| | 2 | |
| | 3 | Tags: [[Security]] [[UoL LAMP Server]] |
| | 4 | |
| | 5 | //Adapted from a response by the University of Leicester Research Computing Support team// |
| | 6 | |
| | 7 | - All LAMP servers are virtual. The physical servers are located at the University of Leicester main site. |
| | 8 | - Backups are sent University of Leicester remote site. |
| | 9 | - Physical access to the servers access is restricted to IT Services and Estate Staff. |
| | 10 | - Access to the Operating System is restricted to the LCBRU IT and University of Leicester Research Computing Support teams. |
| | 11 | - Servers may be accessed from the internet and are protected by the University of Leicester firewall. |
| | 12 | - Each application is separated onto its own virtually server and thus protected from breaches in other applications. |
| | 13 | - Authentication for access to the operating system is provided by University of Leicester Windows network authentication, which enforces a strong password policy. |
| | 14 | - Servers are monitored and regularly patched for security vulnerabilities. |
| | 15 | - The servers are regularly penetration tested using Nessus. |
| | 16 | - Connections to the server pass through a reverse proxy, that strips out requests and request content which may compromise security. |
| | 17 | - Encryption using SSL (HTTPS), when used, is managed centrally, with the ciphers regularly reviewed and updated. |
