IT ServicesSupporting Research

Help and Support

Loughborough University Policy on Connection of Networked Servers

Scope

This document covers any computer, classed as a "server" (see definition below), connected to the Loughborough University campus network via a wired or wireless connection.

Definitions

An externally facing server is any computer on campus that provides a service like: HTTP, FTP, SSH, AFP etc to users connecting from the Internet.

An internally facing server is any computer on campus that listens on the network, provides a service such as those above on campus only, or additionally is open for sharing of information to users connecting from on campus.

Note that simply opening up a computer for file or print serving could cause it to be a server under the definitions above. Networked photocopiers or printers will also be covered under the definition.

Policy

Any externally or internally facing servers set up on campus must be notified in advance to IT Services. Before this is done, plans should be discussed with IT staff within the department and additionally, within S.S.H., approved by the Director of IT for the Faculty of Social Sciences and Humanities.

In the case of externally facing servers, notification to IT Services is achieved via the Firewall Registration System. In the case of internally facing servers, this will be achieved by an extended data collection exercise, using a similar interface.

A named individual must take responsibility for each server and ensure that:

  • It is regularly patched and upgraded in line with advice from the networking, Security, and Compliance Team of IT Services.
  • Any actions requested by IT Services in connection with a security vulnerability or threat are dealt with immediately.
  • Registration policies and appropriate authorisation and authentication are in place, so that actions can in every case be traced back to an individual. A documented method is in place to ensure prompt de-registering of those no longer eligible to use the services.
  • A risk assessment is carried out to determine appropriate policies and procedures to ensure the security of data held on the server, to include consideration of backup/restore and disaster recovery plans where relevant.
  • Such policies and procedures are written up and acted upon.

For security and backup advice, contact your departmentIT staff, or e-mail IT.Services@lboro.ac.uk.                                                    

IT Services reserves the right to deny network access to any server found to be infringing the above policy.