Infrastructure Hardening

Cyber Security is something nobody can afford to ignore anymore. Hacks and data breaches regularly affect organizations of all sizes. Often these incidents are significant enough to make the front pages, causing irreparable reputational damage to the organizations involved.

Keeping today’s digital assets available 24/7 requires more and more knowledge on data flows and infrastructure involved along the way. Insight in which assets are critical to the organization and how to effectively protect them is key in cyber security nowadays. A good starting point is by hardening key infrastructure components.


Hardening is about securing the infrastructure against attacks, by reducing its attack surface and thus eliminating as many risks as possible. One of the main measures in hardening is removing all non-essential software programs and utilities from the deployed components.

While these components may offer useful features to the administrator, if they provide ‘back-door’ access to the system, they must be removed during the hardening process.

But also, creating visibility in what goes on in the infrastructure is part of hardening your infrastructure. Making sure you will notice when an attack is/or has taken place and then making sure logs and traces are saved for law-enforcement and security specialists when needed.

Plan Countermeasures

Protecting your infrastructure successfully is all about understanding the current attack vectors; what and whom you are protecting, your infrastructure, against. If you know what and whom you are protecting against, makes it easier to take the correct countermeasures.

One of those key countermeasures is Hardening.

Hardening series

I will dive deeper in the different attack vectors and steps you could take to harden on all levels. Let’s dive into the infrastructure and approach it as a hacker from the outside all the way up to the application running. I will use Veeam Backup & Replication as the example application running. The following steps will be addressed in this blog series about hardening:

  1. Physical Security
  2. Hardware Security
  3. Infrastructure Security
  4. Segmentation
  5. Security Domains
  6. Firewalls
  7. Time
  8. VM Security
  9. Segregation of Duties
  10. Encryption
  11. Multi-Factor Authentication
  12. TBD

Resources: Veeam Community Hub - Cyber Security Space

Credits: Photo by Matteo Catanese on Unsplash