UBC Systems and Applications Hardening Guides

Information Security Guideline

Introduction

  1. Hardening guides are meant to further enhance the levels of security for systems, applications, databases and devices by reducing the exposed attack surface of a product or service. Application of these guides requires some vigilance as they could also render systems, applications, or databases unusable for their intended purpose.
  2. This guideline has been issued by the Chief Information Officer to supplement the Vulnerability Management standard. Compliance with this guideline is recommended, but not mandatory. Questions about this guideline may be referred to information.security@ubc.ca.

Available Guides

  1. CIS Benchmarks are available via the Center for Internet Security (CIS) for the following technologies:
    Technology Available Categories/Guides
    Operating Systems Linux, Apple macOS, Microsoft Windows, UNIX, IBM, Oracle Solaris
    Server Software Web Server, Virtualization, Collaboration Servers, Database Server, DNS Server, Authentication Server
    Cloud Providers Alibaba Cloud, Amazon Web Services, Google Cloud Computing Platform, Google Workspace, IBM Cloud Foundations, Microsoft Azure, Oracle Cloud Infrastructure
    Mobile Devices Apple IoS, Google Android
    Network Devices Checkpoint Firewall, Cisco, Juniper, Palo Alto Networks
    Desktop Software Productivity software, web browsers
    Multi-function Print Devices Print devices
  2. The CIS Benchmarks are configured into two categories: Level 1 & Level 2 controls:
    1. Level 1 controls are generally safe settings that should be configured at a minimum on a server or a database, and should cause little or no interruption of service; and
    2. Level 2 controls are recommended in highly secure environments and carry a higher risk of impacting services.
  3. WordPress and Drupal are popular content management systems and are frequently targeted for attacks; as such it is recommended that the Securing WordPress and Securing Drupal guidelines be used in hardening and protecting WordPress and Drupal deployments.

Related Documents and Resources

  1. Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems
  2. Vulnerability Management standard
  3. Center for Internet Security (CIS)
  4. Securing Drupal guideline
  5. Securing WordPress guideline

Last Revised: 2021-02