This policy applies to all computer servers connected to the campus
network via the Department of Chemistry network and include both university-owned and non-university owned computers.
"Server" Defined
A "server" in this context is any computer providing some service
to other client computers via the network. A server processes requests
from other computers for read and write access to the server's
local hard drive or other shared resources (disk, printer, memory,
etc). Some examples include, but are not limited to, computers running
web servers, shared database servers, FTP servers, printer services, and peer-to-peer
networking services.
Guidelines
The server must be registered with the the Department's
IT Shop and a responsible contact identified. Ideally, this person
would be someone who is trained in system administration for the server's
platform. The contact should have a backup listed, in case the primary
contact is unavailable.
The server must be securely configured before
it is put into production. All vendor security patches must be applied,
and file permissions must be "corrected" for the server's role. No
unauthenticated accounts or access (ie, "guest") to the server should
be allowed.
It is the responsibility of the primary contact to update the server with
all vendor-supplied security patches on a regular basis. New exploits
for services are constantly located and fixed by the vendor. These
new fixes must be applied to close known security holes.
The IT Shop should be allowed to establish a local administrative account
of all computers designated as servers.
The primary contact should notify IT Shop staff immediately of any evidence
of compromise or misuse of the server or the services it offers.
|
