Security Standard for General Information Systems
|
|
- Charles Butler
- 8 years ago
- Views:
Transcription
1 Ohi University Security Standard fr General Infrmatin Systems A Standard fr the Cnfiguratin and Operatin f Infrmatin Systems at Ohi University System Security Wrking Grup 10/24/2008
2 Security Standard fr General Infrmatin Systems Octber 24, 2008 TABLE OF CONTENTS Intrductin Levels f Standard... 3 Patching... 4 Server Deplyment... 4 Remve, Restrict r Disable Unnecessary r Unused Services, Applicatins, and Netwrk Prtcls... 5 Cnfigure OS User Authenticatin... 6 Cnfigure Resurce Cntrls Apprpriately (File permissins, netwrk shares, etc)... 8 Install and Cnfigure Additinal Security Cntrls... 8 Securely Installing the Server Sftware... 9 Cnfiguring Access Cntrls Server Resurce Cnstraints Selecting and Implementing Authenticatin and Encryptin Technlgies Maintaining the Security f the Server Server Backup Prcedures Security Scanning Remtely Administering a Server Intrductin Ohi University
3 Security Standard fr General Infrmatin Systems Octber 24, 2008 INTRODUCTION In rder t set a baseline fr hw systems shuld be cnfigured when attached t the Ohi University Netwrk, a wrking grup was established in August f 2008 fr the purpse f develping a standard t which all systems shuld cmply. This wrking grup had a membership rster that included: Kapil Bajaj Jay Beam Dug Bwie Dnner Davis Matthew Daltn Mike Ellit Chris Hayes Steve Hffer Sunil Narasimhan Paul Schmittauer Rn Yakem After reviewing several f the standards in existence, the grup tk the NIST Guide t General Server Security ( csrc.nist.gv/publicatins/nistpubs/ /sp pdf) as their template and mdified it t mre clsely meet the envirnment f Ohi University. In all cases, the grup attempted t stay true t the fllwing security cncepts: Defense in Depth Simply stated, gd security desn t rely n nly ne level f prtectin Principle f Least Privilege An individual, prcess r system shuld nly have the minimum amunt f rights, access r privilege required t get the jb dne. Less is Mre A system shuld nly cntain, r have running thse files and functins necessary t get the jb dne nthing mre, nthing less. 3 LEVELS OF STANDARD One change that the wrking grup made t the standard was the recgnitin that nt all systems are the same. Tward that end, the standard has been brken int three levels. The standard is cumulative i.e. Mderate systems have t cmply t bth Mderate and Minimum, while Maximum must cmply t all three. Minimum Mderate Maximum Minimum Standards apply t all general purpse cmputer envirnments (i.e. Windws, Mac, Linux, BSD, etc.) All Servers are at least Mderate, and servers cntaining cnfidential data must meet the maximum requirement. Maximum is required regardless f whether the system is prductin if it cntains sensitive data. Ohi University Intrductin 3
4 Security Standard fr General Infrmatin Systems Octber 24, 2008 PATCHING Minimum Create, dcument, and implement a patching prcess. (may be accmplished thrugh WSUS, GPO, r aut patching) Install permanent fixes (patches, upgrades, etc.) (see previus bullet) Mderate Identify vulnerabilities and applicable patches. (unless autmated) Maximum Mitigate vulnerabilities temprarily if needed and if feasible (until patches are available, tested, and installed). (depending n explit available, r difficulty f the fix) SERVER DEPLOYMENT Minimum Mderate Keep the servers discnnected frm netwrks r cnnect them nly t an islated "build" netwrk until all patches have been transferred t the servers thrugh ut-f-band means (e.g., CDs) and installed, and the ther cnfiguratin steps listed in this sectin have been perfrmed. (Mderate) Place the servers n a virtual lcal area netwrk (VLAN) r ther netwrk segment that severely restricts what actins the hsts n it can perfrm and what cmmunicatins can reach the hsts---nly allwing thse events that are necessary fr patching and cnfiguring the hsts. D nt transfer the hsts t regular netwrk segments until all the cnfiguratin steps listed in this sectin have been perfrmed Maximum Administratrs shuld generally nt apply patches t prductin servers withut first testing them n anther identically cnfigured server 4 Patching Ohi University
5 Security Standard fr General Infrmatin Systems Octber 24, 2008 REMOVE, RESTRICT OR DISABLE UNNECESSARY OR UNUSED SERVICES, APPLICATIONS, AND NETWORK PROTOCOLS Fr the fllwing sectin, if any f the public services listed belw are enabled, the system is at least Mderate. Minimum Mderate Public Services Directry services (e.g., Lightweight Directry Access Prtcl [LDAP], Netwrk Infrmatin System [NIS]) Web servers and services services (e.g., SMTP) System and netwrk management tls and utilities, including Simple Netwrk Management Prtcl (SNMP) Remte cntrl and remte access prgrams, particularly thse that d nt strngly encrypt their cmmunicatins (e.g., Telnet) File and printer sharing services (e.g., Windws Netwrk Basic Input/Output System [NetBIOS] file and printer sharing, Netwrk File System [NFS], FTP) Wireless netwrking services (unless currently in use) Bluetth, infrared Maximum Language cmpilers and libraries (Off if prductin) System develpment tls (Off if prductin) Ohi University Remve, Restrict r Disable Unnecessary r Unused Services, Applicatins, and Netwrk Prtcls 5
6 Security Standard fr General Infrmatin Systems Octber 24, 2008 CONFIGURE OS USER AUTHENTICATION Minimum Remve r Disable Unneeded Default Accunts---The default cnfiguratin f the OS ften includes guest accunts (with and withut passwrds), administratr r rt level accunts, and accunts assciated with lcal and netwrk services. The names and passwrds fr thse accunts are well knwn. Remve (whenever pssible) r disable unnecessary accunts t eliminate their use by attackers, including guest accunts n cmputers cntaining sensitive infrmatin. Fr default accunts that need t be retained, including guest accunts, severely restrict access t the accunts, including changing the names (where pssible and particularly fr administratr r rt level accunts) and passwrds t be cnsistent with the rganizatinal passwrd plicy. Default accunt names and passwrds are cmmnly knwn in the attacker cmmunity. (Minimum) Disable Nn-Interactive Accunts---Disable accunts (and the assciated passwrds) that need t exist but d nt require an interactive lgin. Fr Unix systems, disable the lgin shell r prvide a lgin shell with NULL functinality (e.g., /bin/false). (Minimum) Create the User Grups---Assign users t the apprpriate grups. Then assign rights t the grups, as dcumented in the deplyment plan. This apprach is preferable t assigning rights t individual users, which becmes unwieldy with large numbers f users. (Minimum) Create the User Accunts---The deplyment plan identifies wh will be authrized t use each cmputer and its services. Create nly the necessary accunts. Permit the use f shared accunts nly when n viable alternatives exist. Have rdinary user accunts fr server administratrs that are als users f the server. (Minimum) Cnfigure Autmated Time Synchrnizatin---Sme authenticatin prtcls, such as Kerbers, will nt functin if the time differential between the client hst and the authenticating server is significant, s servers using such prtcls shuld be cnfigured t autmatically synchrnize system time with a reliable time server. Typically the time server is internal t the rganizatin and uses the Netwrk Time Prtcl (NTP) fr synchrnizatin; publicly available NTP servers are als available n the Internet. (Minimum) Check the Organizatin's Passwrd Plicy---Set accunt passwrds apprpriately. Elements that may be addressed in a passwrd plicy include the fllwing: (Minimum - Use highest level f enfrcement that the system supprts) Length---a minimum length fr passwrds. Cmplexity---the mix f characters required. An example is requiring passwrds t cntain uppercase letters, lwercase letters, and nnalphabetic characters, and t 6 Cnfigure OS User Authenticatin Ohi University
7 Security Standard fr General Infrmatin Systems Octber 24, 2008 nt cntain "dictinary" wrds. Aging---hw lng a passwrd may remain unchanged. Many plicies require users and administratrs t change their passwrds peridically. In such cases, the frequency shuld be determined by the enfrced length and cmplexity f the passwrd, the sensitivity f the infrmatin prtected, and the expsure level f passwrds. If aging is required, cnsideratin shuld be given t enfrcing a minimum aging duratin t prevent users frm rapidly cycling thrugh passwrd changes t clear ut their passwrd histry and bypass reuse restrictins. Reuse---whether a passwrd may be reused. Sme users try t defeat a passwrd aging requirement by changing the passwrd t ne they have used previusly. If reuse is prhibited by plicy, it is beneficial, if pssible, t ensure that users cannt change their passwrds by merely appending characters t the beginning r end f their riginal passwrds (e.g., riginal passwrd was "mysecret" and is changed t "1mysecret" r "mysecret1"). Authrity---wh is allwed t change r reset passwrds and what srt f prf is required befre initiating any changes. Passwrd Security---hw passwrds shuld be secured, such as nt string passwrds unencrypted n the server, and requiring administratrs t use different passwrds fr their server administratin accunts than their ther administratin accunts. Cnfigure Cmputers t Prevent Passwrd Guessing---It is relatively easy fr an unauthrized user t try t gain access t a cmputer by using autmated sftware tls that attempt all passwrds. If the OS prvides the capability, cnfigure it t increase the perid between lgin attempts with each unsuccessful attempt. If that is nt pssible, the alternative is t deny lgin after a limited number f failed attempts (e.g., three). Typically, the accunt is "lcked ut" fr a perid f time (such as 30 minutes) r until a user with apprpriate authrity reactivates it Mderate Maximum Install and Cnfigure Other Security Mechanisms t Strengthen Authenticatin Ohi University Cnfigure OS User Authenticatin 7
8 Security Standard fr General Infrmatin Systems Octber 24, 2008 CONFIGURE RESOURCE CONTROLS APPROPRIATELY (FILE PERMISSIONS, NETWORK SHARES, ETC) Minimum Mderate Permit access t nly required files (e.g. users shuldn't be allwed t access system mmc cntrls r ther users' files) (Mderate) Maximum Islate service users t virtual envirnments (e.g. chrt 'jails') (Mderate) INSTALL AND CONFIGURE ADDITIONAL SECURITY CONTROLS Minimum Anti-malware sftware, such as antivirus sftware, anti-spyware sftware, and rtkit detectrs, t prtect the lcal OS frm malware and t detect and eradicate any infectins that ccur. Examples f when anti-malware sftware wuld be helpful include a system administratr bringing infected media t the server and a netwrk service wrm cntacting the server and infecting it. (as it applies) Mderate Hst-based firewalls, t prtect the server frm unauthrized access. (Minimum if it can supprt) Peridic security testing f the OS is a vital way t identify vulnerabilities and t ensure that the existing security precautins are effective and that security cntrls are cnfigured prperly 8 Cnfigure Resurce Cntrls Apprpriately (File permissins, netwrk shares, etc) Ohi University
9 Security Standard fr General Infrmatin Systems Octber 24, 2008 Maximum Hst-based intrusin detectin and preventin sftware (IDPS), t detect attacks perfrmed against the server, including DS attacks. Fr example, ne frm f hst-based IDPS, file integrity checking sftware, can identify changes t critical system files. Netwrk based firewalls shuld be cnfigured as additinal prtectin Patch, Package and Cnfiguratin management r vulnerability management sftware t ensure that vulnerabilities are addressed prmptly. Patch management and vulnerability management sftware can be used nly t apply patches r als t identify new vulnerabilities in the server's OSs, services, and applicatins. (abve and beynd WSUS, yum, up2date) (Altiris, BigFix, ZenWrks, etc.) Disk Encryptin technlgies (and Prtable - as pssible) SECURELY INSTALLING THE SERVER SOFTWARE Minimum Apply any patches r upgrades t crrect fr knwn critical vulnerabilities in the server sftware (i.e. Apache, IIS, Oracle, MS-SQL, Cld Fusin, etc.) Mderate Install the server sftware either n a dedicated hst r n a dedicated guest OS if virtualizatin is being emplyed. (Single netwrk service/rle per server - Web, database, DNS, smtp, etc.) Apply any patches r upgrades t crrect fr knwn vulnerabilities in the server sftware (i.e. Apache, IIS, Oracle, MS-SQL, Cld Fusin, etc.) Create a dedicated physical disk r lgical partitin (separate frm OS and server applicatin) fr server data, if applicable. Remve r disable all services installed by the server applicatin but nt required (e.g., gpher, FTP, HTTP, remte administratin). Remve r disable all unneeded default user accunts created by the server installatin. Remve all example r test files frm the server, including sample cntent, scripts, and executable cde (fr prductin) Remve all unneeded cmpilers. Reduce the permissins that a service accunt has t nly thse required. Ohi University Securely Installing the Server Sftware 9
10 Security Standard fr General Infrmatin Systems Octber 24, 2008 Apply the apprpriate security template r hardening script t the server. Fr external-facing servers, recnfigure service banners nt t reprt the server and OS type and versin, if pssible. Cnfigure warning banners fr all services that supprt such banners. Cnfigure each netwrk service t listen fr client cnnectins n nly the necessary TCP and UDP prts, if pssible. Maximum Remve all manufacturers' dcumentatin frm the server. CONFIGURING ACCESS CONTROLS Minimum Mderate Limit the access f the server applicatin t a subset f cmputatinal resurces. (If Pssible/feasible - can be accmplished thrugh virtualizatin, but nt easy in many mdern OSs) Limit the access f users thrugh additinal access cntrls enfrced by the server, where mre detailed levels f access cntrl are required. Typical files t which access shuld be cntrlled are as fllws: Applicatin sftware and cnfiguratin files Files related directly t security mechanisms: Passwrd hash files and ther files used in authenticatin Files cntaining authrizatin infrmatin used in cntrlling access Cryptgraphic key material used in cnfidentiality, integrity, and nnrepudiatin services Server lg and system audit files System sftware and cnfiguratin files Server cntent files 10 Cnfiguring Access Cntrls Ohi University
11 Security Standard fr General Infrmatin Systems Octber 24, 2008 Service prcesses are cnfigured t run as a user with a strictly limited set f privileges (i.e., nt running as rt, administratr, r equivalent). Service prcesses can nly write t server cntent files and directries if necessary. Temprary files created by the server sftware are restricted t a specified and apprpriately prtected subdirectry (if pssible). Access t these temprary files is limited t the server prcesses that created the files (if pssible). Maximum SERVER RESOURCE CONSTRAINTS Minimum Mderate Installing server cntent n a different hard drive r lgical partitin than the OS and server sftware. Placing a limit n the amunt f hard drive space that is dedicated fr uplads, if uplads t the server are allwed. Ideally, uplads shuld be placed n a separate partitin t prvide strnger assurance that the hard drive limit cannt be exceeded. Maximum If user uplads are allwed t the server, ensuring that these files are nt published by the server until after sme autmated r manual review prcess is used t screen them. This measure prevents the server frm being used t prpagate malware r traffic pirated sftware, attack tls, prngraphy, etc. It is als pssible t limit the size f each upladed file, which culd limit the ptential effects f a DS attack invlving uplading many large files. Ensuring that lg files are stred in a lcatin that is sized apprpriately. Ideally, lg files shuld be stred n a separate partitin. If an attack causes the size f the lg files t increase beynd acceptable limits, a physical partitin helps ensure the server has enugh resurces t handle the situatin apprpriately. Cnfiguring the maximum number f server prcesses and/r netwrk cnnectins that the server shuld allw. Ohi University Server Resurce Cnstraints 11
12 Security Standard fr General Infrmatin Systems Octber 24, 2008 SELECTING AND IMPLEMENTING AUTHENTICATION AND ENCRYPTION TECHNOLOGIES Minimum Systems shuld emply encryptin technlgies when transmitting r string sensitive infrmatin and authenticatin credentials. Maximum Mderate Systems shuld authenticate t a central system, such as OIT AD t allw access t nnpublic resurces MAINTAINING THE SECURITY OF THE SERVER Minimum Mderate Lgging Identifying Lgging Capabilities and Requirements Lgs shuld capture successful and failed authenticatin attempts If pssible, lgs shuld capture privileged use attempts Lgs shuld capture accunt management activities Lgs shuld capture, as much as pssible, system cnfiguratin changes, schema changes, r state changes Reviewing and Retaining Lg Files Lg files shuld be retained fr at least ne year Lg files shuld be reviewed weekly fr anmalies Maximum Lg files shuld be reviewed thrugh the University's Security Infrmatin and Event Manager (SIEM) 12 Selecting and Implementing Authenticatin and Encryptin Technlgies Ohi University
13 Security Standard fr General Infrmatin Systems Octber 24, 2008 SERVER BACKUP PROCEDURES Minimum Backup media shuld be prtected frm theft and/r disclsure at the same level as the system itself (physical, encryptin, etc.) Mderate Minimum f Differential backups shuld ccur at least nightly Full Backups shuld ccur at least twice a Mnth Backup recvery testing shuld be perfrmed at least twice a year Backups shuld be maintained in a separate physical lcatin/building frm the system itself. Recmmend at least 3 full backups be kept, but envirnment may dictate differently Maximum Full Backup recvery test shuld be perfrmed at least twice a year SECURITY SCANNING These services will be perfrmed by the University Infrmatin Security Office Minimum Systems shuld be scanned fr cmmn external vulnerabilities quarterly, r as new, significant vulnerabilities are discvered Sme findings may result in the immediate remval f the system frm the netwrk until remediatin is perfrmed Mderate The results f these scans need t be addressed within ne week f them being prvided t the administratr f the system Maximum Penetratin testing shuld be perfrmed n an annual basis Nte: Sme perating systems have self remediatin tls such as the Micrsft Baseline Security Analyzer, that allw a user r administratr t assess sme f the security f their system. Althugh nt required, these are helpful t determine what may need t be perfrmed n a system prir t, r between scans. REMOTELY ADMINISTERING A SERVER Ohi University Server Backup Prcedures 13
14 Security Standard fr General Infrmatin Systems Octber 24, 2008 Minimum Restrict which hsts can be used t remtely administer the server. (minimum) Restrict by authrized users (minimum) Restrict by IP address (nt hstname) (minimum) Restrict t hsts n the internal netwrk r thse using the rganizatin's enterprise remte access slutin. (minimum) Use secure prtcls that can prvide encryptin f bth passwrds and data (e.g., SSH, HTTPS); d nt use less secure prtcls (e.g., telnet, FTP, NFS, HTTP) unless abslutely required and tunneled ver an encrypted prtcl, such as SSH, SSL, r IPsec. (minimum) Enfrce the cncept f least privilege n remte administratin (e.g., attempt t minimize the access rights fr the remte administratin accunts). (minimum) D nt allw remte administratin frm the Internet thrugh the firewall unless accmplished via strng mechanisms, such as VPNs. (minimum) Use remte administratin prtcls that supprt server authenticatin t prevent man-inthe-middle attacks. (minimum) Change any default accunts r passwrds fr the remte administratin utility r applicatin. (minimum) Mderate Use a strng authenticatin mechanism (e.g., public/private key pair, tw-factr Maximum authenticatin). 14 Remtely Administering a Server Ohi University
GUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationSBClient and Microsoft Windows Terminal Server (Including Citrix Server)
SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance
More informationABELMed Platform Setup Conventions
ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationMaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationROSS RepliWeb Operations Suite for SharePoint. SSL User Guide
ROSS RepliWeb Operatins Suite fr SharePint SSL User Guide Sftware Versin 2.5 March 18, 2010 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm,
More informationInstallation Guide Marshal Reporting Console
INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationIntroduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.
Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationCloud Services Frequently Asked Questions FAQ
Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like
More informationMicrosoft Certified Database Administrator (MCDBA)
Micrsft Certified Database Administratr (MCDBA) 460 hurs Curse Overview/Descriptin The MCDBA prgram and credential is designed fr individuals wh want t demnstrate that they have the necessary skills t
More informationJunos Pulse Instructions for Windows and Mac OS X
Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.
More informationName. Description. Rationale
Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based
More informationScaleIO Security Configuration Guide
ScaleIO Security Cnfiguratin Guide 1 Intrductin This sectin prvides an verview f the settings available in ScaleIO t ensure secure peratin f the prduct: Security settings are divided int the fllwing categries:
More informationInstructions for Configuring a SAFARI Montage Managed Home Access Expansion Server
Instructins fr Cnfiguring a SAFARI Mntage Managed Hme Access Expansin Server ~ Please read these instructins in their entirety befre yu begin. ~ These instructins explain hw t add a SAFARI Mntage Managed
More informationConfiguring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool
Cnfiguring BMC AREA LDAP Using AD dmain credentials fr the BMC Windws User Tl Versin 1.0 Cnfiguring the BMC AREA LDAP Plugin fr Dmain Username and Passwrds Intrductin...3 LDAP Basics...4 What is LDAP and
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationBackupAssist SQL Add-on
WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system
More informationDeployment Overview (Installation):
Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int
More informationHelpdesk Support Tickets & Knowledgebase
Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U
More informationEmulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010
Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010 0. Nte that frm LISTSERV versin 15.5, LISTSERV supprts using an external LDAP directry (r Windws Active Directry) fr lgin authenticatin in additin t
More informationFINRA Regulation Filing Application Batch Submissions
FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationTen Steps for an Easy Install of the eg Enterprise Suite
Ten Steps fr an Easy Install f the eg Enterprise Suite (Acquire, Evaluate, and be mre Efficient!) Step 1: Dwnlad the eg Sftware; verify hardware and perating system pre-requisites Step 2: Obtain a valid
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationSMART Active Directory Migrator 9.0.2. Requirements
SMART Active Directry Migratr 9.0.2 January 2016 Table f Cntents... 3 SMART Active Directry Migratr Basic Installatin... 3 Wrkstatin and Member Server System... 5 Netwrking... 5 SSL Certificate... 6 Service
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationInstallation Guide Marshal Reporting Console
Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling
More informationIntroduction to Mindjet MindManager Server
Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights
More informationThe Relativity Appliance Installation Guide
The Relativity Appliance Installatin Guide February 4, 2016 - Versin 9 & 9.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationWebalo Pro Appliance Setup
Webal Pr Appliance Setup 1. Dwnlad the Webal virtual appliance apprpriate fr yur virtualizatin infrastructure, using the link yu were emailed. The virtual appliance is delivered as a.zip file that is n
More informationGETTING STARTED With the Control Panel Table of Contents
With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...
More informationHOWTO: How to configure SSL VPN tunnel gateway (office) to gateway
HOWTO: Hw t cnfigure SSL VPN tunnel gateway (ffice) t gateway Hw-t guides fr cnfiguring VPNs with GateDefender Integra Panda Security wants t ensure yu get the mst ut f GateDefender Integra. Fr this reasn,
More informationCloud Services MDM. Windows 8 User Guide
Clud Services MDM Windws 8 User Guide 10/24/2014 CONTENTS Overview... 2 Supprted Devices... 2 System Capabilities... 2 Enrllment and Activatin... 3 Prcess Overview... 3 Verify Prerequisites... 3 Dwnlad
More information5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy
Infrmatin Technlgy Plicy 5.2.1 Passwrds Plicy Area: 5.2 Security Title: 5.2.1 Passwrds Issued by: Assistant Vice-President/CIO, ITS Date Issued: 2006 July 24 Last Revisin Date: 2011 Octber 19 Apprved by:
More informationLearn More Cloud Extender Requirements Cheat Sheet
MaaS360.cm > Learn Mre Learn Mre Clud Extender Requirements Cheat Sheet OVERVIEW This dcument defines all requirements t ensure a successfully installatin f the Clud Extender t enable use f ActiveSync
More informationLicensing Windows Server 2012 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This
More informationImplementing ifolder Server in the DMZ with ifolder Data inside the Firewall
Implementing iflder Server in the DMZ with iflder Data inside the Firewall Nvell Cl Slutins AppNte www.nvell.cm/clslutins JULY 2004 OBJECTIVES The bjectives f this dcumentatin are as fllws: T cnfigure
More informationLicensing Windows Server 2012 R2 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents
More informationAvatier Identity Management Suite
Avatier Identity Management Suite AIMS Versin 9 System Requirements Versin 9 2603 Camin Ramn Suite 110 San Ramn, CA 94583 Phne: 800-609-8610 925-217-5170 FAX: 925-217-0853 Email: supprt@avatier.cm Page
More informationMcAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, 2014. Infoblox NIOS Page 1 of 8
McAfee Enterprise Security Manager Data Surce Cnfiguratin Guide Data Surce: Infblx NIOS September 2, 2014 Infblx NIOS Page 1 f 8 Imprtant Nte: The infrmatin cntained in this dcument is cnfidential and
More informationRSA Authentication Manager 5.2 and 6.1 Security Best Practices Guide. Version5
RSA Authenticatin Manager 5.2 and 6.1 Security Best Practices Guide Versin5 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA,
More informationConfiguring and Monitoring AS400 Servers. eg Enterprise v5.6
Cnfiguring and Mnitring AS400 Servers eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be reprduced
More informationPassword Reset for Remote Users
1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin
More informationTaskCentre v4.5 Send Message (SMTP) Tool White Paper
TaskCentre v4.5 Send Message (SMTP) Tl White Paper Dcument Number: PD500-03-17-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004E Payment Card Industry (PCI) Netwrk Security (prpsed) 01.1 Purpse The purpse f this Netwrk
More informationA Beginner s Guide to Building Virtual Web Servers
A Beginner s Guide t Building Virtual Web Servers Cntents Intrductin... 1 Why set up a web server?... 2 Installing Ubuntu 13.04... 2 Netwrk Set Up... 3 Installing Guest Additins... 4 Updating and Upgrading
More informationIntegrating With incontact dbprovider & Screen Pops
Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationFirewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)
Firewall/Prxy Server Settings t Access Hsted Envirnment Client firewall settings in mst cases depend n whether the firewall slutin uses a Stateful Inspectin prcess r ne that is cmmnly referred t as an
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationComtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite
CISP/PCI Implementatin Guidance fr Odyssey Suite Applicable Applicatin Versin This dcument supprts the fllwing applicatin versin: Odyssey Suite Versin 2.0 Intrductin Systems which prcess payment transactins
More informationFlash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory
Flash Padlck - White Paper Flash Padlck Self-Secured and Hst-Independent USB Flash Drive White Paper April 2007 Prepared by ClevX, LLC fr Crsair Memry 1 INTRODUCTION Millins f USB Flash Drives (UFDs) are
More informationCNS-205: Citrix NetScaler 11 Essentials and Networking
CNS-205: Citrix NetScaler 11 Essentials and Netwrking Overview The bjective f the Citrix NetScaler 11 Essentials and Netwrking curse is t prvide the fundatinal cncepts and skills necessary t implement,
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationSolution Brief. Aerohive and Impulse. Powerful Network Security for Education and Enterprise
Slutin Brief Aerhive and Impulse Pwerful Netwrk Security fr Educatin and Enterprise Aerhive and Impulse Intrductin In tday s highly cnnected rganizatins, end users expect secure Wi-Fi access acrss the
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationSANsymphony-V Storage Virtualization Software Installation and Getting Started Guide. February 5, 2015 www.datacore.com
SANsymphny-V Strage Virtualizatin Sftware Installatin and Getting Started Guide February 5, 2015 www.datacre.cm This dcument is the prperty f DataCre Sftware. It is intended slely as an aid fr installing
More informationCallRex 4.2 Installation Guide
CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex
More informationEvaluation Report. 29 May 2013. Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com
Plycm RealPresence Access Directr 29 May 2013 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.cm Table f Cntents Executive Summary... 1 System Cmpnents... 3
More informationEA-POL-015 Enterprise Architecture - Encryption Policy
Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:
More informationReadme File. Purpose. What is Translation Manager 9.3.1? Hyperion Translation Manager Release 9.3.1 Readme
Hyperin Translatin Manager Release 9.3.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 What is Translatin Manager 9.3.1?... 1 Cmpatible Sftware... 2 Supprted Internatinal Operating
More informationX7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips
X7500 Series, X4500 Scanner Series MFPs: LDAP Address Bk and Authenticatin Cnfiguratin and Basic Trubleshting Tips Lexmark Internatinal 1 Prerequisite Infrm atin In rder t cnfigure a Lexmark MFP fr LDAP
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationReadme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.
Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationEnsuring end-to-end protection of video integrity
White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring
More informationRelease Notes. Dell SonicWALL Email Security 7.4.3 firmware is supported on the following appliances: Dell SonicWALL Email Security 200
Release Ntes Email Security Dell SnicWALL Email Security 7.4.3 SnicOS Cntents System Cmpatibility... 1 Enhancements in Email Security 7.4.3... 2 Knwn Issues... 3 Upgrading t Email Security 7.4.3... 4 Related
More informationViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation
ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is
More informationMobile Device Manager Admin Guide. Reports and Alerts
Mbile Device Manager Admin Guide Reprts and Alerts September, 2013 MDM Admin Guide Reprts and Alerts i Cntents Reprts and Alerts... 1 Reprts... 1 Alerts... 3 Viewing Alerts... 5 Keep in Mind...... 5 Overview
More informationAdobe Sign. Enabling Single Sign-On with SAML Reference Guide
Enabling Single Sign-On with SAML Reference Guide 2016 Adbe Systems Incrprated. All Rights Reserved. Prducts mentined in this dcument, such as the services f identity prviders Micrsft Active Directry Federatin,
More informationMonthly All IFS files, all Libraries, security and configuration data
Server Backup Plicy Intrductin Data is ne f Banks DIH Limited s mst imprtant assets. In rder t prtect this asset frm lss r destructin, it is imperative that it be safely and securely captured, cpied, and
More informationGetting Started Guide
fr SQL Server www.lgbinder.cm Getting Started Guide Dcument versin 1 Cntents Installing LOGbinder fr SQL Server... 3 Step 1 Select Server and Check Requirements... 3 Select Server... 3 Sftware Requirements...
More informationSoftware Distribution
Sftware Distributin Quantrax has autmated many f the prcesses invlved in distributing new cde t clients. This will greatly reduce the time taken t get fixes laded nt clients systems. The new prcedures
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationRestricted Document. Pulsant Technical Specification
Pulsant Technical Specificatin Title Pulsant Dedicated Server Department Prduct Develpment Cntributrs RR Classificatin Restricted Versin 1.0 Overview Pulsant ffer a Dedicated Server service t underpin
More informationTo clarify terms used within these policies, the following definitions are provided:
Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail
More informationDatasheet. PV4E Management Software Features
PV4E Management Sftware Features PV4E is a field prven cmprehensive slutin fr real-time cntrl ver netwrk infrastructure and devices The new and refreshed Graphic User Interface (GUI) is nw even mre attractive,
More informationInstant Chime for IBM Sametime Quick Start Guide
Instant Chime fr IBM Sametime Quick Start Guide Fall 2014 Cpyright 2014 Instant Technlgies. All rights reserved. Cpyright and Disclaimer This dcument, as well as the sftware described in it, is furnished
More informationPreparing to Deploy Reflection : A Guide for System Administrators. Version 14.1
Preparing t Deply Reflectin : A Guide fr System Administratrs Versin 14.1 Table f Cntents Table f Cntents... 2 Preparing t Deply Reflectin 14.1:... 3 A Guide fr System Administratrs... 3 Overview f the
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationAttunity RepliWeb SSL Guide
Attunity RepliWeb SSL Guide Sftware Versin 5.2 June 25, 2012 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm, Supprt: http://supprt.repliweb.cm
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationSecurity of Interactive and Automated Access Management Using Secure Shell (SSH)
Security f Interactive and Autmated Access Management Using Secure Shell (SSH) Tatu Ylnen Paul Turner Karen Scarfne Murugiah Suppaya This publicatin is available free f charge frm: http://dx.di.rg/10.6028/nist.ir.7966
More informationUnderstand Business Continuity
Understand Business Cntinuity Lessn Overview In this lessn, yu will learn abut: Business cntinuity Data redundancy Data availability Disaster recvery Anticipatry Set What methds can be emplyed by a system
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationMonitor Important Windows Security Events using EventTracker
Mnitr Imprtant Windws Security Events using EventTracker White Paper Publicatin Date: Mar 14, 2014 EventTracker 8815 Centre Park Drive Clumbia MD 21045 www.eventtracker.cm EventTracker: Mnitr Imprtant
More information