System Hardening Techniques (Part 1) (Domain 2)
In this episode, we’re beginning our two-part look at system hardening techniques. System hardening means strengthening your systems so that they are more resistant to attack. It’s about reducing the number of ways an attacker can gain a foothold—by removing unnecessary services, applying updates, enforcing security configurations, and deploying essential defenses. In Part One, we’ll focus on two core hardening practices: encryption and endpoint protection.
Let’s start with encryption. In the context of system hardening, encryption is used to protect data at multiple layers—on the disk, in memory, and during transmission. By applying encryption properly, you reduce the vulnerability surface and ensure that even if an attacker gains access to a system or intercepts traffic, they cannot make sense of the data.
At the file system level, full disk encryption protects data at rest. This is especially important for laptops, mobile devices, and portable storage, which are more likely to be lost or stolen. If someone gains physical access to an encrypted device, they won’t be able to read the contents without the encryption key. This protects everything—from configuration files to personal documents—without relying on the user to encrypt each item individually.
At the file or folder level, encryption can be more targeted. Sensitive documents, databases, and backup files can be encrypted separately, giving organizations greater control and flexibility. This is especially useful in shared environments or when multiple users have access to the same machine.
Encryption should also be used for network traffic. Data in transit—whether it’s email, file transfers, or web activity—must be protected from interception. Secure protocols like HTTPS, SFTP, and VPN tunnels use encryption to protect the confidentiality and integrity of data as it travels between endpoints. This ensures that attackers monitoring the network cannot read or alter communications.
When encryption is deployed as part of system hardening, the result is a system that holds its data securely even if the outer layers are breached. Encryption adds resilience by ensuring that data remains protected under worst-case conditions.
Now let’s move on to the installation of endpoint protection. Endpoints—like desktops, laptops, and mobile devices—are frequent targets for attackers. Users interact with email, the web, and local applications, all of which are potential entry points for malware. Without protection at the endpoint level, a single phishing email or drive-by download could compromise the entire system.
Traditional endpoint protection includes antivirus and antimalware software. These tools use signature-based detection to identify known threats. While this remains a useful first layer, it is no longer enough. Modern attacks evolve too quickly for signatures alone to keep up.
That’s where Endpoint Detection and Response systems, or EDR platforms, come into play. EDR tools go beyond simple detection. They continuously monitor endpoint activity, analyze behaviors, and detect suspicious patterns in real time. When an EDR system sees a process launching outside of normal behavior—or a user account executing unusual commands—it can isolate the machine, alert security teams, or even kill the malicious process automatically.
EDR solutions also log events in detail, which helps investigators understand how an attack happened and what systems were affected. This data is critical during incident response and threat hunting, when time and visibility are both in short supply.
A real-world example shows how effective endpoint protection can be. In one case, a user opened a malicious Excel attachment from a phishing email. Traditional antivirus missed the threat. But the EDR platform noticed that Excel attempted to spawn a command prompt and download a script from an unfamiliar domain. The system automatically flagged the activity, contained the endpoint, and notified administrators. The attack was stopped before it could install malware or spread laterally.
Another benefit of EDR is its integration with broader security operations. Many platforms share data with SIEM tools and support centralized management, allowing security teams to respond to incidents faster and apply policies consistently across all devices.
To make endpoint protection effective, organizations must enforce consistent policies. All endpoints should be enrolled in the EDR platform, kept updated, and configured to respond automatically to certain threat behaviors. Users should be trained to report suspicious activity and understand the importance of not bypassing security prompts or installing unapproved software.
As you prepare for the Security Plus exam, remember that system hardening is about reducing the risk of compromise by strengthening the defenses of every layer. Encryption protects data—whether it’s at rest or in transit—and endpoint protection detects and stops threats where they often begin. You may be asked to evaluate a scenario where data is exfiltrated from an unencrypted system, or where malware spreads because endpoint protection was disabled. Be ready to identify these gaps and recommend the proper hardening controls.
