Harvard University Information Security | HARVARD.EDU

Server-application communication

SA4: Communications between servers or applications must be protected, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).

See also: Level 2, Level 3, Level 4, 10, Servers A, Level 2, Level 3, Level 4

How to Comply

Encryption should be implemented where feasible

If not using one of the above servers then encryption should be implemented where technically and economically feasible.

Remote login must only permit the use of encrypted communications

Remote login to all servers must only permit the use of encrypted communications such as ssh. Windows servers must enforce a minimum of 128-bit encryption for Terminal Services and Remote Desktop communication. All servers running SSH must use a minimum of protocol version 2. Use of VPN is advised where available.

Windows file servers running SMBv3 must only permit use of encryption

Windows file servers running SMBv3 must only permit use of encryption.

More information.

Read more about Windows file servers running SMBv3 must only permit use of encryption

LDAP servers must only permit the use of SSL-protected LDAP connections

Disable the non-secure port.

Servers must only permit use of SSL-protected SQL communications

For database communication, either use SSL or any other available option to encrypt data over the network

Email servers must only permit use of SSL-protected POP, IMAP or Exchange

More information.

Read more about Email servers must only permit use of SSL-protected POP, IMAP or Exchange

Web servers must only permit use of https

How to set up an HTTPS Service in
IIS - https://support.microsoft.com/kb/324069
Apache - https://httpd.apache.org/docs/current/ssl/ssl_howto.html

Read more about Web servers must only permit use of https

Copyright © 2024 The President and Fellows of Harvard College | Privacy | Accessibility | Digital Accessibility | Report Copyright Infringement