WMU > OIT > Rules & Policies

WMU Server Registration Policy

Although WMU maintains a World Wide Web (WWW) server (www.wmich.edu), which is available to all colleges, departments, and many university organizations within WMU, it may become necessary and reasonable for a department or organization to run a local server on the WMU network (WMUnet). Unrestricted, externally accessible servers could pose serious security threats to the main network. The implementation of a server registration policy is intended to minimize the security risk while continuing to provide needed, uninterrupted external access.

All unregistered servers are restricted to the internal WMU network. That network is commonly called the Intranet. Only registered servers are allowed to participate in the Internet. Intranet servers will continue to operate on campus without interruption. This policy is intended to prevent malicious users outside of WMU from accessing unregistered or unintentionally installed servers. Many newer software products install servers on user's desk top machines, possibly without the user's knowledge.

Servers which require access from outside the WMU firewall must:

• Be approved by requesting user's department or division leader.
• Have a documented, demonstrated need not met by an existing server.
• Successfully pass security scans performed by OIT system and network staff.
• Be operated in a secure manner. This includes installing patches and upgrades in a timely manner.
• Comply with E-Commerce Review Committee standards.

Request for approval is made by completing a Server Registration form. This form is available online at the OIT web site (www.wmich.edu/oit/wsr). A list of all registered servers will be maintained and made available for review by the WMU user community upon request. Unregistered servers must be configured to use the default port, and offsite access to them will be blocked at the firewall. If a server is found running on a non-standard port the machine will be removed from WMUnet without notice. Server administrators will be contacted on a regular basis to ensure that their server registration information is up to date. If an administrator fails to respond to these inquiries, it may result in their server being disconnected from the network or being blocked from external access.

Server registration requirements

In order to register a server, the following information is required:

• Name, phone number, campus address, and e-mail address for the administrator(s) responsible for the maintenance of the server hardware and software.
• Physical location, name, and IP address of the server.
• Operating system and version of the server.
• Server software version.
• Server support software.

Responsibility of server administrators

• Keep current with security patches. Evaluate and expeditiously apply as appropriate.
• Maintain operating system at level recommended by vendor.
• Properly restrict access to sensitive information.
• Ensure that an administrator, or a designate, be available during working hours for problem resolution.
• Provide a current list of contacts (with emergency phone numbers) that can be reached in critical situations during non-business hours.

For servers containing University mission critical information, it is recommended the server be physically located in the OIT machine room, located in the University Computing Center.

Server administrators will be subscribed to a WMU mailing list that is used to distribute important security related information. Web server administrators are expected to read, and when appropriate, act on information relative to server security issues in a timely manner. In critical situations, it may become necessary to contact Web server administrators or backup administrators at any time. In the event they cannot be contacted, it may become necessary to power off the server or disconnect the server from the network without warning.

This registration procedure is being developed in the interest of system and data security. Go to the Server Registration Form.