Saved in:
Bibliographic Details
Main Authors: Busch, Niklas, Klostermeyer, Philip, Klemmer, Jan H., Acar, Yasemin, Fahl, Sascha
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.13028
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916848556048384
author Busch, Niklas
Klostermeyer, Philip
Klemmer, Jan H.
Acar, Yasemin
Fahl, Sascha
author_facet Busch, Niklas
Klostermeyer, Philip
Klemmer, Jan H.
Acar, Yasemin
Fahl, Sascha
contents Hardening computer systems against cyberattacks is crucial for security. However, past incidents illustrated, that many system operators struggle with effective system hardening. Hence, many computer systems and applications remain insecure. So far, the research community lacks an in-depth understanding of system operators motivation, practices, and challenges around system hardening. With a focus on practices and challenges, we qualitatively analyzed 316 Stack Exchange (SE) posts related to system hardening. We find that access control and deployment-related issues are the most challenging, and system operators suffer from misconceptions and unrealistic expectations. Most frequently, posts focused on operating systems and server applications. System operators were driven by the fear of their systems getting attacked or by compliance reasons. Finally, we discuss our research questions, make recommendations for future system hardening, and illustrate the implications of our work.
format Preprint
id arxiv_https___arxiv_org_abs_2507_13028
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle From Paranoia to Compliance: The Bumpy Road of System Hardening Practices on Stack Exchange
Busch, Niklas
Klostermeyer, Philip
Klemmer, Jan H.
Acar, Yasemin
Fahl, Sascha
Cryptography and Security
Hardening computer systems against cyberattacks is crucial for security. However, past incidents illustrated, that many system operators struggle with effective system hardening. Hence, many computer systems and applications remain insecure. So far, the research community lacks an in-depth understanding of system operators motivation, practices, and challenges around system hardening. With a focus on practices and challenges, we qualitatively analyzed 316 Stack Exchange (SE) posts related to system hardening. We find that access control and deployment-related issues are the most challenging, and system operators suffer from misconceptions and unrealistic expectations. Most frequently, posts focused on operating systems and server applications. System operators were driven by the fear of their systems getting attacked or by compliance reasons. Finally, we discuss our research questions, make recommendations for future system hardening, and illustrate the implications of our work.
title From Paranoia to Compliance: The Bumpy Road of System Hardening Practices on Stack Exchange
topic Cryptography and Security
url https://arxiv.org/abs/2507.13028