- Use two-factor authentication for administrative remote access, or request an exemption from Security.
- Disable routing, traffic forwarding, bridging between subnets and other forms of internetwork traffic proxy through the host unless approved by Security & Networking.
- Where possible, forward system logs to the NSCA syslog collector.
Additional Configuration Recommendations:
- Enable host-based brute-force mitigations utilizing the security team's host-based IDS if possible.Forward system logs to the security team's log collector.
- Use the NCSA LDAP for authorization and an NCSA centralized authentication service.
- Use host-based firewalls to enforce list of services running.