Skip to main content
Security is not just about fixing problems after they appear. While patching and updates repair “cracks and broken locks”, real protection focuses on preventing attackers from getting in at all. This article explains two essential defensive layers—firewalls and antivirus—and shows how system hardening and OS responsibilities work together to preserve confidentiality, integrity, and availability.

Firewall vs Antivirus — Perimeter and Internal Defense

Think of these layers as home security:
  • Firewall: the fence and locked gates around your property — it controls which network traffic can reach your front door.
  • Antivirus: the cameras and motion sensors inside — it detects and responds to anything that gets past the perimeter.
Firewall
  • Inspects and filters incoming and outgoing network traffic by IP, port, protocol, and sometimes by application.
  • Allows, rejects, or logs connections before they reach services on your system.
  • Used for network-level access control and to reduce exposure from remote networks.
Antivirus
  • Monitors files, installed apps, and running processes for known malware (signature matching), suspicious patterns (heuristics), and unusual runtime behavior.
  • Quarantines or blocks detected threats to prevent damage and help recovery.
  • Acts as an internal surveillance layer that complements the firewall.
Modern operating systems include many protections by default — packet filtering, signed-driver checks, and automatic scanning of downloads. These features often run silently to reduce user friction while improving safety.
Most desktop OSes provide easy controls (for example, macOS has an application-level firewall and options like “block all incoming connections” and “stealth mode”). Mobile platforms rely more on sandboxing, store controls, and automatic scanning rather than separate firewall toggles or traditional antivirus apps. Pop quiz: what does a firewall actually do? A) Scan your hardware for viruses
B) Filter and monitor network traffic
C) Optimize app performance
If you picked B, that’s correct — a firewall filters and monitors network traffic, allowing, rejecting, or logging connections to your system. Recap: the firewall is your outer defense (network-level filtering), and antivirus is internal surveillance (file and behavior scanning).
A presenter in a KodeKloud t-shirt stands on the right side of a dark slide. Two purple info boxes on the left explain "01 Firewall = Outer defence" and "02 Antivirus = Internal surveillance."
You may not notice these protections working — and that’s good. Effective security reduces opportunities for attackers without creating unnecessary friction.

System Hardening — Reduce Your Attack Surface

Hardening is like securing a house: lock unused doors, seal old entrances, and remove spare keys. The principle is straightforward — fewer access points means fewer ways for attackers to get in. Common hardening steps:
ControlWhy it mattersExample
Disable unnecessary servicesReduces entry points and the patch surfaceTurn off unused remote login, file sharing, or print services
Close unused ports & audit listenersPrevents remote access to unneeded servicesClose firewall ports and check tools like netstat or ss to review listeners
Remove or disable guest/default accountsPrevents unauthenticated or weakly authenticated accessDelete or disable guest accounts and default admin users
Principle of least privilegeLimits damage if accounts are compromisedGrant only required permissions to users and services
Strong authentication & 2FAProtects against credential theftEnable two-factor authentication for accounts and admin access
Account lockout & rate limitingPrevents brute-force login attemptsConfigure temporary lockouts after repeated failed logins
Logging & monitoringEnables detection and incident responseKeep audit logs, configure centralized logging, and enable alerts
Guest accounts and default service accounts are common, easy targets. Disable or remove them unless absolutely needed, and avoid weak default credentials.
Hardening reduces complexity. If an OS runs 20 services but you only need 5, the other 15 are extra potential targets that may be overlooked during patching or audits. Hardening focuses on running only what is necessary so the system is smaller and easier to secure.
A presenter stands on the right wearing a KodeKloud T‑shirt against a dark purple gradient background. Large purple text in the center reads "System Hardening."
Example: remove guest accounts if they’re not required. Guest accounts can allow unauthenticated or minimally authenticated access, so disable them unless necessary.
A macOS "Users & Groups" settings window showing an admin account and a guest user. A presenter in a black KodeKloud T‑shirt stands to the right against a black background with the caption "Remove or disable guest accounts" at the bottom.
Add extra verification like two-factor authentication to increase protection against credential compromise.
A macOS Sign‑In & Security settings pane showing Apple ID and Two‑Factor Authentication options is displayed on the left, while a presenter wearing a "KodeKloud" t‑shirt stands on the right.
Locking accounts after repeated failed logins is another effective control. After several failed attempts, an account can be temporarily disabled or require additional verification — similar to an alarm that triggers when someone rattles the doors too many times. Hardening isn’t about removing useful features; it’s about removing unnecessary risk. A streamlined system is easier to update, monitor, and protect. Why fewer features improves security
  • Every feature or service is a potential pathway for attackers.
  • Unused components are often missed during patching and audits.
  • Running only required services reduces exposure and maintenance effort.
Recap: hardened systems have fewer attack targets, disabled unused services and accounts, and stronger controls like 2FA and account lockout.

The OS’s Four Key Security Responsibilities

An operating system protects a system by combining several roles that together address the CIA triad:
ResponsibilityDescriptionExamples
Manage accessAccounts, permissions, and enforcing least privilegeUser/group permissions, ACLs, role-based access
Fix vulnerabilitiesProvide updates and patches for OS componentsAutomatic updates, signed packages, patch management
Block threatsPerimeter and internal defensesFirewalls, IDS/IPS, antivirus, app whitelisting
Reduce riskHardening and secure configuration managementDisabling services, configuration baselines, logging
These layers work together to protect confidentiality (who can see data), integrity (ensuring data isn’t tampered with), and availability (keeping services running).
A dark presentation slide lists "01 Confidentiality, 02 Integrity, 03 Availability" on the left over a faint house-and-fence background. On the right a man in a black KodeKloud T-shirt is standing and gesturing as he speaks.
Use these resources to build and verify secure configurations, implement monitoring, and keep your systems patched. Security is layered: combine perimeter controls (firewalls), internal detection (antivirus), and configuration discipline (hardening) to create a resilient environment.

Watch Video