• Students
• Faculty & Staff
• Systems Administrators Resources

• Resources
• Alerts/Advisories
• Digital Self Defense
• Safe Practices
• Projects & Services
• Standards & Policies
• Forms
• About Us/Contacts

Server Security Standard

What's New in 2009?

The Server Standard has been restructured in order to provide more explicit requirements. Below is a list of major changes; please consult the checklist or the standard for a complete list.

The scope now includes not only the physical server but the applications, operating systems, and databases that reside on it.

• Registration and Ownership
• All servers must be registered in an ISO-approved registration system
• Each application must have an application and a systems administrator identified
• ISO Vulnerability Scanning
• A pre-production and post-production vulnerability assessment is required for all new services and servers
• Host-based intrusion prevention system (HIPS) software is now required where available
• Trespassing banners must be displayed at login
• All non-removable media must have access control enabled

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found at http://security.rit.edu/saresources.html.

What does the standard apply to?

• All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

What do I need to do?

• Read the Server Security Standard
• Use the Server Security Checklist to configure your server
• Read the Server Standard Plain English Guide if necessary

Approved Vulnerability Scanners

Nessus, Nexpose, and NMap are approved for scanning servers at RIT. For information on the scanning conducted by the RIT Information Security Office see the Vulnerability Management Program at RIT.

Approved Encryption Methods

Under Development

Network Trespassing Banner

See the login/trespassing banner on the Systems Administrators Resource Page.

Server Security Standard

• Server Security Standard (eff. 8/1/09)
• Server Security Checklist (eff. 8/1/09)
• Server Security Plain English Guide (eff. 8/1/09)


• Server Security Standard (previous version) (eff. 11/15/05)
• Server Security Checklist (previous version) (eff. 11/15/05)