Server Management Program Review / Training

To Review SMP structure, requirements, logistics

To increase quality and benefit of documentation

Provide/review examples and upgraded templates

Unit IT Managers are accountable for comprehensive application of SMPwithin the unit

GOALS

SMP: Document Repository& Update Cycles

SMP Portal is where all required documents are to bestored

https://agrilife-smp.tamu.edu

Updates for annual documents are due by Oct 31st

Monthly, Quarterly documents are due at end of each cycle

Will be assumed content is always here and up to date

SMP: Document Naming Conventions

Templates provided in Template Zip – Do not change names

Examples: AccountManagementLog.docx

DisasterRecoveryPlan.docx

Use Portal Checkout and Check-in Functionality (Demo)

Up to 4 years of past documentation will be maintained for staterecord retention and audit requirements

SMP: Documentation Grouping

Many units manage groups of servers with the same processand tools.

For systems that are managed this way one document (e.g.Disaster Recovery) can be created to cover all servers with thesame procedures

Document should clearly list the DNS name for all the individualservers that the document applies to.

SMP: Procedures & Logs

SMP consists of both Procedure documents and Logs

Procedures should be written with enough detail to accommodate someoneelse performing the process (see examples)

Logs should at a minimum identify who, when, what was performed and theassociated server(s)

Procedures require scheduled annual reviews to maintain familiarity and verifyprocess viability with noted changes formally documented immediately

SMP: What Requires Documentation?

The system will be SERVING a function to PUBLIC(i.e. web server, file server, video server, workstation with LAMP etc.)

It is running a known server operating system(may require review of build/version edition information to determine)

System is SERVING a function to INTERNAL user base(i.e. web server, file server, video server, etc.)

Not a server but may still need account and patchmanagement, firmware updates, etc. (i.e. NAS)

SMP: SERVER/DOCUMENT INDEX

Each Unit should maintain updated Server/Document Index SERVER-INDEX.xlsx (see required template)

Template facilitates SMP, MRT, ISAAC and System Audit Needs

List Servers, Classify Server, fill in remaining detail

Updates should be made immediately with any change in server consistency

SMP: Backup Procedure Documentation

Goal : Protect specified data in a scheduled manner enabling quick andefficient restoration

Procedures should identify all backup solutions, the associatedhardware/software, data that is backed up, specific steps to setup the backupprocess and to recover the data

Backups should be tested monthly and the recovery process tested annuallywith testing dates and results noted in log (DisasterRecoveryBackuplog.docx)

Documented process of backup, recovery and testing procedures required(DisasterRecoveryPlan.docx)

SMP: Disaster Recovery Documentation

Goal : Minimize negative operational impacts by identifying critical systems,prioritize their recovery, define steps to reconfigure and recover thesesystems to normal operation

Procedures should include procuring replacement parts, access tonecessary media and backups, steps for restoring/restarting systems andchecking system/application functions

Procedures should be tested annually with testing dates and results noted inlog (DisasterRecoveryBackuplog.docx)

Documented process of recovery and testingprocedures required (DisasterRecovery.docx)

SMP: Account Management Documentation

Only required for non-AGNET Servers

Must have documented Account Management Procedure includingsteps for account creation, change and removal (Example)

Account Management template specifies minimum trackinginformation (AccountManagementLog.docx) necessary to log both creationand removal of accounts

Reviews should occur to identify inactive (90 days) or formeremployee accounts potentially missed during off boarding

Reviews are to be logged with changes noted perthe account management log

SMP: Security Monitoring

Goal : Review logs, etc. to identify unusual events that may indicate maliciousactivity

Procedure should include steps for reviewing Failed login attempts Login attempts from foreign countries for legitimate accounts associated with

faculty/staff not traveling overseas High resource consumption of disk space or high system processor utilization Large number of failed job executions

Reviews should occur weekly for mission critical systems, monthly for non-missioncritical systems with each review and its results logged (SecurityMonitorLog.docx)

Documented review process required

SMP: Physical Security

Goal : Monitor physical access to servers and network equipment

Procedure should include steps for obtaining access to server room andwhether escorted access is required

If not using a key card swipe system must have a log sheet in room(PhysicalSecurityAccessLog.docx)

List of those provided room access via cards/keys must be reviewed andrenewal required at least once a year

Documented process for obtaining access required(PhysicalSecurityAccessProcedure.docx)

SMP: Change Management

Goal : Establish standardized, efficient methods for managing change

Procedure should establish regimented steps for change requests spanning from the initial inquiry tonotification of completion

Changes must be logged (ChangeManagementLog.docx) when any of the following occurs on a server: Configuration change in hardware or software Relocation of a server Network configuration change Software installation, removal or reaffirmation (reaffirm need for software annually) Patch/updates applied to server

if not using AGNET WSUS or Red Hat Subscription services

SMP: Confidential Information

Identity Finder now available at no cost from sell.tamu.edu

Scan should be performed annually at a minimum

Each scan should be logged with findings and remediation steps noted(ConfidentialInfoScanLog.docx)

Any violations must be logged and reported to AIT ISO immediately

Servers persisting confidential information must be authorized by the ISO andTAMU System ISO, per System policy, prior to the storage commencing

Identity Finder Installation available via AGNET domain on a scheduled basis

SMP: ISAAC Risk Assessment Process

ISAAC REPORTS should cover ALL SERVERS and ALL WORKSTATIONSwithin your unit, no matter where they are located, funding source or owner.

Unit IT Manager is accountable for comprehensive ISAAC assessment forunit.

All units will be required to send completed reports to AIT for QA review2 WEEKS PRIOR TO UNIVERSITY DEADLINE

Any remediation resulting from ISAAC will be coordinated through theAgriLife ISO

Starts September 1 and ends November 22 Due to AIT on NOVEMBER 8th 2013

SMP: Patch Management

Business owner or administrator, representing each server, must attendthe monthly Information Systems Security meeting

Critical patches/updates must be applied as identified

Operating system and application software patches/updates must beapplied and confirmed on a monthly basis

Patch/update installation must be logged in the Change Management log(ChangeManagementLog.docx) for servers not using AGNET WSUS or Red Hatsubscription services

SMP: Vulnerability Scanning and Remediation

Goal : Perform scan on all systems to detect and remediate vulnerabilities

Systems monitored by AIT Nessus scanner are provided with monthly report via email

Campus systems not reachable by AIT Nessus scanner can either utilize the CIS Nessusscanner or if no active scanning being performed a documented Risk Assessment Reviewreport must be created

Vulnerabilities should be reviewed, remediation scheduled and results logged(VulnerabilityScanLog.docx) Generally less than 30 days For more high/critical ASAP timeframe

Accountabilities of Unit IT Manager Facilitator for entire unit even if not managing a server Must assist or source solutions to resolve vulnerabilities of all unit servers Alternatively, recommend to unit head alternative solution/resource

Prepare for increasing scrutiny and potential shutdown actions

Workstation Management: WSUS

Windows Server Update Service (WSUS) available to alldepartments and centers with update policy selected by addingcomputer to a group

Three policy setting options available via groups Default: automatic patch download, install and reboot WSUS-NoReboot: automatic patch download, install with manual reboot WSUS-Servers: automatic patch download, manual install and reboot

Note: Do not rename, delete or remove any of the groupsNote: If computer is renamed it must be re-added to the appropriate group (other than default group)

Workstation Management: WSUS

Default for all policies Computer checks for updates 3 am nightly If computer is not powered on at 3 am service will attempt updates 2-3 hours

after the system is powered on- Under these circumstances options 1 & 2 automatically install updates after

download and then prompt for reboot on hourly basis. User has option todefer reboot.

Automated Report Emailed third Tuesday of each month Provides patch status for computers that have ‘checked in’ within the last 30

days and that have outstanding patches

Workstation Management: WSUS

Report entries include computer name, ….. Security bulletin (SB) is a notice, sent upon release, detailing the release date,

issue(s) addressed, actions to take, software impacted, etc.(Example: MS13-047 – 13 indicates release in 2013, 47 indicates sequence number of patch)

Knowledge Base (KB) is same content as security bulletin but filed in MS system for reference and may have additions over time to reflect new data, etc.(Either SB or KB may be ‘Googled’ to view the specific details)

Severity rating indicates the impact of vulnerabilities addressed by patch

Status indicates progress of patch install for system

12 - 12 - 2012

Workstation Management: WSUS

Severity Ratings Critical – Vulnerability whose exploitation could allow code execution without user

interaction. (apply immediately)

Important – Vulnerability that could result in compromise of confidentiality, integrity or availability of user data or processing resource. (apply asap)

Moderate – Vulnerability whose impact is mitigated significantly by factors such as authentication requirements, etc. (apply time dependent on factors impacted)

Low – Vulnerability’s impact mitigated by characteristics of affected component

Unspecified – Vulnerability does not have a severity rating

12 - 12 - 2012

Workstation Management: WSUS

Status

Not Installed – An attempt to install the patch has not been made at time of report generation.

Downloaded – Update downloaded and is sitting on system waiting to be installed

Installed Pending Reboot – Update downloaded, installed and requires reboot to complete the installation

Failed – Update downloaded and an attempt made to install but install failed

12 - 12 - 2012

Workstation Management

Local Account Report

• Monthly Automated Delivery for AGNET Domain Systems

• IT Managers should review

• Remediate any extraneous, guest or unused accounts

12 - 12 - 2012