Authentication Service Provider Standard
Authentication Service Provider Standard
The Authentication Service Provider Standard contains requirements for administrators, especially those using the RIT centralized authentication system.
Authentication
Server Security Standard
Server Security Standard
The Server Standard provides requirements for server configuration and use at RIT.
A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources
What does the standard apply to?
- All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.
The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.
Recommended Strong Authentication Practices
The RIT Information Security Office recommends that all systems requiring strong authentication
- comply with RIT's password and authentication standard (REQUIRED)
- use a complex password of 12 or more characters. Fifteen or more characters are preferred.
- use multi-factor authentication such as:
- tokens
- smart cards
- soft tokens
- certificate-based authentication (PKI)
- one-time passwords (OTP)
- challenge / response systems
- biometrics
Approved Vulnerability Scanners
Nessus, Nexpose, and NMap are approved for scanning servers at RIT. For information on the scanning conducted by the RIT Information Security Office see the Vulnerability Management Program at RIT.
Approved Encryption Methods
See Encryption at RIT for approved encryption methods.
Server Security Standard
- Server Security Standard (pdf) (eff. 8/1/09)
- Server Security Checklist (eff. 8/1/09)
- Server Security Plain English Guide (eff. 8/1/09)
