System Security

The security of UIP and Adapter Hub systems is a high-priority. These systems could have access to many other systems, APIs, and sensitive data that must be protected from bad actors.

In addition to your organization's security policies, NEC recommends the following:

1. Review and follow the security guidelines of your specific OS.
   e.g., https://ubuntu.com/server/docs/security-introduction
2. The hardware used to host UIP, Adapter Hub, and other integrated systems should be located in a secure area that prevents unwanted physical access.
3. Enable hard drive encryption during the operating system installation. During the OS install LUKS encryption can be selected when configuring the hard disk and partitions.
4. Configure a secure method for establishing console access to the host server(s). It is difficult to recommend a single way to do this that works in all IT environments, but thought should be given to options such as:
   • Use a strong password generation tool to create keys
   • Use SSH certificates instead of SSH keys
   • Use software like fail2ban to combat brute force break-in attempts
   • Use software like Authy or libpam-google-authenticator for multi-factor authentication
5. Enable a firewall to restrict inbound and outbound network traffic on the host server(s). For basic instructions on using the UFW firewall read the Securing the System with a Firewall page.
6. Configure individual Login Accounts for all UIP users and assign an appropriate role to them
7. Secure the UIP website with HTTPS using the Client Access page and a valid certificate
8. Use a supported web browser to access the UIP website and avoid leaving your PC unattended while logged into the system