Principle: Implement additional protection for computers storing confidential information.

1: Computers that could be target computers should be connected to a network if the ability to only connect to them via a network or their ability to connect to other network resources is a required part of their operation. Likewise, they should be visible to the Internet only if Internet connectivity is required for their operation.

2: Computers that could be target computers that must be connected to a network should be dedicated to a specific purpose. They should not be used as general-purpose servers and should not have any services enabled on them other than the services specifically required. For example, potential target computers should not also be operating as email servers or web servers. The use of virtual computers (for example VMware or VirtualPC)
satisfies this requirement.

3: Access to these computers should be limited to local console access or authenticated and encrypted network-based access. Specifically, services such as telnet and ftp should be disabled so that access requires the use of secure communications technologies such as SSL/TLS or SSH.

4: The use of smart cards for user authentication of system administrators is encouraged where computers contain particularly sensitive information or provide core university services.

5: Logs should be maintained of everyone who accesses a target computer, any incorrect access attempts, and the log should be monitored for evidence of brute force attacks. The logs should be maintained on a computer other than the one being monitored.

6: Backup copies of all key system files, especially files containing access control lists, certificates, certain configuration files and application image files, should be maintained so that a compromised system can be recovered quickly.