System Hardening

System hardening is the process of securely configuring computer systems, to eliminate as many security risks as possible. The CIS Security Benchmarks below offer guidance on secure configurations and hardening procedures, beyond those required by the BSD Minimum Security Standards. Adherence to these guidelines is an essential safeguard for the protection of electronic university data and systems.

See BSD Center for Internet Security for our FAQs and more information about CIS Security Benchmarks.

Note: The ISO is in the process of reviewing the CIS lists for the most common used systems and creating BSD security hardening lists with a particular focus on configuration issues that are unique to the computing environment at The University of Chicago Biological Sciences Division. BSD specific security checklists will be available online in 2015.

Windows:

Mac OS:

Mobile:

Linux:

Database Servers:

Web Servers:

 

BSD Center for Internet Security

The BSD Information Security Office provides access to the Center for Internet Security (CIS) Security Benchmarks tools for BSD systems administrators. The University of Chicago Biological Sciences Division is currently a member through the BSD Information Security Office. Once you are registered, you will have access to all the materials available exclusively to members, including discussion forums where we can collaborate on security best practices.

Frequently Asked Questions

Q: What are CIS Security Benchmarks?

A: The CIS Security Benchmarks Division provides well-defined, unbiased, and consensus-based industry best practices to help the BSD assess and improve security. Resources include secure configuration benchmarks and automated configuration assessment tools (CIS-CAT).

The CIS Security Benchmarks Division develops and distributes:

  • Security Configuration Benchmarks – 94 Benchmarks which describe best practices for the secure configuration of target systems and are developed via extensive collaboration with the CIS volunteer consensus community.
  • The CIS-CAT Benchmark Assessment Tool – provides systems administrators with a fast, detailed assessment of target systems’ conformance to CIS Benchmarks. The CIS-CAT Assessment Tool is available only to CIS Security Benchmarks Members. Members can download CIS-CAT from the CIS Members Website. You can try out CIS-CAT lite here.

Q: Why should we use CIS Security Benchmarks?

A: The Security Configuration Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls. Configuring systems in compliance with these Benchmarks has been shown to eliminate 80-95 percent of known security vulnerabilities. The BSD Information Security Office is developing system-hardening standards down to the most critical steps for your systems, with a particular focus on configuration issues that are unique to the computing environment at University of Chicago, and will use the assessment tool to validate that systems meet the established system-hardening and security configuration standards.

Q: How do I get started?

  • To register, go to http://workbench.cisecurity.org/registration/ and complete the registration form. You must have a valid BSD email address. After a simple account validation step, you will receive an email indicating that your registration has been activated, along with a temporary password.
  • Log in to https://workbench.cisecurity.org/ to download and review CIS benchmarks for your platforms. Benchmarks are available as PDF reference worksheets for system hardening.
  • Download the CIS-CAT Benchmark Assessment Tool (available on the member website) and run against a representative hardened system. This cross-platform app examines your system and produces a report comparing your settings to the published benchmarks.
  • Participate in the CIS member forums to provide feedback, make suggestions, and discuss the CIS tools with other members.

Q: How do I use the tools?

A: The following tutorials are available:

Q: Where can I find more information?

A: If you have any questions about registration or accessing the tools, you can contact the BSD Information Security Office at security@bsd.uchicago.edu.