Skip to navigation content (Press Enter).

External Servers

In the case of public or external facing there is an increased risk of data, information and system exposure due to the accessibility of information and services to anonymous requestors. There is increased need to assure that the information is available in its intended format, an increased need to assure that the integrity of the information is maintained, and an increased need to assure the confidentiality of sensitive information.

Before submitting an external server access request, system administrators should review the server security guidelines: Server Physical Security

Servers will be subjected to infrastructure, application and perimeter assessments before the request is approved; there is an expectation that vulnerabilities and weaknesses identified will be remediated. In order to assure the accuracy of the assessments, it will be necessary for application development to be complete.

For more information about enabling access to servers from the public network, and to request such access, visit: https://apps.mcmaster.ca/serveraccess/index.htm

Scope

These guidelines apply to any server system which is used to enable access to information or services to other remote hosts, and is accessible from the public network (internet).

Guidelines for deploying external servers (i.e. publically acessible)

Perform regular risk assessments...

System Administrators should perform the following risk assessments:

  • Malware scans: weekly
  • System risk assessment: quarterly
  • Application risk assessment: quarterly
  • Perimeter risk assessment: annually
  • Penetration testing: as needed
  • Value risk assessment: annually
  • Physical risk assessment: annually

Control remote access...

  • Disable all unencrypted management interfaces (telnet, http, etc.).
  • Restrict access to management interfaces using local access control list(s).
  • Connections to management interfaces from outside of the McMaster University network should always be made through the Virtual Private Network (VPN)
  • Remote access should be granted using the principle of least privilege and authority*

Control network access...

  • Guest or anonymous access from the public network should be limited to http and https protocols
  • Access to other applications and services should be restricted to only those that require access. Specifically, sources IP addresses of authorized requestors should be identified for inclusion in enterprise firewall access control lists
  • Access to management interfaces should not be permitted directly from the public network
  • Network access should be granted using the principle of least privilege and authority*

For more resources and guidance, please visit our external resource page:
External Resources Best Practices

* Principle of least privilege and authority:
http://en.wikipedia.org/wiki/Principle_of_least_privilege

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.


Mosaic Upgraded Interface

Service Desk

Client Self Service:
https://servicedesk.mcmaster.ca
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Email: uts@mcmaster.ca
Location: Main Campus BSB Rm. 245
Service Catalogue:
http://www.mcmaster.ca/uts
-->

Great Idea Site

Great Idea