Q: What general security precautions does MedIT take for web servers?
Q: What general security precautions does MedIT take for web servers?
We take a range of industry-standard precautions, including:
- Configuration of web server securely according to the vendor’s security guidelines
- Identification of application files on the web server and protect them with access controls
- Running of web server processes with appropriate privilege accounts. We avoid running web server processes using full privileged accounts (e.g. ‘root’, ‘SYSTEM’, ‘Administrator’)
- Configuration of web server software to prevent any leak of information such as web server software version, internal IP address, directory structure, etc.
- Configuration of access rights so that server software cannot modify files being served to users. In other words, the web server software should have read-only access rights to those files
- Application of the latest security patches to web server software
The University’s latest security baseline can be found on the ISEA website (ISEA is a part of ITS).