Re: Policy regarding servers on the network

[Mark Borrie <mark.borrie () OTAGO AC NZ>]

At Otago we charge back all Internet traffic costs to each connected
system. This has meant that all systems that can connect to the
Internet have needed to be centrally registered for some years (In
fact policy dictates that all devices on the local net are registered).
We tie an account code to each IP.

When we introduced global port blocking for systems except for
registered servers we qucikly found out all our Internet visible
servers. Since that time we have tightened up on this and now
require these servers to register their services so that only the
needed ports are open.

Some departmental admins thought they could run their servers
securely with all ports visible from the Internet.  Two of the most
expensive security incidents over the two past two years were servers
that had all ports available to attackers.

Mark.

On 25 Apr 2005 at 9:09, Brian Viscuso wrote:

> I am curious to see if or how many institutions have a specific policy that
> regulateshow servers are put on the network? And, do you have a formal request
> system in place for getting these servers on-line? We are working on formulating a
> policy for college/departmental servers onour network in an effort to 'corral' rouge
> servers and tighten up our network traffic going to these servers. We aren't saying
> they can't have them, we just want to know about them in advance and make sure
> they are compliant with commonsecurity standards. If anybody out there has
> something similar in place I would be interested in seeing their policy or
> implementation.
>
> Many thanks in advance.
>
> - Brian
> ______________________________________
--
Mark Borrie
IT Security Officer,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.