Certified: The Security+ Prepcast

When we talk about hardening computing resources, we are talking about the process of making devices more secure by reducing their potential vulnerabilities. This concept applies to all kinds of technology—from mobile devices to workstations, routers, and switches. In this episode, we will focus on strategies to harden mobile devices, personal computers, and key network equipment such as routers and switches. The goal is to help you understand not only what hardening means, but also how it is practically applied and why it is essential for maintaining a secure environment.
Let’s begin with mobile devices. These include smartphones, tablets, and even some laptops when used in a mobile context. Because they are portable and often connect to public or less secure networks, mobile devices are especially vulnerable to attacks. One of the most important hardening strategies for mobile devices is encryption. Encryption helps ensure that data stored on the device cannot be accessed if the device is lost or stolen. Most modern smartphones include full-device encryption by default, but it is important to verify that encryption is actually enabled and enforced by policy.
Another key method is containerization. This involves separating work-related data and applications from personal ones on the same device. By placing work resources into a secure container, organizations can manage and protect that environment without interfering with the user’s personal data. Containerization is especially useful in bring-your-own-device environments where the company does not own the hardware but still needs to protect sensitive information.
Secure boot is another foundational strategy. This technology ensures that the device only starts up using trusted software. During the boot process, secure boot checks each component of the system’s firmware and software against known, trusted values. If an unauthorized change has been made—such as the installation of a rootkit—secure boot can detect it and stop the boot process. This helps protect against deep-level compromises that are hard to detect once the operating system is running.
Mobile devices face a unique set of security challenges. Unlike desktops, they regularly connect to multiple networks, often move between secure and insecure locations, and are frequently lost or stolen. To address these risks, organizations may use mobile device management software. This software allows administrators to enforce security policies, remotely wipe lost devices, and monitor compliance. Another common challenge is user behavior. People often install untrusted apps or ignore security prompts. Training and awareness programs can help address this issue by teaching users how to recognize risks and why corporate policies matter.
Now let’s turn to workstations. These are the desktops and laptops used every day in offices, schools, and homes. One of the primary hardening strategies for workstations is the use of endpoint protection. This usually includes antivirus software, a local firewall, and intrusion prevention tools. Antivirus software helps detect and block known threats like viruses, trojans, and ransomware. Local firewalls monitor and control incoming and outgoing traffic, helping to block suspicious connections. Some endpoint protection platforms also include behavior analysis tools that can catch zero-day attacks or unusual activity.
Keeping the operating system and applications up to date is another critical practice. Software updates often include security patches that close known vulnerabilities. Many attacks rely on users failing to update their systems. Automated update systems and centralized patch management help organizations ensure that all devices stay current. This is especially important in large environments where manually updating each machine is not practical.
User privilege management is another essential hardening measure for workstations. The principle of least privilege means users should have only the permissions they need to perform their jobs—no more and no less. For example, a regular user should not have administrative rights that allow them to install software or change system settings. By limiting privileges, you reduce the risk of accidental damage or unauthorized changes. It also helps contain the damage if a user account is compromised. If that account has limited permissions, the attacker will have fewer opportunities to harm the system or access sensitive data.
Best practices for privilege management include creating different accounts for administrative tasks and daily use, regularly reviewing group memberships, and using just-in-time privilege elevation tools. These tools grant temporary administrative access when needed, then automatically remove it after a set period. This ensures that elevated access is used only when absolutely necessary and not left active indefinitely.
Next, we move to network devices, specifically switches and routers. These devices control the flow of data across your network, making them prime targets for attack. One of the most basic but often overlooked hardening steps is disabling unused services. Many network devices come with features enabled by default that may not be necessary for your environment. These might include remote management interfaces, debugging ports, or legacy protocols. If you are not using a feature, it is best to turn it off. Every active service is a potential entry point for attackers.
Keeping firmware up to date is another essential step in hardening switches and routers. Like operating systems, the firmware that controls these devices can contain security flaws. Manufacturers regularly release updates to fix these issues, but many organizations fail to apply them promptly. Scheduling regular maintenance windows to review and apply firmware updates can help close these gaps before they are exploited.
Practical configuration examples also illustrate how powerful these hardening steps can be. For instance, setting strong administrator passwords and disabling default accounts are simple yet critical steps. Configuring management interfaces to use secure protocols—like Secure Shell instead of Telnet—helps protect administrative access. Limiting access to management ports by Internet Protocol address reduces the number of devices that can even attempt a login. In many networks, you can also enable logging and monitoring on your switches and routers, allowing you to detect unusual behavior before it turns into a serious problem.
Another example is enabling port security on switches. This allows you to specify which devices can connect to which ports. If an unauthorized device is plugged into the network, the switch can automatically shut down that port or alert an administrator. On routers, implementing access control lists helps restrict what traffic can pass between networks. These rules are a fundamental part of any defense-in-depth strategy and provide granular control over how data flows through the organization.
To summarize, hardening computing resources requires specific strategies tailored to each type of device. Mobile devices benefit from encryption, containerization, and secure boot. Workstations rely on antivirus protection, system updates, and strict user privileges. Network devices must be configured carefully, with unnecessary services turned off and firmware kept up to date. The overall goal is to minimize the risk of compromise by making systems more resistant to both external and internal threats.
Here are some tips for the Security Plus exam when studying this topic. First, make sure you know which hardening techniques apply to which devices. You may see scenario questions where you need to identify the correct strategy for a mobile device versus a router. Second, understand why these techniques matter. The exam often tests whether you can connect a tool or method with its purpose. And finally, be familiar with practical configuration steps like disabling services, setting up port security, or limiting privileges. These real-world examples often show up in performance-based questions.