Baselines and configurations
- Michael Laurentius
Purpose
Baseline configurations are documented sets of configurable specifications for various types of systems, from operating systems to peripherals to cloud instances. Building and maintaining your systems according to known baseline configurations helps to ensure that your systems have been setup in a secure and acceptable fashion.
Audience
faculty researchers Admin staff IT staff students
On this page
Initial considerations
Evaluate possible institutional options.
Consult with your local IT group about whether an institutionally managed system would meet your needs. These systems are managed by technical experts at the University, divisional, or departmental level, allowing you to focus more on the task at hand, rather than maintaining the security of unmanaged systems.
Maintain an asset inventory.
Maintain and consult your device inventory to confirm which systems you'd want to “harden”.
Follow general security best practices.
The majority of security events and incidents occur when general best practices are insufficiently followed or ignored. By applying a holistic approach to securing your systems, often referred to as “defence-in-depth”, you help reduce the risk of data loss or breach.
What can I do?
Visit the Center for Internet Security (CIS)'s Benchmarks website for security recommendations.
https://downloads.cisecurity.org/
This includes recommendations for:
operating systems,
server software,
cloud providers,
mobile devices,
network devices,
desktop software, and
multi-function device.
Avoid removing software restrictions imposed by the manufacturer on your device.
Do not jailbreak or root your device to exploit privileged access, as it provides an easier means for malicious software to exploit your device.
Search
Additional help
General
Contact us | Information Security (IS)
Contact us | Information Technology (IT)
Researchers
https://security.utoronto.ca/services/research-information-security-program/
Related articles