System Administration

Departmental Servers (Security Baseline)

• The operating system and applications should have the most recent security updates installed.
• Anti-malware (anti-virus and anti-spyware) applications should be running and up-to-date.
• Administrative accounts should only be used for system management and not left logged on.
• Number of administrative accounts on server should be very limited.
• Windows servers should be added to the LSU Active Directory.
• Windows servers should remove "Domain Users" from the Users group.
• Servers should be backed up routinely and those backups should be periodically tested for data integrity and availability.
• A local firewall should be running and properly configured to limit access to specific ports and/or subnets.
• Servers storing SSNs must submit a request form to the Office of the University Registrar for approval (PS113: Social Security Number Policy).
• Servers should log events such as account logins and account changes.
• User access to servers should be limited to the specific users it serves.
• Physical access to servers should be very limited (secure location).

Departmental File Servers

• Access to file shares should be limited to specific users (No open/anonymous shares).
• Users should be given only the appropriate amount of privileges to access data within the file shares.
• Personally Identifiable Information (PII) such as credit cards and bank accounts numbers should not be stored unless absolutely necessary.
• Any Personally Identifiable Information (PII) must be stored on software or hardware encrypted disks.
• Departmental file servers should follow the best practices security baseline listed above.