Hardening Baseline

An unhardened system can increase the risk of attackers successfully damaging your business. Cyberattacks that exploit known vulnerabilities to gain access to (critical) infrastructure and company data pose an enormous risk to the company and its employees.

There are several approaches you can take to protect your business assets to some degree, but the most important thing is to establish a strong foundation for security. This foundation can be built with our security baseline for your IT and OT devices.

Hardening baselines consist of security measures that serve as the foundation for a secure IT and OT infrastructure. Implementing these measures reduces the attack surface on hardened systems and provides better protection against cybersecurity threats. We provide a customized hardened security baseline for all devices in your organization, which is tailored to your specific security needs.

Hardening baselines is an important resource in an organization to minimize the opportunity for security incidents.

AREAS OF HARDENING:

OS (operating systems: Microsoft Windows, Microsoft Windows Server, Linux distribution, Linux server distributions, Linux, VMware)

Operating system hardening deals with adjusting settings within the operating system to make it less vulnerable to external or internal attacks, whether intentional or unintentional. Enforcing stricter account policies, configuring firewall rules and access controls, and aligning audit configurations with your existing policies are just a few of the many options implemented as part of Hardening Baselines.

Network device hardening – hardening of network devices

Network devices need just as much, if not more, attention as they form the basis for communication between different devices and manage access. An insecure communication protocol can be abused to gain access to the corporate network, which can be the start of major security incidents.

Network devices such as routers, switches and firewalls need properly configured security settings to be a reliable gateway between devices.

OT-specific hardening (PLCs, DCS systems, Windows / Linux WS / Servers, VM software)

The production environment with appropriate OT devices and equipment are no exception in the field of hardening. PLCs and DCS environments are also devices that need to be hardened to ensure OT security. Especially when connecting to IT networks that are connected to the Internet, properly configured hardening and, ideally, monitoring is needed. Hardening is one of the most important components for securing the OT environment. Blocking ports, protecting CPUs, protecting code, and minimal permissions are just a few of the essentials when it comes to OT hardening and our hardening baselines.

Physical Hardening

Physical security is at least as important as digital security. The damage that can be caused by a facility intrusion is immense and does not even require technical knowledge to put equipment out of service. The right social engineering skills can easily provide access to a facility. You are only as safe as your weakest link. That’s why we focus not only on physical port blockers, USB locks, proper encryption and key management, but also on training your employees.

YOUR DEMAND – OUR STANDARD

Hardening baselines are established by CyberShield’s security experts according to industry standards, vendor recommendations, best practices and lessons learned. According to your needs, CyberShield supports you with on-site or remote implementation. No matter where you are in the world: We guarantee you the same quality of expertise.

We have a lot of experience in hardening a variety of equipment from different suppliers. It is extremely important to us to align our hardening recommendations with the equipment manufacturers to ensure proper implementation and functionality of the equipment downstream and not compromise security, availability, and your SLAs.

These are some manufacturers with whom we have already successfully cooperated:

• Emerson
• Siemens
• Schneider Electric
• Yokogawa
• Cisco
• Rockwell
• Honeywell
• Hirschmann
• FortiNet
• Palo Alto
• Allen Bradley
• Extreme Networks
• HP
• McAfee
• Juniper Networks
  

Hardening is an important stepping stone in building your cybersecurity defenses, which is why it’s not easy to implement without help. CyberShield offers support for both IT and OT systems:

• Experience with various dealers in the OT area for the implementation of the hardening measures
• Our Hardening Baselines documentation is based on manufacturer recommendations, best practices and our own experience
• Practical hardening baselines with step-by-step instructions on how to implement and realize hardening
• Coverage of many different types of equipment: OS systems, network equipment (firewalls, switches, routers), OT specific devices (PLCs, controllers) and DCS.
• An extensive documentation library for hardening implementation
• Guide preparation on request for specific devices
• Tested hardening baselines for error-free implementation process

Our goal is to provide you and your company with a way to secure your devices without compromising security and availability. Whether you are part of the critical infrastructure or simply want to create a more secure environment for your employees, customers and their data.

We offer a customized Hardening Baseline for your needs and security level, which can be determined by assessing your current security level. It also depends on the volume and criticality of your systems and your cybersecurity workgroup. In each case, the Hardening Baselines provide step-by-step guidance for implementing the security measures. You determine the level of support required for implementation, depending on your internal security resources and expertise. Our team can guide you through the entire process and even assist with direct implementation of the policies in the system, if requested. If you have sufficient resources for implementation and are only interested in the Hardening Baseline itself, we will provide an onboarding session to address any outstanding issues and will be available to answer questions and provide support later.

The hardening baseline itself is continuously revised as new vulnerabilities and weaknesses become known. New measures for these issues are first tested and then published in our policies under the highest priority. Over time, the guides will be expanded and adapted, and even as systems near the end of their lifespan, we will continue to provide solutions for these systems.

1. Comprehensive step-by-step curing guides
2. We provide a security baseline for every (OT) system
3. Step-by-step creation of a secure environment according to your needs