MiStorage with the Common Internet File System (CIFS) protocol provides a secure environment to store most types of sensitive university data. However, you should still exercise caution when storing sensitive data. See Sensitive Data Guide: MiStorage with CIFS for details.
MiStorage with the Network File System (NFS) version 3 protocol is not approved for sensitive data.
Improving Security for MiStorage NFS
Instructions for IT Staff
Although MiStorage NFS is not permitted for the storing of sensitive data, we recommend you improve the security when using it by:
- Configuring all authorized MiStorage clients according to modern hardening guidelines and keep software up-to-date by applying updates and patches as soon as possible after appropriate testing.
- When ordering or modifying your access to MiStorage, provide only those IP addresses that are allocated to your authorized MiStorage client hosts.
- Protecting the client IP subnet and physical network from unauthorized access.
- Ensuring that users are instructed not to share their passwords with others.
- Avoiding using shared accounts (where multiple users log in with a single username/password).
- Restricting the management and editing of password and group files (/etc/passwd, /etc/group) on client hosts to authorized system administrators only.
- Tightly controlling and monitoring root access on client hosts.
Instructions for Researchers
Network security always begins with the individual. Keep passwords secure and never share them with anyone. Shared accounts (where multiple users share one account and password) should not be used.
The following safeguards should be in place inside the local computing environment to protect availability and integrity of data, as well as to prevent IP spoofing:
- Strong host-based security control of client hosts.
- Strong network security control of the client networks.
- Strong physical security controls of the client networks and hosts.
- A highly-managed client environment.
For More Information
For information about U-M IT security policies and appropriate storage of sensitive university data, see: