Need more help?
See the Quick Start Digital Tools for Students page
Contact the ITS Service Center:
Page Last Modified: Jun 14, 2017
Share Link: https://answers.fredonia.edu/x/3YY4
A server is defined as a host that provides a network accessible service.
Follow the minimum security standards in the table below to safeguard your servers.
|RECURRING TASK||WHAT TO DO||LOW RISK||MODERATE RISK||HIGH RISK|
|Patching||✔||Based on National Vulnerability Database (NVD) ratings, apply high severity security patches within seven days of publish and all other security patches within 90 days. Use a supported OS version.||✔||✔||✔|
|Vulnerability Management||✔||Perform a monthly Qualys scan. Remediate severity 4 and 5 vulnerabilities within seven days of discovery and severity 3 vulnerabilities within 90 days.||✔||✔||✔|
|Inventory||✔||Review and update NetDB and SUSI records quarterly. Maximum of one node per NetDB record.||✔||✔||✔|
|Firewall||Enable host-based firewall in default deny mode and permit the minimum necessary services.||✔||✔||✔|
|Credentials and Access Control||✔||Review existing accounts and privileges quarterly. Enforce password complexity. Logins with SUNet credentials via Kerberos recommended.||✔||✔||✔|
|Two-Step Authentication||Require Duo two-step authentication for all interactive user and administrator logins.||✔||✔|
|Centralized Logging||Forward logs to a remote log server. University IT Splunk service recommended.||✔||✔|
|Sysadmin Training||✔||Attend at least one Stanford Information Security Academy training course annually.||✔||✔|
|Malware Protection||✔||Deploy Cb Protection (formerly Bit9) in high enforcement mode. Review alerts as they are received.||✔||✔|
|Intrusion Detection||✔||Deploy Cb Protection (formerly Bit9) on supported platforms, otherwise use OSSEC or Tripwire. Review alerts as they are received.||✔||✔|
|Physical Protection||Place system hardware in a data center.||✔||✔|
|Dedicated Admin Workstation||Access administrative accounts only through a Privileged Access Workstation (PAW).||✔|
|Security, Privacy, and Legal Review||Request a Security, Privacy, and Legal review and implement recommendations prior to deployment.||✔|
|Regulated Data Security Controls||Implement PCI DSS, HIPAA, FISMA, or export controls as applicable.||✔|
Short URL to this page: https://answers.fredonia.edu/x/3YY4
There is no content with the specified labels