It is critical to share such information in a secure manner. The External Server Access Request procedure helps to do this.
This procedure is performed on all services, servers, or devices to which the public can connect directly. These include, but are not limited to web servers, email servers, and teleconferencing devices.
The server owner, or the Technical provider to whom they have delegated the responsibility for maintenance of their server or service, submits a request using the McMaster Service Desk tool (https://macservicedesk.mcmaster.ca/splash). Request must include the Internet Protocol (IP) address and the service ports to be exposed to the internet for public access. The request must also include a brief description of the purpose and function of the server.
The IT Security Team reviews the request and performs a vulnerability assessment of the server or service. Vulnerabilities identified by the assessment are summarized and forwarded to the service owner, along with remediation recommendations. Follow up assessments are performed as the server or service is updated.
When server or service vulnerabilities have been sufficiently remediated, the request is forwarded to the Network Team for inclusion as an exception on the perimeter access control list.
All publicly facing servers and services (i.e., those for which exceptions have been made on the perimeter access control list) are subject to ongoing periodic vulnerability assessments.