Q: What general security precautions does MedIT take for web servers?
Q: What general security precautions does MedIT take for web servers?
We take a range of industry-standard precautions, including:
- We configure the web server securely according to the vendor’s security guidelines
- We identify application files on the web server and protect them with access controls
- We run web server processes with appropriate privilege accounts. We avoid running web server processes using full privileged accounts (e.g. ‘root’, ‘SYSTEM’, ‘Administrator’)
- We configure web server software to prevent any leak of information such as web server software version, internal IP address, directory structure, etc.
- We configure access rights so that server software cannot modify files being served to users. In other words, the web server software should have read-only access rights to those files
- We apply the latest security patches to web server software
The University’s latest security baseline can be found on the ISEA website (ISEA is a part of ITS).