-
UIT Help Center
Chat Live Chat
Email support@uh.edu
Submit a help form
Call 713-743-1411
Visit the Tech Commons-
Policies and Guidelines
Departmental IT Best Practices - Securing Servers
Last Updated: April 15, 2011
Reviewed: January 11, 2010
Reviewed: January 11, 2010
- Who does it apply to?
- Departmental Management
- Why is it important?
- To secure computer equipment to ensure information assets are safeguarded.
Practices
Computer Location
- What is it?
- Choosing a location that provides for the security and environmental needs of the desktop.
- WHAT NEEDS TO BE DONE:
- Assess system needs in light of available locations.
Existing Guideline(s):
Data and Software Access Control
- What is it?
- Providing access to data based on users' need to know.
- WHAT NEEDS TO BE DONE:
- Assess the appropriate level of access to data for various departmental groups.
Existing Guideline(s):
Data Backup and Recovery
- What is it?
- Making copies of critical data so it can be recovered if the equipment it is stored on fails or some other catastrophic event occurs.
- WHAT NEEDS TO BE DONE:
- Make copies of critical files or databases so they may be recovered if the originals are no longer accessible.
Existing Guideline(s):
Login/Password
- What is it?
- Requiring unique logons and strong passwords for all users.
- WHAT NEEDS TO BE DONE:
- Set requirements for logons and passwords in alignment with university policy and criticality of data.
Existing Guideline(s):
Old Computer Equipment
- What is it?
- Disposing of old computer equipment appropriately.
- WHAT NEEDS TO BE DONE:
- Remove department information and licensed software prior to disposal.
Existing Guideline(s):
Physical Security
- What is it?
- Ensuring physical assets are secure.
- WHAT NEEDS TO BE DONE:
- Assess appropriate level of access to physical assets such as facilities, equipment, data media, and power supplies.
Existing Guideline(s):
Software Installation and Upgrades
- What is it?
- Installing and maintaining application software to ensure it is up-to-date in order to minimize security vulnerabilities.
- WHAT NEEDS TO BE DONE:
- Install the latest version of the application software, then ensure software patches and updates are applied in a timely fashion.
Existing Guideline(s):
System Monitoring
- What is it?
- Monitoring computer system logs in order to detect abnormal activity so it can be reported to IT Security.
- WHAT NEEDS TO BE DONE:
- When campus is not at an orange threat level, system monitoring is still essential but not required on a daily basis.
Existing Guideline(s):
System Software
- What is it?
- Installing and maintaining system software to maximize availability and accessibility, and minimize vulnerabilities.
- WHAT NEEDS TO BE DONE:
- Install the latest version of the system software, then ensure software patches and updates are applied in a timely fashion.
Existing Guideline(s):
Virus Protection
- What is it?
- Protecting computer systems from viruses.
- WHAT NEEDS TO BE DONE:
- Install and maintain up-to-date anti-virus software.
Existing Guideline(s):