🎓 Purpose
Baseline configurations are documented sets of configurable specifications for various types of systems, from operating systems to peripherals to cloud instances. Building and maintaining your systems according to known baseline configurations helps to ensure that your systems have been setup in a secure and acceptable fashionUpdates and patches can provide your software with new functionality, but the most important purpose they serve is to fix security vulnerability that could place your system and work at risk.
👥 Audience
| Status | ||
|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
🔖 Contents
| Table of Contents | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Initial considerations
Evaluate possible institutional options.
Consult with your local IT group about whether an institutionally managed system would meet your needs. These systems are managed by technical experts at the University, divisional, or departmental level, allowing you to focus more on the task at hand, rather than maintaining the security of unmanaged systems.
Maintain an asset inventory.
Maintain and consult your device inventory to confirm which systems you'd want to “harden”.
Follow general security best practices.
The majority of security events and incidents occur when general best practices are insufficiently followed or ignored. By applying a holistic approach to securing your systems, often referred to as “defence-in-depth”, you help reduce the risk of data loss or breach.
Best practices to secure systems and environmentsBe aware of ongoing vulnerabilities that might impact your systems.
Security alerts and advisories inform you of possible vulnerabilities to your system and can provide you with recommended mitigations, including recent security patches.
\uD83D\uDCD8 What can I do?
Visit the Center for Internet Security (CIS)'s Benchmarks website for security recommendations.
https://downloads.cisecurity.org/
This includes recommendations for:
operating systems,
server software,
cloud providers,
mobile devices,
desktop software, and
multi-function device.
Use supported version of operating systems and configure automatic updates.
| Note |
|---|
If devices cannot be updated but are required for your work, contact your local IT group regarding how to securely segregate devices from institutional networks. https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT) |
Windows
Automatic updates are enabled by default within current versions of Windows and cannot be disabled.
MacOS
Linux
Distribution dependent. Contract your local IT group about how to setup automatic updates.
Android
iOS
Regularly patch and update your software and applications.
Configure automatic updates where available.
Avoid removing software restrictions imposed by the manufacturer on your device or use untrusted software.
Do not jailbreak or root your device to exploit privileged access, as it provides an easier means for malicious software to exploit your device.
Do not install or use pirated software on devices with access to institutional data.
Do not sideload software onto mobile devices which bypass the Apple or Google Play Store, as they not subject to scans which flag potential harm.
| Page Properties | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
🔍 Search
| Live Search | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
✉️ Additional help
👥 General
🔬 Researchers
https://security.utoronto.ca/services/research-information-security-program/
\uD83D\uDCCB Related articles
| Filter by label (Content by label) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|