• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Info For
  • Prospective Students
  • Current Students
  • Residents
  • Faculty & Staff
  • Alumni & Friends
  • Patients & Healthcare
  • Visitors & Community
  • Giving to TTUHSC
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Contact Info
  • HSC Directory
  • HSC Contacts
  • IT Contacts
• Site Maps
  • HSC Site Map
  • IT Site Map

Quick Search

IT Resources

• Information Technology
• Quick Links
  • Available Services
  • Help Desk
  • Security
  • IT Policies
  • Download Software

IT Policies

• Policies
• TTUS Board Of Regents Policies And Procedures
• Security
  • I.T. Resource Management And Responsibilities
  • Managing Physical Security
  • Disaster Recovery
  • Security Safeguards
    • Acceptable Use
    • Account Management And User Responsibilities
    • Administrator/Special Access
    • Backup/Recovery
    • Change Management
    • Email
    • Incident Management
    • Internet And Intranet Connectivity
    • Intrusion Detection
    • Network Access
    • Network Configuration
    • Password/Authentication
    • Asset Management
    • Portable Computing
    • Privacy
    • Monitoring Of I.T. Assets
    • Security Awareness And Training
    • Server Hardening
    • Authorized Software
    • Application System Development, Acquisition, And Lifecycle
    • Vendor Access
    • Viruses And Other Malicious Code
    • Wireless Access
    • Vulnerability Assessment
• Institutional Videoconferencing Systems
• Institutional Computer Naming Convention Standards
• Hardware And Software Standards
• Technology Replacement Schedule
• I.T. Procurement Review
• Intellectual Property Rights
• Copyright
  • Copyright And Computer Software
  • Infringement Of Copyrights On Computing Software
• Web Standards
  • Student Web Publishing Standards
  • TTUHSC Web Publishing Standards
  • Web Site Visual Elements Standards
  • Change Management Procedures For Official TTUHSC Web Pages/Sites
  • Information Services Coding Standards, Security, And Audit Controls
  • E-Commerce Applications
  • Web Use And Copyright Standards
  • State Of Texas Web Publishing Standards
• Disciplinary Process
• Definitions
• Guidelines For Operating Systems Security
• Federal and State Statutes
• Notice of Disclaimer of Liability

HSC Resources

• HSC Home
• Welcome to the HSC
  • Welcome to the HSC
  • TTUHSC Strategic Plan
  • News & Events
  • Fact Books
• Office of the President
• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Centers & Institutes
• Research
• Administration
  • President's Office
  • Administrative Officers
  • Communications
  • Departments
  • Center for International and Multicultural Affairs
  • Rural & Community Health
  • Finance & Administration
  • Information Technology
  • Policies, Manuals and State Reporting
  • Institutional Compliance
• Human Resources
  • Prospective Employees
  • New Employees
  • Current Employees
  • HR Offices
  • Job Opportunities
  • More...
• Libraries
  • Library Catalog
  • Databases
  • Online Books
  • Online Journals
  • Online Reserves
  • More...
• Accreditation
• News & Events
• Emergency Preparedness
• Compliance Hotline

TTUHSC IT Policies

1.4.18   SERVER HARDENING

Standard/Procedure   

A server cannot be connected to the TTUHSC network until it is in a TTUHSC I.T. approved secure state.  Prior to connecting the server to the network, the following must be performed:

• Install the operating system from an I.T. approved source which includes proper licenses,
• Receive a reserved IP address from the appropriate regional campus network administrator,
• Remove all unnecessary software, system services, and drivers,
• Set appropriate security parameters, file protections, and enable audit logging,
• Disable or change the password of default accounts, and
• Complete a Server Registration Form (http://www.ttuhsc.edu/it/forms/serverregistration.aspx) and submit it to its@ttuhsc.edu.

Immediately after connection to the network, the following must be completed:

• Install I.T. approved anti-virus software, and
• Apply the latest vendor supplied patches, which have been tested for compatibility with the production environment.

Note: For more detailed information and procedures based on specific operating system, please refer to Guidelines For Operating Systems Security at http://www.ttuhsc.edu/it/policy/ossecurity.aspx.

All servers are required to pass a vulnerability assessment performed by the TTUHSC ITS prior to use.  Administrators are required to correct all network/operating system vulnerabilities identified as high or medium risk during the vulnerability assessment.  Examples of high and medium risk vulnerabilities are:

• Accounts with blank or weak passwords
• Outdated version or patch levels of server software and services

TTUHSC ITS will monitor security issues, both internal and external to TTUHSC, and will monitor the release of security patches on behalf of TTUHSC.  After the server administrator is notified by the ITS, patches must be implemented within a specified timeframe determined by the security level of the patch, or the risk level of the vulnerability.  ITS will routinely monitor to ensure the system(s) are in compliance.  Failure to comply with these guidelines can result in the server(s) being removed from the network. 

Patches are classified as follows:

• Critical Updates - These include updates or hotfixes for the operating system and mission critical applications.  These fixes address security vulnerabilities and system stability problems.
• Virus updates - Anti-virus vendors supply updates/signatures to protect against the latest viruses.  In order to provide maximum protection, all servers should receive regular anti-virus updates and upgrades.
• Applications/Program patches - This includes updates for specific applications that could affect the overall security of the server.

TTUHSC I.T. will perform due diligence in testing security patches before release when practical.

Texas Tech University Health Sciences Center, 3601 4th Street, Lubbock, TX 79430
806.743.1000
it.webmaster@ttuhsc.edu

Campus Webmasters | Recommended Web Site Viewing Requirements | General Policy Information

State of Texas Web Site | SAO Fraud Reporting | DMCA Compliance | Texas Homeland Security | TTUHSC Energy Conservation Report

TTUHSC Home | Texas Tech University System | Texas Tech University

©2009 Texas Tech University Health Sciences Center | All Rights Reserved