Educause Security Discussion mailing list archives
Re: Policy regarding servers on the network
From: Mark Borrie <mark.borrie () OTAGO AC NZ>
Date: Tue, 26 Apr 2005 09:34:22 +1200
At Otago we charge back all Internet traffic costs to each connected system. This has meant that all systems that can connect to the Internet have needed to be centrally registered for some years (In fact policy dictates that all devices on the local net are registered). We tie an account code to each IP. When we introduced global port blocking for systems except for registered servers we qucikly found out all our Internet visible servers. Since that time we have tightened up on this and now require these servers to register their services so that only the needed ports are open. Some departmental admins thought they could run their servers securely with all ports visible from the Internet. Two of the most expensive security incidents over the two past two years were servers that had all ports available to attackers. Mark. On 25 Apr 2005 at 9:09, Brian Viscuso wrote:
I am curious to see if or how many institutions have a specific policy that regulateshow servers are put on the network? And, do you have a formal request system in place for getting these servers on-line? We are working on formulating a policy for college/departmental servers onour network in an effort to 'corral' rouge servers and tighten up our network traffic going to these servers. We aren't saying they can't have them, we just want to know about them in advance and make sure they are compliant with commonsecurity standards. If anybody out there has something similar in place I would be interested in seeing their policy or implementation. Many thanks in advance. - Brian ______________________________________
-- Mark Borrie IT Security Officer, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Policy regarding servers on the network Brian Viscuso (Apr 25)
- <Possible follow-ups>
- Re: Policy regarding servers on the network Lucas, Bryan (Apr 25)
- Re: Policy regarding servers on the network Brian Viscuso (Apr 25)
- Re: Policy regarding servers on the network Steve Schuster (Apr 25)
- Re: Policy regarding servers on the network Gary Dobbins (Apr 25)
- Re: Policy regarding servers on the network Tim Howard (Apr 25)
- Re: Policy regarding servers on the network Darnell Walker (Apr 25)
- Re: Policy regarding servers on the network Mark Borrie (Apr 25)