server management program review /...
TRANSCRIPT
Server Management Program Review / Training
To Review SMP structure, requirements, logistics
To increase quality and benefit of documentation
Provide/review examples and upgraded templates
Unit IT Managers are accountable for comprehensive application of SMPwithin the unit
GOALS
SMP: Document Repository& Update Cycles
SMP Portal is where all required documents are to bestored
https://agrilife-smp.tamu.edu
Updates for annual documents are due by Oct 31st
Monthly, Quarterly documents are due at end of each cycle
Will be assumed content is always here and up to date
SMP: Document Naming Conventions
Templates provided in Template Zip – Do not change names
Examples: AccountManagementLog.docx
DisasterRecoveryPlan.docx
Use Portal Checkout and Check-in Functionality (Demo)
Up to 4 years of past documentation will be maintained for staterecord retention and audit requirements
SMP: Documentation Grouping
Many units manage groups of servers with the same processand tools.
For systems that are managed this way one document (e.g.Disaster Recovery) can be created to cover all servers with thesame procedures
Document should clearly list the DNS name for all the individualservers that the document applies to.
SMP: Procedures & Logs
SMP consists of both Procedure documents and Logs
Procedures should be written with enough detail to accommodate someoneelse performing the process (see examples)
Logs should at a minimum identify who, when, what was performed and theassociated server(s)
Procedures require scheduled annual reviews to maintain familiarity and verifyprocess viability with noted changes formally documented immediately
SMP: What Requires Documentation?
The system will be SERVING a function to PUBLIC(i.e. web server, file server, video server, workstation with LAMP etc.)
It is running a known server operating system(may require review of build/version edition information to determine)
System is SERVING a function to INTERNAL user base(i.e. web server, file server, video server, etc.)
Not a server but may still need account and patchmanagement, firmware updates, etc. (i.e. NAS)
SMP: SERVER/DOCUMENT INDEX
Each Unit should maintain updated Server/Document Index SERVER-INDEX.xlsx (see required template)
Template facilitates SMP, MRT, ISAAC and System Audit Needs
List Servers, Classify Server, fill in remaining detail
Updates should be made immediately with any change in server consistency
SMP: Backup Procedure Documentation
Goal : Protect specified data in a scheduled manner enabling quick andefficient restoration
Procedures should identify all backup solutions, the associatedhardware/software, data that is backed up, specific steps to setup the backupprocess and to recover the data
Backups should be tested monthly and the recovery process tested annuallywith testing dates and results noted in log (DisasterRecoveryBackuplog.docx)
Documented process of backup, recovery and testing procedures required(DisasterRecoveryPlan.docx)
SMP: Disaster Recovery Documentation
Goal : Minimize negative operational impacts by identifying critical systems,prioritize their recovery, define steps to reconfigure and recover thesesystems to normal operation
Procedures should include procuring replacement parts, access tonecessary media and backups, steps for restoring/restarting systems andchecking system/application functions
Procedures should be tested annually with testing dates and results noted inlog (DisasterRecoveryBackuplog.docx)
Documented process of recovery and testingprocedures required (DisasterRecovery.docx)
SMP: Account Management Documentation
Only required for non-AGNET Servers
Must have documented Account Management Procedure includingsteps for account creation, change and removal (Example)
Account Management template specifies minimum trackinginformation (AccountManagementLog.docx) necessary to log both creationand removal of accounts
Reviews should occur to identify inactive (90 days) or formeremployee accounts potentially missed during off boarding
Reviews are to be logged with changes noted perthe account management log
SMP: Security Monitoring
Goal : Review logs, etc. to identify unusual events that may indicate maliciousactivity
Procedure should include steps for reviewing Failed login attempts Login attempts from foreign countries for legitimate accounts associated with
faculty/staff not traveling overseas High resource consumption of disk space or high system processor utilization Large number of failed job executions
Reviews should occur weekly for mission critical systems, monthly for non-missioncritical systems with each review and its results logged (SecurityMonitorLog.docx)
Documented review process required
SMP: Physical Security
Goal : Monitor physical access to servers and network equipment
Procedure should include steps for obtaining access to server room andwhether escorted access is required
If not using a key card swipe system must have a log sheet in room(PhysicalSecurityAccessLog.docx)
List of those provided room access via cards/keys must be reviewed andrenewal required at least once a year
Documented process for obtaining access required(PhysicalSecurityAccessProcedure.docx)
SMP: Change Management
Goal : Establish standardized, efficient methods for managing change
Procedure should establish regimented steps for change requests spanning from the initial inquiry tonotification of completion
Changes must be logged (ChangeManagementLog.docx) when any of the following occurs on a server: Configuration change in hardware or software Relocation of a server Network configuration change Software installation, removal or reaffirmation (reaffirm need for software annually) Patch/updates applied to server
if not using AGNET WSUS or Red Hat Subscription services
SMP: Confidential Information
Identity Finder now available at no cost from sell.tamu.edu
Scan should be performed annually at a minimum
Each scan should be logged with findings and remediation steps noted(ConfidentialInfoScanLog.docx)
Any violations must be logged and reported to AIT ISO immediately
Servers persisting confidential information must be authorized by the ISO andTAMU System ISO, per System policy, prior to the storage commencing
Identity Finder Installation available via AGNET domain on a scheduled basis
SMP: ISAAC Risk Assessment Process
ISAAC REPORTS should cover ALL SERVERS and ALL WORKSTATIONSwithin your unit, no matter where they are located, funding source or owner.
Unit IT Manager is accountable for comprehensive ISAAC assessment forunit.
All units will be required to send completed reports to AIT for QA review2 WEEKS PRIOR TO UNIVERSITY DEADLINE
Any remediation resulting from ISAAC will be coordinated through theAgriLife ISO
Starts September 1 and ends November 22 Due to AIT on NOVEMBER 8th 2013
SMP: Patch Management
Business owner or administrator, representing each server, must attendthe monthly Information Systems Security meeting
Critical patches/updates must be applied as identified
Operating system and application software patches/updates must beapplied and confirmed on a monthly basis
Patch/update installation must be logged in the Change Management log(ChangeManagementLog.docx) for servers not using AGNET WSUS or Red Hatsubscription services
SMP: Vulnerability Scanning and Remediation
Goal : Perform scan on all systems to detect and remediate vulnerabilities
Systems monitored by AIT Nessus scanner are provided with monthly report via email
Campus systems not reachable by AIT Nessus scanner can either utilize the CIS Nessusscanner or if no active scanning being performed a documented Risk Assessment Reviewreport must be created
Vulnerabilities should be reviewed, remediation scheduled and results logged(VulnerabilityScanLog.docx) Generally less than 30 days For more high/critical ASAP timeframe
Accountabilities of Unit IT Manager Facilitator for entire unit even if not managing a server Must assist or source solutions to resolve vulnerabilities of all unit servers Alternatively, recommend to unit head alternative solution/resource
Prepare for increasing scrutiny and potential shutdown actions
Workstation Management: WSUS
Windows Server Update Service (WSUS) available to alldepartments and centers with update policy selected by addingcomputer to a group
Three policy setting options available via groups Default: automatic patch download, install and reboot WSUS-NoReboot: automatic patch download, install with manual reboot WSUS-Servers: automatic patch download, manual install and reboot
Note: Do not rename, delete or remove any of the groupsNote: If computer is renamed it must be re-added to the appropriate group (other than default group)
Workstation Management: WSUS
Default for all policies Computer checks for updates 3 am nightly If computer is not powered on at 3 am service will attempt updates 2-3 hours
after the system is powered on- Under these circumstances options 1 & 2 automatically install updates after
download and then prompt for reboot on hourly basis. User has option todefer reboot.
Automated Report Emailed third Tuesday of each month Provides patch status for computers that have ‘checked in’ within the last 30
days and that have outstanding patches
Workstation Management: WSUS
Report entries include computer name, ….. Security bulletin (SB) is a notice, sent upon release, detailing the release date,
issue(s) addressed, actions to take, software impacted, etc.(Example: MS13-047 – 13 indicates release in 2013, 47 indicates sequence number of patch)
Knowledge Base (KB) is same content as security bulletin but filed in MS system for reference and may have additions over time to reflect new data, etc.(Either SB or KB may be ‘Googled’ to view the specific details)
Severity rating indicates the impact of vulnerabilities addressed by patch
Status indicates progress of patch install for system
12 - 12 - 2012
Workstation Management: WSUS
Severity Ratings Critical – Vulnerability whose exploitation could allow code execution without user
interaction. (apply immediately)
Important – Vulnerability that could result in compromise of confidentiality, integrity or availability of user data or processing resource. (apply asap)
Moderate – Vulnerability whose impact is mitigated significantly by factors such as authentication requirements, etc. (apply time dependent on factors impacted)
Low – Vulnerability’s impact mitigated by characteristics of affected component
Unspecified – Vulnerability does not have a severity rating
12 - 12 - 2012
Workstation Management: WSUS
Status
Not Installed – An attempt to install the patch has not been made at time of report generation.
Downloaded – Update downloaded and is sitting on system waiting to be installed
Installed Pending Reboot – Update downloaded, installed and requires reboot to complete the installation
Failed – Update downloaded and an attempt made to install but install failed
12 - 12 - 2012