Network connected hosts send and receive data to other network connected hosts. This functionality provides both great benefit as well as introduces risks. Risks include potential changes to device configuration, use of host to impact network functionality and functionality of other network connected hosts, malicious modification of data, and unapproved access to or theft of data. Standards for network connectivity help to mitigate the various risks. This best practice outlines minimum standards for devices connecting to the campus network (additional requirements may apply to specific devices which have been identified as having increased risk due to network location, sensitivity of data stored/sent/received, or access to other systems):
- The host operating system must be supported with all current security updates and patches installed and be free from known security vulnerabilities.
- All hosts running standard operating systems (Windows, Linux, MacOS)(which includes servers as well as end-user devices like laptops and tablets) connected to the Rensselaer network implement a suitable form of endpoint protection.
- Host level firewalls must be used if available and configured to allow minimum access required. Most endpoints require no inbound access and firewall should be configured as such.
- Local accounts and passwords on the device must be changed from defaults and meet complexity requirements outlined in NIST 800-63B.
- Unnecessary services must be disabled.
- Least privilege principles must be utilized.
- Hosts must not provide a network bridge or other means to connect or extend the Rensselaer network into another network.
- Hosts must not interfere with any device or function. (Ex. using unapproved IP address, offering DHCP, DNS or other network services).