Reminder: Justification letters must be submitted to the Office of the VC for IT for any server or IT based service maintained within a department and an approval must be granted. See PM - 36 resources on the LSU IT Policies page.
Departmental Servers (Security Baseline)
- The operating system and applications should have the most recent security updates installed.
- Anti-malware (anti-virus and anti-spyware) applications should be running and up-to-date.
- Administrative accounts should only be used for system management and not left logged on.
- Number of administrative accounts on server should be very limited.
- Windows servers should be added to the LSU Active Directory.
- Windows servers should remove "Domain Users" from the Users group.
- Servers should be backed up routinely and those backups should be periodically tested for data integrity and availability.
- A local firewall should be running and properly configured to limit access to specific ports and/or subnets.
- Servers storing SSNs must submit a request form to the Office of the University Registrar for approval (PS113: Social Security Number Policy).
- Servers should log events such as account logins and account changes.
- User access to servers should be limited to the specific users it serves.
- Physical access to servers should be very limited (secure location).
Departmental File Servers
- Access to file shares should be limited to specific users (No open/anonymous shares).
- Users should be given only the appropriate amount of privileges to access data within the file shares.
- Personally Identifiable Information (PII) such as credit cards and bank accounts numbers should not be stored unless absolutely necessary.
- Any Personally Identifiable Information (PII) must be stored on software or hardware encrypted disks.
- Departmental file servers should follow the best practices security baseline listed above.