Re: Locally Administered servers

[Gary Flynn <flynngn () JMU EDU>]

Leo Tran wrote:

> Does your University allow local departments to administer their own
> servers?  Do you require them to sign any kind of release form?  Do you
> have any specific security policy for them? Thank you for your help.

Hi Leo,

Departments implement and administer servers here at will but
they have to ask for them to be exposed to the Internet.

There is no approval process although we offer some recommendations
such as using our VPN or letting us install IP access controls
when the servers need only limited access. We do it this way not
to create a roadblock but instead so the bulk of computers not
needing Internet exposure aren't.

However, we hope to add some additional services/procedures
in the future:

- additional vulnerability scanning and reporting
- sensitive data questionnaire
- extra IDS/IPS/netflow/SEM attention
- host integrity monitoring


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security