Servers are relied upon to deliver data in a secure, reliable fashion. There must be assurance that data integrity, confidentiality and availability are maintained. One of the required steps to attain this assurance is to ensure that the servers are installed and maintained in a manner that prevents unauthorized access, unauthorized use, and disruptions in service.
This procedure applies to all University information resources that store or process mission critical and/or confidential information. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with server hardening. The intended audience includes, but is not limited to, system managers and administrators, who manage University information resources that store or process mission critical and/or confidential information.
Confidential Information: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g., the Texas Public Information Act.
Information Resources (IR): the procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
Mission Critical Information: information that is defined by the University or information resource owner to be essential to the continued performance of the mission of the University or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, and failure to comply with regulations or legal obligations, or closure of the University or department.
Systems administrators will test security patches prior to implementation.
System administrators shall ensure that vendor supplied patches are routinely acquired, systematically tested, and installed promptly (Usually within 2 weeks of its release).
System administrators shall remove unnecessary software, system services, and drivers.
System administrators shall enable security features included in vendor supplied systems including, but not limited to, firewalls, virus scanning and malicious code protections, and other file protections (see Malicious Code procedure). Audit logging shall also be enabled. User privileges shall be set utilizing the least privileges concept of providing the minimum amount of access required to perform job functions. The use of passwords shall be enabled in accordance with the University Password Policy.
System administrators shall disable or change the password of default accounts.
Servers shall be tested for known vulnerabilities when new vulnerabilities are announced, and shall seek and implement best practices for securing their particular system platform(s).
2003-2009 PRAIRIE VIEW A & M UNIVERSITY - ALL RIGHTS RESERVED
P.O. Box 519 - Prairie View, Texas - 77446-0519
FM 1098 Rd & University Dr, Prairie View, TX 77446
University Operator: (936) 261-3311
Best viewed with IE 7.x+ or FireFox 3.x+