Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security Office recommends that all systems requiring strong authentication

• comply with RIT's password and authentication standard (REQUIRED)
• use a complex password of 12 or more characters. Fifteen or more characters are preferred.
• use multi-factor authentication such as:
  • tokens
  • smart cards
  • soft tokens
  • certificate-based authentication (PKI)
  • one-time passwords (OTP)
  • challenge / response systems
  • biometrics

Approved Vulnerability Scanners

Nessus, Nexpose, and NMap are approved for scanning servers at RIT. For information on the scanning conducted by the RIT Information Security Office see the Vulnerability Management Program at RIT.

Approved Encryption Methods

See Encryption at RIT for approved encryption methods.

Server Security Standard

• Server Security Standard (pdf) (reflects 2015 operational changes, eff. 8/1/09)
• Server Security Checklist (eff. 8/1/09)