Best Practices

University information and network assets are of significant value and protecting them is the responsibility of everyone handling these assets. It is for this reason we are providing best practices to assist departments maintaining information confidentiality, integrity and availability.

IT Security Best Practice Answers — last modified 2007-07-27 11:28

The following are best practices for questions related to department IT security your department administration should be asking. The questions are referenced below.

Disk Wiping/Removing data from discarded computers and media — last modified 2007-10-08 16:42

Departments are responsible to ensure that data and software that reside on any computer, non-computer devices, disk or data storage medium is wiped clean prior to transfer or disposal.

Back-up and Recovery — last modified 2007-07-27 11:28

System back-ups are important to maintain the integrity and recovery of your operation in case of compromise or disaster.

Change Management — last modified 2007-07-27 11:28

The Change Management Procedure controls any additions, deletions, or modifications to the Department configuration of Desktops, servers, and network hardware and/or software.

Intrusion Detection Systems — last modified 2007-07-27 11:28

An intrusion detection system (IDS) gathers and analyzes information from various areas within a computer or a network to identify possible violations of security policy, including unauthorized access as well as misuse.

Guidelines for the Responsibilities of a Systems Administrator — last modified 2007-07-27 11:28

The following are guidelines suggested the responsibilities of systems administrators

Protecting Windows 2000 and XP by Authentication — last modified 2007-07-27 11:28

How to protect Windows 2000 and XP by authentication

Disabling File and Print Sharing — last modified 2007-07-27 11:28

Sharing files can compromise an operating system. Instructions to disable file sharing are available.

Firewalls — last modified 2007-07-27 11:28

The following link will provide you with access to documents providing an introduction to departmental firewalls, some examples of firewall installations, as well as specific information that must be compiled prior to the implementation of a firewall.

General Workplace Security — last modified 2007-07-27 11:28

 

Standards for Management of IT Systems — last modified 2007-07-27 11:28

The Internet is an extremely valuable tool which carries with it corresponding responsibilities. This document outlines the policies that apply to individual Rutgers departments, organizational units, and system administrators.

Network — last modified 2007-07-27 11:28

Simple Network Management Protocol (SNMP)

Null Session — last modified 2007-07-27 11:28

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.

Patching/Updating the Operating System and Software — last modified 2007-07-27 11:28

Software vendors issue patches on a regular basis in response to security flaws as well as to repair software malfunctions in the operating system and application programs. Some updates enhance functionality and performance and others correct deficiencies and security holes. If you allow software on your systems to become out of date, they become more vulnerable to attacks. Keeping up to date on patches is an (additional) security responsibility. However, patching requires a prudent approach.

NIST Security Configuration Checklists Repository — last modified 2007-07-27 11:28

Security configuration Program (in Beta)

Center for Internet Security — last modified 2007-07-27 11:28

The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.

Advanced Information Assurance Handbook — last modified 2007-07-27 11:28

 

Secure Communication and Telecommuting — last modified 2007-09-25 12:12

Telecommuting and transmitting files has become far more complex due to the recent realities of identity theft, distribution of personal information, and theft of research through "corporate" spying. Though most of the information we send over the Internet is not confidential or critical, without the appropriate precautions your information, including netids and passwords can be sent in clear-text allowing anyone to read it.

How to Locate a “Rogue” Host — last modified 2008-02-25 05:40

A variety of techniques to assist in locating a computer that you can not find.

Lost or Stolen questionnaire — last modified 2008-03-03 12:06

Use this to help you remember as much as possible about your lost/stolen device or media.