Hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
There are various methods of hardening Unix and Linux systems. This may involve, among other measures, applying a patch to the kernel such as Exec Shield or PaX; closing open network ports; and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. There are also hardening scripts and tools like Lynis, Bastille Linux, JASS for Solaris systems and Apache/PHP Hardener that can, for example, deactivate unneeded features in configuration files or perform various other protective measures.
We can implement Security Hardening features for Nutanix AHV and Controller VM:
- Hardening AHV: We can use Nutanix Command Line Interface (nCLI) in order to customize various configuration settings related to AHV
- Hardening Controller VM: We can use Nutanix Command Line Interface (nCLI) in order to customize the various configuration settings related to CVM
For more details, refer to For Security Guide