Guideline: Safe defaults and HardeningPart of: Technology Security Guidelines
Overview: Building a set of Guidelines for Security and Privacy
Hardening are much like the same, although there are some differences. Hardening is about making the software, system or other components as hard as possible. Everything that is disabled or uninstalled is something that you don't have to worry about. It is a process in which, for instance, an Operating System is configured in such a way that weaknesses are limited wherever possible. In case of Microsoft Windows Server, think about configuring the register to disable weak ciphers and disabling the FTP-service.
It is also about enabling (or at least not disabling) security features that are incorporated with the software or system. Again, in case of Microsoft Windows Server, think about leaving the Local Firewall on and configure it, instead of disabling the service. The result should be a piece of software or system that utilize all security features while disabling all unused features to reduce the attack vector that accompanies the software or system.
Safe defaults has in essence the same principle as hardening, but there is a small difference. Where hardening is done after the creation of the software or system, safe defaults is all about pre-configuring. It is the same process as hardening, but everything is automated and deployed beforehand. Wherever possible, hardening should be a step in creating safe defaults for a piece of software or system. When a new Virtual Server is being deployed, all hardening steps should be as far as possible be automated, depending on the needs for the Virtual Server.
More information from Wikipedia about Environment Hardening.