STANDARD FOR SERVER ADMINISTRATORS

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 48 – Standard for Server Administrator

 


I. STANDARD STATEMENT

 


This standard applies to all faculty/staff members who maintain one or more servers in their department.

 


II. RATIONALE


This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.

 


III. SCOPE



This standard applies to all UTSA faculty, staff, and students.

 


IV. CONTACTS


If you have any questions about OIS 48 – Standard for Server Administrator contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 


V. SERVER HARDENING CHECKLISTS


  1. The following checklists contain server hardening procedures.  The procedures listed in these documents are a balance of industry best practices and the unique minimum requirements of UTSA's computing environment. It is necessary to follow these steps to prevent attacks from known vulnerabilities. In the event that the minimum requirements cannot be met, exceptions must be documented and be made available to audit and compliance staff members when requested. 
    1. Windows 2003(Note: Support for Server 2003 ends in 2015.  OIT recommends Server 2008/2012)
    2. Windows 2008 R2(Note: Also applies to Windows 2012)
      Whenever possible, the Office of Information Technology recommends the use of the Microsoft Server Configuration Wizard (SCW). More information on Server 2012 Best Practices can be found on the Microsoft website.
    3. Mac OS X
  2. More assistance is available from the Office of Information Technology.  Contact OITConnect, 210-458-5555 for more information. 


VI. PROCEDURES


  1. Server setup
    1. Follow the procedures in this standard. 
    2. Before installing the server software, contact the Office of Information Security for permission to add the server to the UTSA computer network.
    3. Contact OITConnect to request a static IP address, if needed.
    4. Follow the documented steps in the appropriate checklist in the Standard for Seerver Hardening (above) and retain the checklist document in a safe place.
    5. Produce the checklist document when required by Audit and Compliance.
    6. Following initial setup, the Office of Information Technology will be responsible for the physical security and software/operating system updates for servers under OIT control.
  2. Policy Review
    1. In order to maintain currency of the Information Security Program, this policy is subject to review on a regular basis. 

LAST UPDATE: September 11, 2014

______________________________________________________________________________


Effective Date: September 11, 2014

Last Revised: November 8, 2016

Reviewed: August 21, 2017

<< Back