University Servers Roles and Responsibilities
Policy Statement
Information Technology Services (ITS) is responsible to manage and maintain the University’s network servers. This policy is to establish ITS roles and responsibilities for the management and support of the University’s network servers on campus. Additionally, this policy is to assist ITS in administering a reliable and secure network server environment.
Entities Affected By This Policy
All personnel of the Eastern Illinois University community to include but not limited to faculty, staff member, and students
Contacts
EIU Information Security
217-581-1939
ITS Areas of Responsibility
Network Firewall Policy:
Eastern Illinois University operates network firewall(s) between the public Internet and the university network to establish a secure environment for the university's computing and network resources. The firewall rule set will filter Internet traffic to mitigate the risks and potential losses associated with security threats to the university's network, data, and information systems. The Network Firewall Policy will govern how inside and outside internet traffic is filtered to mitigate any losses and risks associated with security threats.
The EIU Network Firewall(s) help mitigate the risk of intrusion from outside non-authorized parties. Exemptions may be granted under certain circumstances to allow outside traffic to access services located inside the EIU network. While firewall(s) do not protect against all attacks, it is a first line of defense, and has logging capabilities that can assist ITS during any report incident.
EIU Information Technology Services (ITS) is responsible for the implementation, configuration, and maintenance of the university perimeter firewall(s), and any activities in accordance with this policy. The perimeter firewall(s) establishes the outbound and inbound rules for internet traffic on campus.
Network firewall rules determine (either deny or allow) the flow of traffic through the firewall device. Firewall rules are typically written based on a source and destination zones (inside/outside), source and destination networks (IP/IP ranges), source and destination ports (protocols), and allow or block status.
Basic Security Configuration:
Eastern Illinois University ITS adheres to the principle of secure configurations by implementing secure configurations by utilizing system hardening controls and safeguards such as disk encryption or system restore software, malware protection, and vendor supplied security patches.
Infrastructure Servers:
ITS will solely operate and support all infrastructure servers and server support equipment to include but not limited to border, core, distribution, and wireless layers of the university’s networks.
ITS is responsible for establishing standards and management of all network servers naming and addressing.
ITS is responsible for nightly backup of all data on infrastructure servers.
ITS is responsible for allocating all resources and directing recovery of network operations in the event of a disaster. In the event of a disaster reestablishing core services will be the priority and ITS may utilize all functional equipment in recovery efforts to include managed and co-located servers.
ITS Managed Servers:
ITS can provide service operations for departments who need system administration and management for their servers in an environmentally secure location. ITS will evaluate your server management needs and offer a comprehensive management package for you server environment.
Enterprise Systems will provide the following for managed server services:
Hardware:
ITS’s current standard is to deploy new systems in a virtualized environment barring application-specific reasons why this may not be feasible.
ITS will work with you to determine the appropriate CPU, OS, memory, and storage requirements to best fit your needs.
ITS must be notified in advance of any equipment purchases that will not be acquired by ITS but managed by ITS. This will ensure that the appropriate resources are available to install and maintain the equipment, plus the interoperability between ITS’s systems and the purchased equipment
Software:
ITS will:
- Maintain the operating system on the machine, including initial installation, any interim security patching involved, and major upgrades.
- Maintain our standard environment on the system.
- Manage login access to the system, including the granting and revocation of permissions.
- Coordinate any changes to the system with the client to address and alleviate any integration issues or client service interruptions that may arise.
- Provide monitoring of the system for network connectivity, CPU, memory, and disk space utilization.
ITS WILL NOT provide support of 3rd party applications that the client installs on the server. It is ITS’s recommendation for the client to acquire vendor support with the purchase of the application.
Log Review:
EIU reviews logs for changes that could compromise security. Information security investigates anomalies, suspicious activity and investigates security related incidents. In addition, log review helps to ensure data confidentiality, integrity, and availability of systems and data.
System Development Standards and Change Management:
System Development Standards and change management is the process of managing changes to software and hardware throughout its lifecycle. It includes tracking progress, assessing, troubleshooting, issue tracking and approving changes, and communicating those changes to stakeholders. The EIU ITS objective of change management is to enable beneficial changes with minimum disruption to critical services. Changes to the EIU IT infrastructure can be either reactive (responses to known problems and mandate compliance) or proactive (business related initiatives). ITS uses several forms and a ticketing system that can be found on our ITS website.
System Development is conducted through a project management process by the Information Systems Team, which is conducted in sequential steps. The project follows a detailed plan that includes requirements and expectations throughout the development stages to include planning, designing, implementing, testing, and on-going maintenance.
Backups:
Eastern Illinois University requires critical data and systems to be backed up and the backups to be stored in a secure manner following best practices. This policy is intended to protect data and systems at EIU to ensure backups can be recovered as needed in an efficient and reliable manner to maintain confidentiality, integrity, and availability (CIA) of critical data.
All EIU systems, applications, and priority data shall be backed up on a technically practical schedule. This schedule must be maintained and periodically reviewed. Recovery procedures for restoration must be kept up to date and tested.
Data users and owners should consult with ITS to determine the appropriate backup method, and confirm their data is being backed up and is recoverable. Data should be encrypted while at rest for any confidential classification data class.
Data no longer required should be removed from being backed up to prevent data from being read or potentially accessed according to retention management policies. For more information regarding data classification, visit https://www.eiu.edu/panthertech/policies_classification.php
Documentation:
Appropriate documentation must be provided to ITS before the server is installed. This documentation list includes but not limited to:
- General description of the server
- Application housed on the server
- List of pre-authorized staffs that need access
- Signed Service Agreement
Co-Located Server:
ITS can provide an environmentally secure location for housing department servers and supporting equipment. Your server will be provided with rack space, power, cooling and network connectivity.
ITS must be notified before purchase of any server equipment that will be delivered to ITS for colocated services. This will ensure that the appropriate resources are available to install the equipment, plus the interoperability between ITS’s systems and the purchased equipment.
Appropriate documentation must also be provided to ITS before the server is installed. This documentation list includes but not limited to:
- General Description of the servers List of pre-authorized staff that needs physical access
- Reboot and system status checking procedures
- Equipment list with appropriate property tags, s/n, make, and model Hardware field service contact and hardware maintenance contract information
- Signed Service Agreement
- ITS personnel must be present for access to the equipment by pre-authorized staff
ITS will not monitor the server for events, provide application or OS support, provide or manage backups, and integrate the server into our standard reporting and monitoring tools.
Last Date Reviewed: 06/13/2024