Security Hardening

As developers strive to roll out new features to production faster, security is often overlooked for the sake of functionality and usability, leaving information assets prone to higher security risks. In this context it is no surprise that most servers, applications, databases and operating environments need additional measures to strengthen their security level.

As part of security hardening, SHALB provides a set of measures aimed to protect your data, systems and assets against attacks and eliminate potential threats. The process includes applying defense in depth approach across all infrastructure layers, implementing specific guidelines, security by design principles and best practices.

Security best practices

Identity and access management

As part of the information security program, we help you build user management policies that base upon strict separation of duties and the principle of least privilege, and implement strong credential management. We make sure that only authorized and authenticated users are able to access your resources, and solely the way that you intend.

Threat modeling and risk assessment

The practices of threat modeling and risk assessment are aimed to identify system vulnerabilities and develop countermeasures against potential attacks. By applying the practices throughout all stages of product development we help you deliver business value more securely and effectively.

Infrastructure protection

The effective strategy of infrastructure protection includes applying security at all infrastructure layers: hardening of system components, authentication and access control, data encryption, enforcing network boundary protection, monitoring points of ingress and egress, enhanced traffic analysis and web filtering, etc.

Data protection

The data protection strategy bases upon classifying your data into sensitivity levels and includes controlling the ways that data is accessed, stored, processed and modified. Using mechanisms of encryption, tokenization and access control we help protect your data both in transit and at rest.

Applying security guidelines to system components

Server hardening

Removing excessive services and applications unless they are required for the server to operate;
Using a secure remote administration access to manage the server;
Using only secure protocols for processing requests;
Monitoring login attempts and lock accounts after certain failed attempts;
Performing automated backups regularly.

Threat modeling and risk assessment

Removing all functions and components that are not in use;
Applying user roles policy and restricting application access according to user privileges;
Removing sample files and changing default passwords;
Setting up a web application firewall, checking incoming data and variables.

Operating system hardening

Performing regular OS updates and patch management;
Removing excessive functionality;
Configuring firewalls to filter traffic;
Enabling OS traceability by logging and monitoring all activities, changes and errors.

Database hardening

Implementing access control by introducing role-based privileges;
Creating admin restrictions to control user actions on a database;
Encrypting database information;
Enabling valid node checking to prevent malicious connections;
Enforcing password policy.

Network hardening

Restricting ingoing and outgoing traffic by firewalls
with configured rules and exceptions;
Locating public services in separate demilitary zones;
Using proxy services to control users’ access to Internet;
Using mail security gateway to protect corporate
mail from spam emailing;
Enabling secure VPN-connection for remote access, applying
strong password policy and encryption for all wireless networks.