TTUHSC IT Policies
Guidelines For Operating Systems Security
To ensure separation of duty, the security functions performed by the authorized administrator
must be separable from the non-security functions performed by the System Administrator.
Separate and distinct privileges must be associated with distinct security relevant
If a domain or system has multiple System Administrators, each System Administrator
must maintain their own individual administrative account.
System Administrators must not leave the server console unattended while logged on.
All production server hardware must be physically secured in an area that restricts
and limits access to the server console, if possible.
Remote system administration is not allowed from outside of the TTUHSC Internet firewall
unless using an encrypted and authenticated channel.
Network System Administrators must immediately disable user accounts when notified
the user has terminated employment with TTUHSC or as requested by supervisor.
Configuration of any production systems must be limited to the minimum network services,
protocols, and bindings necessary for operating that system and application.
Application files must be maintained separately or partitioned from the system and
System areas must never be accessible via remote mounting.
Systems running critical applications must never "trust" other non-application based
Systems supporting critical applications should have security functionality in place
to control and restrict network connections from non-identified sources.
Systems configured as network routers or gateways shall support only the services
necessary to perform those functions.
File Share Configuration
The Windows default hidden shares (ADMIN$, C$, D$, and PRINT$) must be set so that
only system administrator rights are allowed.
The network configuration for file sharing on all Windows desktop and portable computers
should be disabled by default. File systems that are shared should be set to read-only
unless write access is explicitly required.
The system that requires the ability to share files must also restrict the access
to only the workstations and users that are authorized to use it.
The administrator must disable or delete vendor supplied default "User ID/password
Passwords known or suspected to be compromised must be reset as soon as possible,
while minimizing disruption of application operations.
Security administration passwords must be reset when system administration responsibilities
have been transferred to a new administrator, or when an administrator no longer requires
access to the system.
The incoming System Administrator must change the service account passwords immediately
upon responsibility transfer.
Static passwords used to authenticate User IDs, must be a minimum of six (6) characters
Note: This is the minimum requirement – longer character length is encouraged for
increased security based on how critical the particular information assets, applications,
or systems are to the institution and/or the customer.
It is strongly recommended that static passwords used to authenticate User IDs must
be changed at least every ninety (90) days.
Note: This is the minimum requirement - changing passwords more often is encouraged
for increased security based on how critical the particular information assets, applications,
or systems are to the Institution and/or the user.
Static password complexity requires that any three of the following four characteristics
must be applied when creating or changing a password:
- Alpha characters - at least 1 alpha character
- Numeric characters - at least 1 numeric character
- Special characters - at least 1 special character
- No more than 2 of the same characters used consecutively
Examples of passwords that meet the above criteria are: g123*b, abc11@, ttu&12, 1973z$
Passwords should not be reused by the same user for six months.
Individual users must be required to change their "initial" password when used for
the first time. For example: initialized in a pre-expired state.
The password change routing must require the user to re-authenticate.
Note: The system should be configured to notify users in advance of requiring them
to change their passwords and before their passwords expire.
Administrators must not allow the sharing of "User ID/password pairs" among multiple
Clear-text representation of the password on the data entry device must be automatically
suppressed or fully masked out.
Windows Operating System Security
Systems must be configured such that a System Administrator is required to logon in
order to shut down a server.
Service Account Passwords
Service accounts are loosely defined as accounts that are used by application services
to operate on a Windows server or workstation. These accounts, in many cases, must
have domain or other administrative privileges, and must always have the ability to
"log on as a service" on the host server or workstation. All rights, not absolutely
required for application operations such as "log on locally," must be disabled.
Passwords for service accounts must be maintained and tightly controlled by the application
administrator. These passwords must follow all of the criteria for user account passwords,
except for the following areas:
- Passwords must be reset when applications administration responsibilities have been
transferred to a new administrator, or when an application, domain, or other administrator
no longer requires access to the system
- The incoming administrator must change the service account passwords immediately upon
- In order to monitor account activities, service accounts must be audited in the same
manner as user accounts.
UNIX Operating System Security
Prior to logging in at the root level, the user must first log in under his/her own
User ID and then use the super user (SU) command to access root privileges.
The ability to log in with a root level password must be limited to only those authorized
persons who have been entrusted with system administrator responsibility, and must
be done from the system console.
Root or system administrator history must be enabled.
Upon any personnel changes, the root password must be changed as soon as practical.
Any system using shadow password files must restrict access to the shadow password
Only TTUHSC I.T. approved super group identification (SGID) and super user identification
(SUID) programs are permitted on the system.
The permissions on crontab entries must be READ/WRITE by owner and no access for group
or others. (A crontab is a list or table of commands that are executed by the operating
system at specific times.)
Crontab entries must not be invoked from world readable/writable files.
Crontab entries must not be referenced from world readable/writable files.
Auditing and Accountability
The syslog daemon must be configured to start automatically at boot time. The audit
records should be stored in a separate file system dedicated to auditing.
The audit information must be protected with no access for world to prevent casual
browsing by non-root users.
E-mail entering or leaving the TTUHSC network must pass through the I.T. TTUHSC email
servers unless approved by the CIO. All email mailbox and transport services for an
individual or an application must use the I.T. TTUHSC e-mail servers unless approved
by Information Technology. Refer to the Institutional Email and Computer Naming Convention
Standards for more information.
Email servers including, but not limited to, SMTP, POP3, IMAP4, or Microsoft Exchange
may not be run on any system connected to the TTUHSC network unless approved by Information