User Maintained Servers

To set up a server you maintain that can be accessed from off campus

• Secure your server
  • Don't use weak passwords
  • Keep up to date on system patches
  • Disable unneeded services
  • Do as little as possible from the root account
  • For services that support registration/interactive sessions, disable all write operations for anonymous/guest access.
• Request a static ip address
• For server access off campus
  • Use of the campus external VPN is encouraged to limit access
  • If you need to have ssh or other ports open without the use of the VPN, then email fw-changes-l@lists.nospam.rpi.edu with the following:
    • A static IP address
    • Brute force password protection is required. A strong password does not count. We have had strong random 9 character passwords fall to brute force guessing on the campus. You will need to take steps that could include some of the following
      • Account lockouts
      • Firewall rules to limit the number of connections from a host
      • Host certificates
      • 2 factor authentication
      • IP restriction to a known external subnet
    • System will be scanned via nessus from time to time. It will need to be maintained. It can't be a set it up and leave it alone machine.

• Note that labstaff does not provide support for user maintained servers beyond basic questions.

Server restrictions -- all of the following are not allowed

No commercial endorsements

• Websites with commercial branding or references
• Servers may not generate commercial network traffic
• Revenue generating websites, banner ads, off campus links to commercial vendors

No unreasonable use of campus resources

• Saturating the campus backbone with network traffic
• Pummeling network servers with requests
• No network probes or scanning

All policies outlined in the campus wide COMEC webpage apply.

-- StevenLindsey -05 May 2011
-- JoeyArmstrong - 24 Sep 2009