call it one at all. The themes of Default Deny and Least Privilege are woven into in Baselines, but we’ll mostly be tying up loose ends and closing open doors. That said, do not underestimate the effectiveness of simplicity, efficiency and a strong foundation. Words for life right there.