Educause Security Discussion mailing list archives
Re: Locally Administered servers
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 14 Mar 2006 11:45:22 -0500
Leo Tran wrote:
Does your University allow local departments to administer their own servers? Do you require them to sign any kind of release form? Do you have any specific security policy for them? Thank you for your help.
Hi Leo, Departments implement and administer servers here at will but they have to ask for them to be exposed to the Internet. There is no approval process although we offer some recommendations such as using our VPN or letting us install IP access controls when the servers need only limited access. We do it this way not to create a roadblock but instead so the bulk of computers not needing Internet exposure aren't. However, we hope to add some additional services/procedures in the future: - additional vulnerability scanning and reporting - sensitive data questionnaire - extra IDS/IPS/netflow/SEM attention - host integrity monitoring -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Locally Administered servers Leo Tran (Mar 13)
- <Possible follow-ups>
- Re: Locally Administered servers Kenneth G. Arnold (Mar 13)
- Re: Locally Administered servers David Lundy (Mar 13)
- Re: Locally Administered servers Cal Frye (Mar 13)
- Re: Locally Administered servers Bob Kehr (Mar 13)
- Re: Locally Administered servers Thomas R. Davis (Mar 14)
- Re: Locally Administered servers Waller, Michael A. (HSC) (Mar 14)
- Re: Locally Administered servers Gary Flynn (Mar 14)