Please review the guidelines below to ensure that your system is up-to-date and running securely.

Click here for Best Practices for Windows, Linux, and Solaris.

Account Security

  • Access to your account on any system by another party is prohibited
  • Accounts are equivalent to signing your name on a tangible document
  • Anything done with these accounts under your name is your responsibility and you may be liable for it
  • Accounts setup for group use is prohibited

Anti-Malware

  • All systems must run an antivirus and anti-spyware software package
    • Make sure to budget to renew your antivirus definitions service on a yearly basis. Many programs come with one free year of upgrades, but you need to budget (usually < $15) to keep your antivirus upgrade access current
    • Definition files should be checked on daily basis
  • Inform systems administrators as soon as a malware has been detected

Auditing

  • Review security event logs on a regular basis
    • It is useless to generate event logs if one is not going to monitor them

Backups

  • Perform full backups weekly
  • Store full backups off site in a secure location at least once per month
    • Periodically test the backups for integrity

Business Resumption Plan

  • Each college, school, or department should have a business resumption (continuity) plan (COOP)
    • In case of a disaster, such as a hurricane, you need to have critical systems back online as quickly as possible
  • Keep good inventory

Drive Mapping

  • Administrators must take precautions when logging into workstations that have drive mappings to their servers. Many viruses will propagate using the mapped drive. If an administrator has full access to servers and logs in to a workstation that has a drive mapped to a server, and the workstation happens to be infected with a worm, it may infect the server as well.
    • Administrators should use an account with limited permission to servers when troubleshooting a workstation or have the regular user login to the workstation

Firewall

  • All systems must have a firewall software installed and enabled
    • Built-in firewall on Windows XP or Vista is sufficient
    • Use IPfilters on  UNIX systems

FTP, SSH, and Web Servers

  • Disable anonymous FTP
  • Disable version banners
  • Set filters/wrappers based on IP addresses to deny access to unwanted hosts
  • Run these services/applications with user permissions other than administrator or root

Hardware Disposal

Install Latest Patches

Modems

  • Modems on systems  that are also attached to the UCF network  are strictly prohibited
    • Unmanaged or poorly managed desktop/server modems pose a risk to UCF

Passwords

  • Use strong passwords containing at least 6 to 8 random characters that are comprised of letters, numbers, and symbols.
    • Strong passwords must be used on system accounts and, if necessary, additional passwords for applications containing sensitive or potentially sensitive data
  • Never share passwords with anyone
  • Change passwords at least every  60 days

SSH (Secure Shell)

  • Use SSH instead of Telnet or rlogin
  • Disable Telnet where possible
  • A good program to use is PuTTY. Download it  here

Time Synchronization

To effectively investigate compromises or security incidents, it is necessary to have clocks synchronized to a common system (NTP – Network Time Protocol)