Vulnerabilities in Starting point box "Unified"

I just cracked the box Unified and would be interested in any thoughts to increase the security of the box. So basically if this was a real world IT environment you owned, what would you change?
I was thinking of more examples of the following:

  • Close any open ports that are not required to be open
  • Update the Unifi application to its latest version which is not vulnerable against Log4Shell

Any more ideas?