RIT
Information Security

Server Security Standard

What's New in 2009?

The Server Standard has been restructured in order to provide more explicit requirements. Below is a list of major changes; please consult the checklist or the standard for a complete list.

The scope now includes not only the physical server but the applications, operating systems, and databases that reside on it.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found at http://security.rit.edu/saresources.html.

What does the standard apply to?

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

What do I need to do?

Approved Vulnerability Scanners

Nessus, Nexpose, and NMap are approved for scanning servers at RIT. For information on the scanning conducted by the RIT Information Security Office see the Vulnerability Management Program at RIT.

Approved Encryption Methods

Under Development

Network Trespassing Banner

See the login/trespassing banner on the Systems Administrators Resource Page.

Server Security Standard