The purpose of environment hardening is to eliminate as many security risks as possible and in doing so reducing the surface of vulnerability.
Most default installations are weak and require post-installation hardening. Each new installation should go through a lock down process by addressing things like changing default passwords, disabling unnecessary accounts, changing vulnerable default settings/parameters, applying security patches for known bugs and vulnerabilities (CVE’s), closing unused ports and removing unneeded functionality, software, services and features.
The same hardening process should be repeated after each hardware of software upgrade as previously hardened vulnerabilities could be re-introduced, and of course new vulnerabilities added.
Vulnerability scanning and hardening should also be regularly scheduled as human error or new administrators could accidently reopen previously closed weakness.
Encryptech offers Environment Hardening as a service for all components of the Application and Database stack and make use of hardening standards as published by CIS Benchmarks.