5.1. Common Security Techniques for Computing Resources

💡 First Principle: Securing computing resources starts with establishing a known-good configuration and then maintaining it against drift, attacks, and changes. Every server, workstation, mobile device, and application starts as a potential liability — your job is to reduce its attack surface to the minimum needed for its function and then keep it there.

What happens without systematic hardening? Servers run with default configurations designed for maximum compatibility, not security. Workstations have administrative privileges for every user. Mobile devices connect to corporate resources without MDM controls. Applications run with excessive permissions. Each un-hardened system is an opportunity for attackers — and in an enterprise with thousands of endpoints, one unhardened system is all it takes.

Consider a new server deployed from a default image: all ports open, all services running, default passwords, logging disabled. Every one of those defaults is a vulnerability. Hardening transforms that server into a purpose-built, locked-down system that does one job well and resists everything else.