Network Hardening
Following a network breach, I identified the organisation's key vulnerabilities and recommended three core hardening measures — MFA, a robust password policy, and regular firewall maintenance — to significantly reduce future attack surface.
Overview
The Situation
After the organisation experienced a network breach, I was tasked with identifying the vulnerabilities that were exploited and recommending concrete hardening measures to prevent recurrence.
Three core tools were identified as the highest-impact, most practical controls the organisation could implement immediately to reduce their attack surface and improve network resilience.
Hardening Measures
Three Core Controls
Requires users to verify their identity using more than one method before accessing systems or applications.
MFA methods include fingerprint scans, ID cards, PIN numbers, and passwords. It is especially critical for administrator-level accounts and should be enforced consistently across all users.
A defined and enforced password policy that sets clear rules for complexity, length, and behaviour.
Policies should specify minimum length, acceptable characters, and prohibit password sharing. Rules around unsuccessful login attempts — such as locking accounts after five failures — should also be enforced.
Regular review and updating of firewall rules and security configurations to stay ahead of evolving threats.
Firewall rules should be updated whenever a security event occurs — particularly any event that allowed suspicious traffic through. This measure is effective against DoS and DDoS attacks.
Rationale
Why These Three
🔐 Why MFA
MFA significantly reduces the likelihood of a successful brute force or credential-stuffing attack. Even if an attacker obtains a password, they cannot access the system without the second factor. This is especially important for admin accounts, which represent the highest-value targets on any network.
🔑 Why Password Policies
Weak passwords remain one of the most common entry points for attackers. A well-enforced policy eliminates trivially guessable credentials, prevents password reuse, and — through account lockout rules — limits the effectiveness of automated credential attacks.
🧱 Why Firewall Maintenance
A firewall is only as effective as its ruleset. Without regular review and updates, rules can become stale — allowing traffic patterns that should be blocked, or blocking legitimate traffic unnecessarily. Post-incident updates ensure the firewall reflects current threat intelligence.
Key Takeaways