Network Attachment Standards
Standards
The following minimum IT security standards are to be applied to applicable information systems at the University of Michigan-Dearborn.
Servers
Attachment Standards
Servers attached to the campus network shall meet the following minimum standards for reliable, functional, and secure usage:
- Located in a physically secure location with controlled access
- Function shall be clearly defined and should run the minimum number of services required to complete that function
- Security fixes shall be applied and maintained
- Unauthorized access to server resources shall be logged and appropriate action taken.
Backup Standards
Reliability includes recovery from system failures at any level. These are the minimum backup standards for servers at University of Michigan-Dearborn.
- Critical data shall be backed up on a daily basis
- Backups shall be run off hours to minimize the impact to users and systems
- One full backup shall be located off-site, in case on site backup becomes unavailable for any reason.
- Backups shall be tested for reliability and data integrity
Logging Standards
- Logging provides data for planning upgrades and resolving security and performance issues:
- Local and remote logging of appropriate server information
- Detailed auditing of logs and appropriate server resources shall be available
Network Equipment
Access Standards
- Limited to on-campus access only
- Limited to authorized personnel only
Logging Standards
The following shall be logged to a remote-logging server:
- Critical events
- Login attempt, both successful and unsuccessful
- Statistics shall be gathered and stored for security tracking, upgrade planning, and performance tuning
Workstations
Attachment Standards
Workstations attached to the campus network should meet the following minimum standards:
- Located in a physically secure location with controlled access
- Function shall be clearly defined, with access only to information needed to complete that function
- Only authenticated access shall be allowed
- Critical workstations shall be logged to a remote log server