Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A pre-configured, security-baselined OS or VM image with unneeded services removed and patches applied — often built to CIS Benchmarks or DISA STIGs for safe deployment.
Hardened Image Definition: A pre-configured, security-baselined OS or VM image with unneeded services removed and patches applied — often built to CIS Benchmarks or DISA STIGs for safe deployment.
A hardened image is a pre-configured operating system, virtual machine, or container image that has been security-baselined to minimize its attack surface before deployment. Unnecessary software and services are removed, secure settings are applied, patches are current, and access controls are enforced, producing a standardized, repeatable starting point that is far more resistant to compromise than a default install.
Hardening an image follows a defined baseline. Administrators disable or uninstall unneeded services and protocols, close unused ports, remove default and sample accounts, enforce strong password and account policies, apply the latest security patches, enable logging and auditing, and configure encryption and host firewalls. The result is captured as a golden image and version-controlled so every system provisioned from it inherits the same secure configuration. Benchmarks like the CIS Benchmarks and DISA STIGs provide the prescriptive settings these images are built and validated against.
Hardened images matter because default configurations are optimized for convenience, not security, and shipping them at scale multiplies risk. Reducing each instance's attack surface limits exploitable services, while standardization makes the environment consistent, auditable, and easier to patch — eliminating configuration drift where one-off, manually built systems quietly fall out of compliance. In cloud and DevOps pipelines, a hardened base image enforces security policy automatically across every deployment.
For example, a company building a fleet of web servers in AWS creates a hardened Amazon Machine Image (AMI) from a CIS Benchmark for the OS: SSH root login disabled, only the web service running, host firewall locked to ports 443 and management, audit logging enabled, and all patches applied. Auto Scaling then launches every new server from that AMI, so each instance starts in a known, compliant, low-risk state rather than from an insecure default.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →