Content | Navigation |

Server Registration Guidelines:

Servers are integral to many computer systems and networks.  By their nature, they provide special challenges to ensure the confidentiality, integrity, and availability of computer and network resources. 

A server is defined as any device that provides computing service to multiple computers or individuals. See NDUS Procedure 1901.2, Section 1

All servers on the NDSU networks or operated by NDSU entities must be registered with the Vice President for Information Technology (VPIT). 

All servers are subject to established NDUS and NDSU policies, procedures,and standards.  

Start:

  1. Use Guidelines located here: NDSU Policy 710 Audit Form

    • Account Control Plan – Strong passwords/pass-phrases are used and their use enforced. Accounts on the server are unique and those that are not needed are disabled or removed. Access to data is on a need to know basis
    • Patching Plan - Operating System Patches are installed in a timely fashion and given a priority. This plan also includes the application that the server is going to be using and any other 3rd party applications.
    • Access Controls - All servers have some network access controls enabled, capable of limiting network and Internet access to the server. The server is in a secured location with limited physical access. When possible, the applications and services will work in a non-administrative mode.
    • Malware Controls - Operating Systems that are historically susceptible to malware attacks have protection installed, enabled, and be able to be updated.
    • Logging - Operating System level and Application level events are to be logged to assist in troubleshooting and forensic investigations.
    • Backups - A plan is in place for the backup/recovery of data. Data backups should be stored in an off-site secure location.
    • Offsite Logging - Store logs in a different location or a central repository so they are not lost due to failure or breach.
    • Repurposing Plan - A plan is in place to ensure data protection, either physical destruction of the storage media or digital data destruction when the server repurposed or retired.
    • Data Encryption - Ensure that if data needs to be protected based on data classification and standards, it is encrypted both at rest and in transit.
    • Multifactor Authentication - Multifactor authentication will be used for servers handling or storing sensitive data.

  2. The 710 Document will need to be signed by the Technical Contact, VP or Dean, Director or Dept Chair.
  3. Fill out the form located: Sharepoint DNS Request Form  (If you do not have access to the site, please contact the IT Security Officer to be granted access)
  4. This Form will put in a DNS Request creating several emails and a service Now Ticket.
  5. An Outlook Calendar Request will then be sent, Accept or Purpose a better time for the Server Assessment.
  6. Once the request has been accepted, the service now ticket will be sent to Network Engineering and Operations to reserve the IP address and DNS Name.
  7. You will be notified when the IP Address is reserved.
  8. Run Center for Internet Security Compliance Check Software, and take the remediation steps that you can

  9. Be prepared to answer the following questions about your server for the assessment:

    • What applications are installed on the server?
    • What protections you have put on the Server for data protection?
    • Who is going to be able to access the server?
    • How the Server is going to be accessed?

  10. When the Assessment is over a Nessus scan will be levied against the server and its results sent to you.

Secure your server with a free GlobalSign Certificate

The University System has entered into a contract with GlobalSign to provide Security Certificates for servers on Campus.

Generate a Certificate Signing Request (CSR) and install a certificate for your server (Not every server architecture is going to work with these directions, please follow the directions for requesting a CSR and Installing a certificate for your particular system)

Windows:

  1. Create inf file - C:\software\certs\reqInstructionFile.inf
  2. File Contains:

    [Version]
    Signature="$Windows NT$"
     
    [NewRequest]
    Subject = "CN=SERVERNAME.ndsu.edu, O=North Dakota University System, OU=NDSU, L=Fargo, S=North Dakota, C=US, E=cert- YOUREMAILADDRESS@ndsu.edu
    KeySpec = 1
    KeyLength = 2048
    Exportable = TRUE
    MachineKeySet = TRUE
    SMIME = False
    PrivateKeyArchive = FALSE
    UserProtected = FALSE
    UseExistingKeySet = FALSE
    ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
    ProviderType = 12
    RequestType = PKCS10
    KeyUsage = 0xa0
     
    [EnhancedKeyUsageExtension]
    OID=1.3.6.1.5.5.7.3.1 ;this is for Server Authentication

  3. To generate the CSR:

    1. Open an elevated command Prompt:
    2. cd \software\certs
    3. certreq -new reqInstructionFile.inf nameofserverYYYYMMDD.req
    4. Send CSR to IT Security Office

  4. The Security Office will process your request and GlobalSign will send you a certificate
  5. To install the certificate

    1. Copy the certificate to c:\software\certs\nameofserverYYYYMMDD.crt
    2. Open an elevated command prompt
    3. cd \software\certs
    4. certreq -accept nameofserverYYYYMMDD.crt

  6. This should have your new certificate installed on your computer.

OpenSSL for linux Servers:

  1. Open a terminal window 
  2. Use elevation procedure 
  3. openssl -req -sha256 -newkey rsa:2048 -keyout nameofserver.ndsu.nodak.edu.key.enc -out nameofserver.ndsu.nodak.edu.csr

    • Country Code: US
    • State: North Dakota
    • Locality: Fargo
    • Organization Name: North Dakota State University
    • Organizational Unit Name: Department Name
    • Common Name: nameofserver.ndsu.nodak.edu
    • Email Address: Address of Contact

  4. Sent resulting CSR to the IT Security Office
  5. The Security Office will process your request and GlobalSign will send you a certificate
  6. Install the certificate according to the directions for the server that you are installing 

 

 


Student Focused. Land Grant. Research University.

Follow NDSU
  • Facebook
  • Twitter
  • RSS
  • Google Maps

North Dakota State University
IT Help Desk Phone: +1 (701) 231-8685
Administrative Calls Only: +1 (701) 231-7961 / Fax: (701) 231-8541
Campus address: Quentin Burdick Building 206
Physical/delivery address: 1320 Albrecht Blvd, Fargo, ND 58102
Mailing address: NDSU Dept. 4510 / PO Box 6050 / Fargo, ND 58108-6050
Page manager: Information Technology Services

Last Updated: Wednesday, January 11, 2012
Privacy Statement