Servers are machines that run software intended for use by others, either from within the library or beyond. Servers can include Windows NT/Windows 2000 servers for file sharing and account management, as well as specialized servers such as a web, DHCP, or mail servers.
Libraries who wish to run servers on NOBLE’s network may do so for library business and professional library activity only. The following information must be provided to NOBLE:
- Type of server
- Operating system and version
- IP address of the server
- Intended use of the server
- Name of staff person responsible for server configuration and security
Security
Servers are a potential gateway to library workstations and NOBLE’s computer systems, and password protection of all accounts on the server is an important first line of security. Passwords should adhere to the same guidelines outlined for e-mail accounts.
Server administrators must install security patches/hot-fixes issued by the software vendors and must have a process in place to keep current on appropriate patches/hot-fixes.
Services and applications that are not serving the intended use of the server must be disabled.
Physical access to servers must be limited to authorized library staff only.
Servers that are running Microsoft operating systems must have anti-virus software installed and scheduled to run on a regular basis. Virus pattern files must be kept up-to-date. Infected servers must be removed from the network until virus-free.
Use of servers for illegal purposes or to transmit threatening, obscene or harassing materials is strictly prohibited.
NOBLE reserves the right to run security cracking tools against servers on NOBLE’s network to test the server’s vulnerability to attack. If any weaknesses are detected, NOBLE will inform the library immediately. The library will have 10 days to fix the security vulnerability unless the problem poses an immediate threat.
Servers disrupting network service will be blocked from accessing the network immediately, and directors and the library staff person responsible will be informed of the problem.
Firewall Considerations
NOBLE’s firewall blocks access from the outside world to all machines on the network. If access from outside the library is required, the library must provide the following information to NOBLE:
- IP port or service that needs to be accessed (http, ftp, etc.)
- IP address or subnet of those who need access.
Approved by the Members: November 21, 2002