Harvard University Information Security | HARVARD.EDU

Manage Servers with Confidential Information

Encrypt Level 3 information if not locally secure

Encrypt Level 3 information if not assured of a locally secure location.

Configure firewall for allowed administration

The firewall must be configured to only permit administrative access from the specific systems used by the administrators for the specific service.

Configure firewall to permit required traffic

The firewall must be configured to only permit inbound traffic that is required for the proper operation of the server.

Implement firewall between server and network

There must be a firewall between the server and any network which includes user computers. This can be a host-based firewall.

Force re-authentication with locking screensaver

Force re-authentication with a locking screen saver on client machine.

Block excessive logins

Block user from logging in for a period of time after no more than 10 successive invalid login attempts.

Permit only competent operation of servers

It is important that anyone who performs administrative responsibilities on these systems have sufficient technical knowledge, via experience and/or training, to be able to implement these requirements and recognize when they need to seek help.

Information Security Policy

Harvard University