Skip to main content
IUP artmark

IUP IT Systems Administrators Procedures and Best Practices

  • General

    • Comply with all IUP IT security policies, procedures and guidelines. University policies, procedures and guidelines provide the foundation and framework for IUP IT security. They must be followed, and the mechanisms for compliance must be documented.
    • Refrain from removing or circumventing any university installed software or security controls.
    • IT support for components beyond the base image will be limited.

    Physical Security

    • Physically secure the server or PC. Keep rooms with servers, PCs, and network equipment locked when unattended. Do not leave portable devices (such as smartphones or notebook PCs) or media (such as DVDs or flash drives) vulnerable to theft. Apply BIOS passwords and/or use computer locks if a server or PC resides in an untrusted room (such as a public lab). Secure, disable, or physically block access to external ports if they are not needed (like USB ports).

    Authentication and Accounts

    • Implement and use authentication

      All university-owned PCs, servers, and network equipment must have some form of authentication system using a strong password or certificate. All users should use authentication when accessing these resources and computing sessions should be closed when not in use. Encryption should be utilized if available. 

    • Do not allow anonymous access or guest access to any resource

      PCs and servers should be configured and managed so that anonymous and guest access is disabled unless specifically required. 

    • Do not share passwords, use blank passwords, or use weak passwords

      Sharing of usernames/passwords is prohibited and the use of strong passwords is highly encouraged. A strong password should be at least eight (8) characters long. It should not contain a word found in a dictionary, and should include numbers and non-alphanumeric characters. 

    • Use low-privilege accounts
      Do not use accounts that have administrative privileges (such as administrator or root) except when no other alternative exists. Using lower privilege accounts generally protects the system in the case of malicious code attempting to cause damage. Users can reduce risk by using a non-privileged account when using a computer to browse the web, read e-mail, and open documents. Modern versions of Microsoft Windows contain UAC (User Access Control), which can prompt users before attempting to run administrative executables.
    • More information on IUP accounts and passwords

    Secured Hosts

    • Always secure a system before placing it on the IUP network

      Many vulnerabilities exist in stock/default installations of operating systems such as Windows and Linux. The risk of a system being compromised increases if a newly installed system is placed on the IUP network before it has been properly secured. A compromised system will need to be re-installed and properly secured before placing it back on the IUP network. 

    • Secure local data and network shares by providing access only as required.

      All computing media, files, data, and information should be protected by file system security such that access control lists are set for specific accounts that require access to the resource. Encrypting and password protecting files offer an additional layer of protection. If data is to be shared via the network (network share, ftp site, website), access/control should be applied in the same manner. 

    • Patch software and devices in a timely manner 

      Unpatched or out-of-date computer software is one of the primary reasons computer viruses, worms, and hackers are able to compromise a system. Update the server or PC regularly and on demand when a critical vulnerability is announced. Most attacks are performed on known vulnerabilities in situations where a vendor provided patch has not been applied. Information on software vulnerability notification from a variety of vendors can be found in the IT Security Resources page. Vendors typically provide instructions on obtaining and installing patches. Some vendors, like Microsoft, provide free tools for end-users to use such as Windows Update

    • Change and review default configurations of software packages so that it only contains what is needed for the task at hand

      Many exploits use vulnerabilities found in obscure or unused features in various computer software. Most exploits are created to compromise as many systems as possible, relying on systems with default configurations and/or systems with various features turned on by default. Minimizing the default configuration will limit exposure to automated brute-force hacker scripts/kits, worms, and attacks on unknown vulnerabilities. 

    • Disable or uninstall any unneeded services or software

      Uninstalling unused software eliminates exposure to vulnerabilities in the unneeded software and is a great technique for helping to secure the server or PC. In addition, disabling unneeded network services will remove those vulnerabilities and is highly encouraged. 

    • Do not install unknown/untrusted software

      Freeware, shareware, and public domain software should only be installed when obtained from a reputable source. Open source software should be downloaded from the project website or trusted mirrors. 

    • Install a host-based firewall if warranted

      IUP’s network is routable to the Internet. Systems and networks across the Internet are scanned constantly by potential attackers seeking vulnerabilities. Using a personal firewall can help protect the server or PC. A firewall acts as an interface between two networks while regulating, isolating, and/or filtering network traffic. Many network operating systems come with a host-based firewall (Windows 7, Red Hat Enterprise Linux, etc.). There are also third-party companies that sell personal firewall packages, and some distribute free versions. Even if a firewall is used, it is still important to maintain local security of the system as firewalls can sometimes be evaded or defeated.

    Virus Scanning

    • Install and maintain current antivirus software

      There are over 100,000 known forms of malware (viruses, worms, bots, and trojans). It is imperative that antivirus software be installed and updated. IUP provides Sophos antivirus software

    • More information on viruses

    Active Monitoring

    Monitor and review log file

    Log monitoring can detect malicious activity and/or unauthorized access to the system. Use of an audit trail is recommended. Unexplained unsuccessful log-on attempts found in logs should be reported to the IT Support Center for review. 

    Backup and Recovery

    Backup your system regularly

    System backups to removable media are recommended for use in the case of system compromise, accidental deletion of files, hardware failure, theft, etc. 

    Incident Response

    Report any compromised system, malicious activity, or virus infected system

    The IT Support Center must be contacted immediately in cases where a system compromise and/or malicious activity is suspected.