Hardening: endpoint protection, firewall, HIPS, disabling ports, password changes, remove unnecessary software

2.3 Mitigation techniques

📘CompTIA Security+ SY0-701

Hardening: Mitigation Techniques (SY0-701 Exam)

Hardening is the process of making systems, devices, and networks more secure by reducing vulnerabilities. The goal is to make it harder for attackers to exploit systems. Hardening is essential for endpoints (computers, servers, mobile devices) and networks.

Below are the main techniques you need to know:

1. Endpoint Protection

Definition: Endpoint protection secures individual devices from malware, viruses, ransomware, and other threats.

Key Points for the Exam:

  • Endpoint protection uses antivirus, anti-malware, and EDR (Endpoint Detection and Response) tools.
  • EDR can detect unusual activity, block attacks, and alert administrators.
  • Regular scans and real-time monitoring are crucial.

Example in IT: A company installs endpoint protection on all laptops. If a user accidentally downloads malware, the endpoint protection detects it and blocks it before it spreads.

2. Firewalls

Definition: A firewall monitors and controls incoming and outgoing network traffic based on security rules.

Types of Firewalls:

  • Host-based firewall: Runs on a device to protect it individually.
  • Network firewall: Protects the entire network at a gateway.
  • Next-Generation Firewalls (NGFW): Include extra features like intrusion prevention and application filtering.

Key Points for the Exam:

  • Firewalls block unauthorized access while allowing legitimate traffic.
  • Rules are usually based on IP addresses, ports, and protocols.

Example in IT: The company’s network firewall blocks all incoming traffic on port 3389 (Remote Desktop Protocol) to prevent unauthorized remote access.

3. Host-based Intrusion Prevention System (HIPS)

Definition: HIPS is software installed on a device that monitors and prevents suspicious activity on that host.

Key Points for the Exam:

  • Detects malicious behavior like system file changes, suspicious processes, or privilege escalation.
  • Can prevent attacks before they compromise the system.
  • Often works with antivirus and firewalls for layered security.

Example in IT: If malware tries to modify system files, HIPS stops it and alerts the administrator.

4. Disabling Unnecessary Ports

Definition: Open ports can be entry points for attackers. Disabling unused ports reduces risk.

Key Points for the Exam:

  • Use port scanning tools to identify open ports.
  • Disable or close ports that are not needed.
  • Common risky ports: Telnet (23), SMB (445), RDP (3389) if not in use.

Example in IT: A server only needs ports 80 (HTTP) and 443 (HTTPS). All other ports are closed to reduce attack surface.

5. Regular Password Changes

Definition: Changing passwords frequently reduces the chance of compromise.

Key Points for the Exam:

  • Use strong, complex passwords.
  • Change default passwords immediately.
  • Implement password policies using tools like Active Directory.
  • Combine with multi-factor authentication (MFA) for extra security.

Example in IT: All users must change their passwords every 90 days, and passwords must include letters, numbers, and symbols.

6. Remove Unnecessary Software

Definition: Extra software increases vulnerabilities, as unused apps may have security flaws.

Key Points for the Exam:

  • Remove or uninstall software that is not required.
  • Keep only essential applications up-to-date.
  • Fewer applications = fewer potential vulnerabilities for attackers to exploit.

Example in IT: A server used for web hosting doesn’t need email software. Removing it prevents possible exploits.

Summary Table for Exam

Hardening TechniquePurpose / Benefit
Endpoint protectionDetects and blocks malware and ransomware
FirewallControls network traffic and blocks unauthorized access
HIPSMonitors host behavior and prevents attacks
Disable unnecessary portsReduces attack surface by closing unused network ports
Regular password changesReduces risk from stolen or guessed passwords
Remove unnecessary softwareLimits vulnerabilities by keeping only essential apps

Exam Tip: Questions may ask you to identify which hardening technique prevents a particular type of attack. Remember:

  • Malware: Endpoint protection
  • Unauthorized network access: Firewall
  • Suspicious host activity: HIPS
  • Unused services: Disable ports / remove software
  • Account compromise: Password policies

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by