Device Hardening.

Ensures a device has ahd any unnecessary applicaitons services or ports disables or removed from the host. Makes a configurations that reduces attack surface . only nessessary services, moniorting software, maintenence schedule.

ensure endpoint security software are installed on the host.

UEFI

TPM

HSM

patch software

configure deice

remove unnessecray applications

block unnessecary ports and services

control external storage devices

disable unneeded accounts

rename default account

change defualt passwords

Standardized baseline

Allow/deny list

security $& hgroup policy

cli restriction

pheripheral

ope least ports and least services to get the device done.

1 check any network interfaces that provide connectivity to the LAN and WAN.

2 look at the list of services installed and running on the clients and server.

let’s say you’re running a linux server that has no bluettoh devices disable it.

3 look at the ports being used by different application service ports.

most servers will only need a few ports open, the rest should be closed.

4 utilize disk encryption to harden endpoints. enable full disk encryption

5 review all accounts on the system

anything unused or unned should be disabled or deleted.

product lifecycle should be considered -EOL date or EOS date. Date when a manufacture will no loger sell a produt

EOS last date that a manufacturer witll support the product.