Information Security Office Education - Partnership - Solutions

Server Security Standard Objective In accordance with the Information Security and Acceptable Use Policy, all servers owned or managed by the Austin Community College District must be adequately protected to ensure confidentiality, integrity, availability, and accountability of such systems. Physical Location Servers must be located in rooms that meet the applicable minimum standards defined in the Standard for Server Rooms. Hardware Servers should utilize server-class hardware and be installed in standard racks when possible. Serverclass hardware is typically characterized by redundant power supplies, RAID disk array, rack mountable, and remote management functions. Use of workstation-class hardware to deliver the services of a server is not recommended. Operating System Operating system software must be licensed and supported to ensure availability of software updates to address known vulnerabilities. For Linux and UNIX, any commercially supported or actively maintained version is recommended. Naming Conventions The Server name will include at least the location ID and functional description. Server and DNS Registration All servers must be recorded with the Information Security Office to ensure accurate inventory is available in the event a security incident is detected. All computers must be registered with the DNS network addressing system in order to properly identify devices on the ACC wired network. Servers must use a static address reservation or static address assignment to promote consistent records. Operation of a server on the wireless network is not recommended. For systems that are Internet-accessible, system owners must file a request for an external IP address with the Information Security Office, documenting the open ports necessary the duration of time the access will be needed and the classification of the data being accessed/recorded. Requests are subject to periodic review and renewal if still justified.

Published 6/23/2016

1

Information Security Office Education - Partnership - Solutions

Domain Membership Participation in the Microsoft Windows Active Directory domain (rbnet.austincc.edu) allows convenient access to shared resources, ease of authentication, and automated policy settings. When feasible, servers should be joined to the domain. Servers that are not joined to the domain must have the following comparable controls applied manually: • •



OS Patch Updates: Automatic installation of the latest patch updates on a monthly basis must be enabled. Access Control: Built-in system accounts, such as Administrator and Guest, should be disabled if not used and must not have blank or default passwords. All users must gain access with unique login credentials and passwords should meet complexity requirements comparable to those required for ACC’s NetID. System Logon Banner: The computer must be configured with the University logon banner, as follows: Use of ACC Information Systems is subject to the ACC Information Security and Acceptable Use Policy. Pursuant to Texas Administrative Code 202: (1) Unauthorized use is prohibited; (2) Usage may be subject to security testing and monitoring; (3) Misuse is subject to criminal prosecution; and (4) Users have no expectation of privacy except as otherwise provided by applicable privacy laws.







Screensaver Lock: The server must be configured with an automatic screensaver lock that requires re-authentication after no more than 15 minutes of inactivity. For systems without a graphical user interface (GUI), an automatic logoff is required after no more than 15 minutes of inactivity. Log Retention: The system must be configured to retain logs for a minimum of 90 days to facilitate troubleshooting and investigations. Logging to a centralized server is recommended to allow event correlation and reduce the local storage burden. Time Synchronization: NTP or similar protocol must be configured to ensure accurate timestamps. The College-provided NTP servers are ntp1.austincc.edu, ntp2.austincc.edu.

Software Agents Servers must run the following agents where compatible: • • •

ESET, for malware defense WSUS, for simplified patching including 3rd party applications where possible Microsoft System Center Configuration Manager (SCCM) may be used in addition

Published 6/23/2016

2

Information Security Office Education - Partnership - Solutions

Software-Based Firewall Servers should have host-based firewall functionality enabled for additional protection. This firewall should be configured to allow all traffic from ACC monitoring devices and any necessary traffic from internal hosts. Protocols Unnecessary network services must be disabled. Vulnerability Assessment All servers are subject to periodic vulnerability scans. System owners are responsible for timely remediation of identified vulnerabilities. Backups All servers should be configured for automated backups consistent with the business requirements of recovery time objective (length of time the system can be offline) and recovery point objective (amount of data at risk since the most recent backup, replication, or other data protection event). Stored backups must also meet security protections comparable to the source server. Backup media shipped outside of a physically secure data center must be protected by additional controls such as encryption and lockboxes. Incident Management System owners are required to report any suspicious activity to the Information Security Office for investigation. Business Continuity Planning / Disaster Recovery All mission-critical servers should have a Disaster Recovery (DR) plan for recovery within a timeframe consistent with requirements in the Business Continuity Plan (BCP). Exemptions In the event that compliance with this desktop and laptop standard cannot be met, please contact [email protected] to submit an exemption request which will be approved or denied by the ISO. Denied exemption requests may be appealed to the ACC President for final decision.

Published 6/23/2016

3

Servers Security Standard.pdf

There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Servers Security ...

68KB Sizes 7 Downloads 220 Views

Recommend Documents

BitDefender Security for ISA Servers
Policy-based management for user groups and file types ... Certified representatives provide BitDefender business customers with free permanent support online, ... BitDefender Security for ISA Servers Software For Pc Download Full Version.

servers-guide.pdf
Clearly, the book is written for boys rather than men, but if older aspirants to the cotta. will make allowances, they will find much of use herein. Some adjustments ...

Self-Manageable Replicated Servers
Replication is a well-known approach to provide service scalability and availability. Two successful applications are data replication [6], and e-business server.

Email and Email Servers - GitHub
Oct 19, 2017 - With a friend(s)… 1. Define Email. 2. Discuss what you think makes Email unique from other digital communication methods (e.g., IRC, Hangouts,. Facebook, Slack, etc.) Sorry this feels a bit like a lecture in a course… but hopefully

web servers tutorial pdf
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. web servers tutorial pdf. web servers tutorial pdf. Open. Extract.

There Go the Servers: Lightning's New Perils
Aug 26, 2009 - Where electricity is available, researchers in the remote area are in the habit of unplugging their laptops when a storm approaches to protect ...

There Go the Servers: Lightning's New Perils
Aug 26, 2009 - This time of year, HSN's generators get switched on two or three times a day. ... http://online.wsj.com/article/SB125115407600555075.html ...

There Go the Servers: Lightning's New Perils
Aug 26, 2009 - Web Connections. By JUSTIN LAHART. It is summer storm season in Florida, and when lightning threatens, technicians at cable channel HSN fire up eight ... With a steady stream of orders from financial and technology companies looking to

Confluence: Unified Instruction Supply for Scale-Out Servers
Multi-megabyte instruction working sets of server work- loads defy the ... proposed dedicated prefetching techniques aimed sepa- rately at L1-I and BTB, ...

Erate Network Routers & Caching Servers RFP 2017 Price ...
Erate Network Routers & Caching Servers RFP 2017 Price Submission Form .xlsx - Sheet1.pdf. Erate Network Routers & Caching Servers RFP 2017 Price ...

Global Computer Servers Industry 2016 Market Research Report.pdf ...
Global Computer Servers Industry 2016 Market Research Report.pdf. Global Computer Servers Industry 2016 Market Research Report.pdf. Open. Extract.

Wikimedia-servers-2010-12-28.pdf
OTRS. tickets. IMAP Lists. Batch jobs Scratch hosts. LDAP/NIS Logging. Network tools. DNS. NTP, SSH. APT repositories. HTML. Media files. Wikitext. Image.

Novell ZENworks for Servers 3 Administrators Handbook - Brad ...
Novell ZENworks for Servers 3 Administrators Handbook - Brad Dayley.pdf. Novell ZENworks for Servers 3 Administrators Handbook - Brad Dayley.pdf. Open.

Defending Servers by Randomizing Listening Port ...
tacks. For example, many known vulnerabili- ties are found in well-known services, such as. SSH (Secure Shell) [20], RPC (Remote Procedure. Call) [15], and ...

Bandwidth usage distribution of multimedia servers ...
cally on dedicated server channels. While the client is playing the current object segment, it is guaran- teed that the next segment is downloaded on time and the ...