CWU banner, your future is Central.  
CWU Home   Applications   Helpdesk   Networks   Resnet   Telecom   Training
  A-Z SITE INDEX  
  Web Office   Wireless   ITS Home   
Pictures from around campus

Networks - Minimum Desktop Requirements
Back to ITS
Back to Previous Page

Summary for securing Host Based Servers

1. Installation
2. Connecting to the network
3. Enabling Services
4. Access Logging
5. Remote Access

Detail of Securing Host Based Servers

1. Installation

Computers must be securely configured and meet CWU's requirements before deployment.

  • While installing the OS and patches, the server may not be connected to the Internet
  • For Windows OS, configure the patch update method to use the CWU Patch Server
  • Install and configure anti-virus software, for Windows OS configure to use the CWU Symantec Update server (emsmss.cts.cwu.edu)
  • Configure the server for system backups and test them periodically
  • Disable or eliminate accounts which are not being used
  • Verify the appropriate local security settings
  • All passwords must be changed from default and must meet complexity standards
  • Access to the Administrator or root accounts should be limited to the smallest number of people necessary to maintain the servers
  • Servers must be physically secured, i.e. in the Computer Center
  • Servers may not be used as workstations

2. Connecting to the network

  • Servers may not be connected to the CWU network unless patching services and anti-virus services are configured for automatic updates
  • The server must be plugged into a UPS
  • Server administrator information must be provided to ITS-Network and Operations and be kept updated yearly

3. Enabling Services

  • Disable or eliminate all unused system services not essential to the prime function of the server, on Windows OS specifically IIS, FTP, proxy services, all forms of SQL Server, Telnet, Universal Plug and Play
  • On Windows OS mark services that will not be disabled to be manual, specifically Telnet and Universal Plug and Play
  • Replace necessary insecure services (such as telnet, rsh, or rlogin) with secure alternatives
  • No servers are allowed to run LDAP, DNS, DHCP, NIS+ or a Windows Domain Controller
  • If the OS provides a stateful firewall, it should be enabled and only those ports necessary to allow the server to function should be open

4. Access Logging

  • All servers should have access logging enabled
  • Logs should be checked regularly (at least weekly) for unusual access attempts
  • Logs must be located in a secured location, i.e. remote server if available

5. Remote Access

  • Remote access to servers must be be highly restricted
  • SSH and VPN must be used for remote access
Contact Information
ITS - Networks
400 E. University Way
Ellensburg, WA 98926
Phone (509) 963-2924
Email: networks@cwu.edu
Central Washington University 400 E. University Way, Ellensburg WA 98926 This Site Optimized For Newer Browsers.
Go back to Central's main page