REQUEST HELP
How to Find Us

Contact ITS

Exley Science Center
ITS Service Desk / Help Desk - 1st Floor Lobby
265 Church Street
Middletown, CT 06459

Main: 860-685-4000

Hours: Monday - Friday
8:30am - 5:00pm

After hours high impact / high urgency IT support

Server Configuration Standard 

 

Purpose 

To outline required configuration settings for servers used by university. 

 

Scope 

This standard covers all servers, whether physical or virtual, that are used by the university.  This covers servers administered by university staff and faculty as well as servers administered by third parties for the university. 

 

Standard 

Supported operating system 

All servers must use an operating system that is currently supported with security patches from the organization that provides the operating system. 

Automated operating system patching 

All servers classified as Restricted or Confidential under the Data Classification Policy must be configured to automatically install operating system patches within 30 days of release.  Servers classified as Public under the Data Classification Policy should be configured to automatically install operating system patches within 60 days of release when possible.  At a minimum, servers classified as Public under the Data Classification Policy should be manually patched every 180 days. 

Endpoint Detection and Response (EDR) software 

All servers must be configured to run the EDR software provided by the university.  The EDR software configuration settings that allow the EDR software to automatically update must not be disabled.  The EDR software currently used by the university is listed in the appendix. 

Limits on shared accounts 

Servers will avoid using shared accounts where possible.  When a shared account is required due to deficiencies in the software running on the server that shared account will be treated as a service account in accordance with the Password Standard. 

Disabled unnecessary services 

All servers classified as Restricted under the Data Classification Policy must have all unnecessary services disabled.  It is recommended but not required for all servers classified as Confidential or Public under the Data Classification Policy to have all unnecessary services disabled. 

Local firewalls 

All servers classified as Restricted under the Data Classification Policy are required to run a local firewall to ensure only necessary network ports are accessible. It is recommended but not required for all servers classified as Confidential or Public under the Data Classification Policy to run a local firewall to ensure only necessary network ports are accessible.  

Exceptions 

All exceptions to this standard require written approval from the Chief Information Security Officer.  All exceptions require annual renewal. 

 

Appendix 

Endpoint Detection and Response (EDR) software 

All servers administered by Wesleyan staff and faculty must use Microsoft Defender 365 and it must be configured to communicate with the university’s Microsoft Defender service.  Servers administered by third parties must run EDR software that is currently supported by the EDR software provider. 

 

Revision History 

August 2024 – Standard adopted