Security
This area deals with security considerations for the campus network. A template for a security policy is proposed based on core principles as defined in ISO/IEC 27002. An ICT security architecture for higher education is recommended. Traffic filtering technologies are discussed and general applications are recommended. Adoption of digital certificates in a public key infrastructure (PKI) is covered.
 Security recommendation for Ubuntu server based
systems  This document describes the basic and advanced tools
that provide security
for the Ubuntu server from a variety of attacks and threats from the Internet. Recommendations for increasing security during the actual installation of the Ubuntu server, as well as recommendations for creating user accounts, are contained in the document. Furthermore, the document will present some of the most important security tools such as: firewall, fail2ban, psad, tripwire. Emphasis is
placed on increasing the security of web and mail servers.
|
|
Securing services such as HTTP, email, RADIUS and LDAP is very important, and this document is provides step-by-step procedures for certificate deployment on different server platforms for different services. The document promotes the adoption of digital certificates in the member institutions of the Academic Network of Serbia (AMRES) as a means of establishing secure communication channels. |
|
This document consists of guidelines and recommended practices that system administrators should follow during initial Linux installation for a server environment. The purpose of the document is to help administrators protect the server and its services before going into production, using the already available protection mechanisms that Linux distributions offer. |
|
The DNS (Domain Name System) service is an essential component of IT architecture. The critical nature of the DNS and its extension to new sensitive duties make the DNS a target of choice for attacks. Its reliability and security must therefore be rigorously guarded. This document is intended to be a guide to best practice in enhancing the resilience of your DNS service. |
|
Information management is an essential part of good IT governance, which, in turn, is a cornerstone in corporate governance. An integral part of the IT governance is information security, in particular, security pertaining to personal information. However, many organisations do not have a clear policy for information security management. |
|
The goal of this document is to serve as a guide for the implementation of ICT security architecture in the Norwegian HE sector. The recommendations are based on best practice, risk assessments, regulatory and commercial requirements, and directives issued by the Norwegian Data Inspectorate, with a major emphasis on existing practices. |
|
The aim of this document is to present an overview of the available traffic-filtering technologies and their general application, as well as an indication of the procedures and planned applications in the hierarchical structure of the Academic Network of Serbia (AMRES). |
|
Securing services such as HTTP, email, RADIUS and LDAP is very important, and this document is provides step-by-step procedures for certificate deployment on different server platforms for different services. The document promotes the adoption of digital certificates in the member institutions of the Academic Network of Serbia (AMRES) as a means of establishing secure communication channels. |
|
This document describes the deployment of the AMRES VPN service. This solution involves the implementation of the Secure Sockets Layer / Transport Layer Security (SSL/TLS) protocol using OpenVPN technology. The main advantages of an OpenVPN solution are the implementation of advanced data encryption algorithms, the simplicity of installation and maintenance, and the fact that it is supported by almost all of the client and server platforms that are popular today. For user authentication, the AMRES VPN service relies on the RADIUS infrastructure, which was developed for AMRES’ eduroam® service. The document also provides a detailed configuration of the relevant RADIUS servers on the FreeRADIUS platform. |
|
This document describes an IronPort firewall technical solution for web traffic filtering suitable for a campus environment. General ideas and techniques can be applied to equipment from other vendors. Design, configuration and positioning of the centralised firewall system are discussed. Important recommendations regarding mechanisms ensuring redirection and distribution of web traffic towards the firewall devices are dealt with. The advantages and shortcomings of a centralised system are discussed. Collection and analysis of traffic passing through the firewall are covered. |
|
Ensuring the security of wired networks where physical access to outlets is unrestricted is resource-demanding. IEEE 802.1X is considered the most elegant solution. IEEE 802.1X is a Layer 2 protocol that enforces user or machine authentication. Typically, most types of traffic are blocked until the connected user or machine has been authenticated. The switch will forward Extensible Authentication Protocol over LAN (EAPoL) traffic between the supplicant (machine) and the RADIUS server, similar to a wireless deployment. The recommendations are generic, but include instructions for vendor-specific configuration of some switches. Client configurations for Windows, Apple and Linux are included. |
|
This document specifies the recommended guidelines for information classification in the higher education institutions in Norway. Means of identifying and in turn classifying the institution’s information objects are given. Classification is done based on sensitivity and criticality. Adequate retention periods and disposal regulations are suggested. Careful measures should be taken before approving storage of information objects on mobile devices and cloud-based services. The guidelines will serve as an important tool set for information owners to secure mission-critical content. |
Quick Links
|
|---|
