Recently several computer systems at CU Boulder were attacked by computer hackers. It is important for all computer system owners to demonstrate vigilance in protecting systems and data.

As a server operator, you are responsible for its security.  IT Services recommends these best business practices to help you protect your data.

1. Move your server behind the campus firewall.  This is the most secure environment that can be provided for servers. If at all possible, move any server with student or patient information behind the firewall.
2. Use the latest version of operating systems and applications feasible.
3. Make sure your operating system and applications are up-to-date by patching them as required.
4. Install anti-virus software on your server and keep it up-to-date.
5. Eliminate unnecessary services running on the server.  For instance, if your server doesn’t provide web services, the web server services should be removed.  Many services have known vulnerabilities, and if you aren’t using the service, it is easy to forget about updating them.
6. Identify a person who is responsible for managing the server and ensuring that it is protected.
7. Perform regular backups and store backup media off-site.
8. Perform a regular risk analysis – know what applications on the server are hosting sensitive information (e.g. protected health information (PHI), SSN, credit card numbers, etc.), and who is using that information.
9. Use proper disposal procedures.