Server Best Practices
Remote Access to Servers
- If it is determined to be necessary, remote access to servers should be highly restricted.
- The use of encryption for remote access is not optional. SSH and VPN should be used.
- Remote host access should be limited by single IP or by the smallest IP range possible.
- Special attention must be given to remotely accessible machines. Host-based intrusion detection should be installed, logging should be increased, accounts on the server should be limited to responsible administrators only and the server should be syslogged.
Off-site & Vendor-Controlled Equipment
- Vendor controlled equipment includes special instrumentation (such as mass spectrometers, electron microscopes, specialized medical equipment, etc.), application software that requires a certain Service Pack or patch level and cannot be patched to current levels, FDA approved equipment which cannot be altered in any way without losing FDA approval and similar types of equipment where the vendor or some other non-Texas State entity controls what patching may be done to a server.
- Owners of vendor controlled equipment should consult with Texas State Information Technology Assistance Center regarding their special needs before connecting to the network.
- Consideration should be given to both internal and external threats to the server, especially for equipment that falls under the guidelines of HIPAA or T.A.C. §202.
- Texas State Information Technology Assistance Center should be notified if students, staff or faculty will need to gain access to these types of equipment using their computing accounts.
- Compliance with all Federal and State guidelines affecting equipment used for research funded by grants must be determined and verified.
- Texas State password policies should be maintained for any accounts on the server.
- Best practices for both the operating system and the applications on the server should be followed as much as is practical, within the constraints the vendor has defined.