TTUHSC IT Policies
1.4.18 SERVER HARDENING
A server cannot be connected to the TTUHSC network until it is in a TTUHSC I.T. approved secure state. Prior to connecting the server to the network, the following must be performed:
- Contact IT Systems and IT Security.
- Install the operating system from an I.T. approved source which includes proper licenses,
- Receive a reserved IP address from the appropriate regional campus network administrator,
- Remove all unnecessary software, system services, and drivers,
- Set appropriate security parameters, file protections, and enable audit logging,
- Disable or change the password of default accounts
Before connecting to the network
- Install I.T. approved anti-virus software, and
Immediately after connection to the network, the following must be completed:
- Apply the latest vendor supplied patches, which have been tested for compatibility with the production environment.
Note: For more detailed information and procedures based on specific operating system, please refer to Guidelines For Operating Systems Security at http://www.ttuhsc.edu/it/admin/policy/ossecurity.aspx.
All servers are required to be submitted to a vulnerability assessment performed by TTUHSC Information Technology Security group (ITS) prior to use.
In the event that a vulnerability or a combination of vulnerabilities are discovered that constitute an unacceptable level of risk as deemed by TTUHSC ITS, the server administrator is responsible for ensuring they are addressed. Any such risk must be addressed prior to production use. Further scanning may be required.
TTUHSC ITS will monitor security issues, both internal and external to TTUHSC, and will monitor the release of security patches on behalf of TTUHSC. After the server administrator is notified by the ITS, patches must be implemented within a specified timeframe determined by the security level of the patch, or the risk level of the vulnerability. ITS will routinely monitor to ensure the system(s) are in compliance. Failure to comply with these guidelines can result in the server(s) being removed from the network.
TTUHSC I.T. will perform due diligence in testing security patches before release when practical.