NCSA wiki will be offline Friday, Apr 19, 2024, from 1700 hours until Sun, Apr 21, 2024 in order to upgrade Confluence.
...
- Use two-factor authentication for administrative remote access, or request an exemption from Security.
- Disable routing, traffic forwarding, bridging between subnets and other forms of internetwork traffic proxy through the host unless approved by Security & Networking.
- Where possible, forward system logs to the NSCA syslog collector.
Additional Configuration Recommendations:
...
- Enable host-based brute-force mitigations utilizing the security team's host-based IDS if possible.Forward system logs to the security team's log collector.
- Use the NCSA LDAP for authorization and an NCSA centralized authentication service.
- Use host-based firewalls to enforce list of services running.
...