Self-managed devices

🎓 Purpose

Baseline configurations are documented sets of configurable specifications for various types of systems, from operating systems to peripherals to cloud instances. Building and maintaining your systems according to known baseline configurations helps to ensure that your systems have been setup in a secure and acceptable fashion.

👥 Audience

FACULTY RESEARCHERS ADMIN STAFF IT STAFF STUDENTS

🔖 Contents

Initial considerations

Evaluate possible institutional options.

• Consult with your local IT group about whether an institutionally managed system would meet your needs. These systems are managed by technical experts at the University, divisional, or departmental level, allowing you to focus more on the task at hand, rather than maintaining the security of unmanaged systems.

  • https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT)

Maintain an asset inventory.

• Maintain and consult your device inventory to confirm which systems you'd want to “harden”.

  • Asset management; data and devices

Follow general security best practices.

• The majority of security events and incidents occur when general best practices are insufficiently followed or ignored. By applying a holistic approach to securing your systems, often referred to as “defence-in-depth”, you help reduce the risk of data loss or breach.

  • Best practices to secure systems and environments

\uD83D\uDCD8 What can I do?

Visit the Center for Internet Security (CIS)'s Benchmarks website for security recommendations.

• https://downloads.cisecurity.org/

  • This includes recommendations for:

    • operating systems,

    • server software,

    • cloud providers,

    • mobile devices,

    • network devices,

    • desktop software, and

    • multi-function device.

Use supported version of operating systems and configure automatic updates.

Windows

• Automatic updates are enabled by default within current versions of Windows and cannot be disabled.

MacOS

• https://support.apple.com/en-ca/guide/mac-help/mchlpx1065/mac

Linux

• Distribution dependent. Contract your local IT group about how to setup automatic updates.

  • https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT)

Android

• https://support.google.com/googleplay/answer/113412?hl=en

iOS

• https://support.apple.com/en-ca/HT204204

Regularly patch and update your software and applications.

• Configure automatic updates where available.

Avoid removing software restrictions imposed by the manufacturer on your device or use untrusted software.

• Do not jailbreak or root your device to exploit privileged access, as it provides an easier means for malicious software to exploit your device.

• Do not install or use pirated software on devices with access to institutional data.

• Do not sideload software onto mobile devices which bypass the Apple or Google Play Store, as they not subject to scans which flag potential harm.