Information Security
Standards for Securing Servers
Server security requires the time and skill sets of a professional system administrator. Security configurations change with the operating system used, the purpose of the server, and the security regulations applied to the data. Monthly patching requires extensive testing for servers with contingency planning when patches crash applications. Below are standards illustrating the current best practices. For data requiring addition protection, please see the Data section.
- National Institute of Standards and Technology
- Security Configuration Checklist Repository
- Standards for Windows Servers
- Windows Server 2003 CIS Benchmark
- Windows Server 2003 Security Guide from Microsoft
- The Administrator Accounts Security Planning Guide from Microsoft
- Practices for Mac OS X
- Stephen de Vries Securing Mac OS X
- Installation security measures
- Mac OS X CIS Benchmark
- Max OS X from the NSA
- Standards for Unix Servers
- Solaris BluePrint for Solaris 8
- Solaris 9 from the NSA
- Linux CIS Benchmark
- HP-UX CIS Benchmark
- FreeBSD CIS Benchmark
- Standards for Database Servers
- Oracle Database hardening CIS B enchmark
- MS SQL Security Checklist from SQLsecurity.com
- SQL Server 2000 from Microsoft
- SQL Server 2005 - Security and Protection
- MySQL Security Issues from MySQL
- Secure MySQL Database Design from Security Focus
- Standards for Mail Servers
- Mail relaying must be disabled for hosts outside of the tufts.edu domain
- ORDB provides a comprehensive list of fixes for most mail servers
- Exchange Security
- Exchange Server security resources from Microsoft.
- Standards for Web Servers
- Guidelines on Securing Public Web Servers pdf file from NIST
- Securing Apache from SecurityFocus
- Microsoft IIS 5 Checklist
- Microsoft Checklist: Securing your Web Server
- IIS 6.0 Security from SecurityFocus
- Standards for log retention
- The Health Insurance Portability and Accountability Act (HIPAA) - Affects healthcare industry. Logs should be retained up to 6 years.
- National Industrial Security Program Operating Manual (NISPOM) - Specifies log retention of at least one year.
- The Sarbanes-Oxley Act (SOX) - Affects US Corporations. Specifies retaining audit logs for up to seven years.
- VISA Cardholder Information Security Program (CISP) - Specifies retaining audit logs for at least six months.
Tufts Home |
Inside Tufts |
Contact University Information Technology
Privacy/Security Notices |
Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.