GOALS. Server Management Program Review / Training. To Review SMP structure, requirements, logistics. To increase quality and benefit of documentation

Transcription

1 Server Management Program Review / Training GOALS To Review SMP structure, requirements, logistics To increase quality and benefit of documentation Provide/review examples and upgraded templates Unit IT Managers are accountable for comprehensive application of SMP within the unit

2 SMP: Document Repository & Update Cycles SMP Portal is where all required documents are to be stored Updates for annual documents are due by Oct 31 st Monthly, Quarterly documents are due at end of each cycle Will be assumed content is always here and up to date

3 SMP: Document Naming Conventions Templates provided in Template Zip Do not change names Examples: AccountManagementLog.docx DisasterRecoveryPlan.docx Use Portal Checkout and Check-in Functionality (Demo) Up to 4 years of past documentation will be maintained for state record retention and audit requirements

4 SMP: Documentation Grouping Many units manage groups of servers with the same process and tools. For systems that are managed this way one document (e.g. Disaster Recovery) can be created to cover all servers with the same procedures Document should clearly list the DNS name for all the individual servers that the document applies to.

5 SMP: Procedures & Logs SMP consists of both Procedure documents and Logs Procedures should be written with enough detail to accommodate someone else performing the process (see examples) Logs should at a minimum identify who, when, what was performed and the associated server(s) Procedures require scheduled annual reviews to maintain familiarity and verify process viability with noted changes formally documented immediately

6 SMP: What Requires Documentation? The system will be SERVING a function to PUBLIC (i.e. web server, file server, video server, workstation with LAMP etc.) It is running a known server operating system (may require review of build/version edition information to determine) System is SERVING a function to INTERNAL user base (i.e. web server, file server, video server, etc.) Not a server but may still need account and patch management, firmware updates, etc. (i.e. NAS)

7 SMP: SERVER/DOCUMENT INDEX Each Unit should maintain updated Server/Document Index SERVER- INDEX.xlsx (see required template) Template facilitates SMP, MRT, ISAAC and System Audit Needs List Servers, Classify Server, fill in remaining detail Updates should be made immediately with any change in server consistency

8 SMP: Backup Procedure Documentation Goal : Protect specified data in a scheduled manner enabling quick and efficient restoration Procedures should identify all backup solutions, the associated hardware/software, data that is backed up, specific steps to setup the backup process and to recover the data Backups should be tested monthly and the recovery process tested annually with testing dates and results noted in log (DisasterRecoveryBackuplog.docx) Documented process of backup, recovery and testing procedures required (DisasterRecoveryPlan.docx)

9 SMP: Disaster Recovery Documentation Goal : Minimize negative operational impacts by identifying critical systems, prioritize their recovery, define steps to reconfigure and recover these systems to normal operation Procedures should include procuring replacement parts, access to necessary media and backups, steps for restoring/restarting systems and checking system/application functions Procedures should be tested annually with testing dates and results noted in log (DisasterRecoveryBackuplog.docx) Documented process of recovery and testing procedures required (DisasterRecovery.docx)

10 SMP: Account Management Documentation Only required for non-agnet Servers Must have documented Account Management Procedure including steps for account creation, change and removal (Example) Account Management template specifies minimum tracking information (AccountManagementLog.docx) necessary to log both creation and removal of accounts Reviews should occur to identify inactive (90 days) or former employee accounts potentially missed during off boarding Reviews are to be logged with changes noted per the account management log

11 SMP: Security Monitoring Goal : Review logs, etc. to identify unusual events that may indicate malicious activity Procedure should include steps for reviewing Failed login attempts Login attempts from foreign countries for legitimate accounts associated with faculty/staff not traveling overseas High resource consumption of disk space or high system processor utilization Large number of failed job executions Reviews should occur weekly for mission critical systems, monthly for non-mission critical systems with each review and its results logged (SecurityMonitorLog.docx) Documented review process required

12 SMP: Physical Security Goal : Monitor physical access to servers and network equipment Procedure should include steps for obtaining access to server room and whether escorted access is required If not using a key card swipe system must have a log sheet in room (PhysicalSecurityAccessLog.docx) List of those provided room access via cards/keys must be reviewed and renewal required at least once a year Documented process for obtaining access required (PhysicalSecurityAccessProcedure.docx)

13 SMP: Change Management Goal : Establish standardized, efficient methods for managing change Procedure should establish regimented steps for change requests spanning from the initial inquiry to notification of completion Changes must be logged (ChangeManagementLog.docx) when any of the following occurs on a server: Configuration change in hardware or software Relocation of a server Network configuration change Software installation, removal or reaffirmation (reaffirm need for software annually) Patch/updates applied to server if not using AGNET WSUS or Red Hat Subscription services

14 SMP: Confidential Information Identity Finder now available at no cost from sell.tamu.edu Scan should be performed annually at a minimum Each scan should be logged with findings and remediation steps noted (ConfidentialInfoScanLog.docx) Any violations must be logged and reported to AIT ISO immediately Servers persisting confidential information must be authorized by the ISO and TAMU System ISO, per System policy, prior to the storage commencing Identity Finder Installation available via AGNET domain on a scheduled basis

15 SMP: ISAAC Risk Assessment Process ISAAC REPORTS should cover ALL SERVERS and ALL WORKSTATIONS within your unit, no matter where they are located, funding source or owner. Unit IT Manager is accountable for comprehensive ISAAC assessment for unit. All units will be required to send completed reports to AIT for QA review 2 WEEKS PRIOR TO UNIVERSITY DEADLINE Any remediation resulting from ISAAC will be coordinated through the AgriLife ISO Starts September 1 and ends November 22 Due to AIT on NOVEMBER 8 th 2013

16 SMP: Patch Management Business owner or administrator, representing each server, must attend the monthly Information Systems Security meeting Critical patches/updates must be applied as identified Operating system and application software patches/updates must be applied and confirmed on a monthly basis Patch/update installation must be logged in the Change Management log (ChangeManagementLog.docx) for servers not using AGNET WSUS or Red Hat subscription services

17 SMP: Vulnerability Scanning and Remediation Goal : Perform scan on all systems to detect and remediate vulnerabilities Systems monitored by AIT Nessus scanner are provided with monthly report via Campus systems not reachable by AIT Nessus scanner can either utilize the CIS Nessus scanner or if no active scanning being performed a documented Risk Assessment Review report must be created Vulnerabilities should be reviewed, remediation scheduled and results logged (VulnerabilityScanLog.docx) Generally less than 30 days For more high/critical ASAP timeframe Accountabilities of Unit IT Manager Facilitator for entire unit even if not managing a server Must assist or source solutions to resolve vulnerabilities of all unit servers Alternatively, recommend to unit head alternative solution/resource Prepare for increasing scrutiny and potential shutdown actions

18 Workstation Management: WSUS Windows Server Update Service (WSUS) available to all departments and centers with update policy selected by adding computer to a group Three policy setting options available via groups Default: automatic patch download, install and reboot WSUS-NoReboot: automatic patch download, install with manual reboot WSUS-Servers: automatic patch download, manual install and reboot Note: Do not rename, delete or remove any of the groups Note: If computer is renamed it must be re-added to the appropriate group (other than default group)

19 Workstation Management: WSUS Default for all policies Computer checks for updates 3 am nightly If computer is not powered on at 3 am service will attempt updates 2-3 hours after the system is powered on - Under these circumstances options 1 & 2 automatically install updates after download and then prompt for reboot on hourly basis. User has option to defer reboot. Automated Report ed third Tuesday of each month Provides patch status for computers that have checked in within the last 30 days and that have outstanding patches

20 Workstation Management: WSUS Report entries include computer name,.. Security bulletin (SB) is a notice, sent upon release, detailing the release date, issue(s) addressed, actions to take, software impacted, etc. (Example: MS indicates release in 2013, 47 indicates sequence number of patch) Knowledge Base (KB) is same content as security bulletin but filed in MS system for reference and may have additions over time to reflect new data, etc. (Either SB or KB may be Googled to view the specific details) Severity rating indicates the impact of vulnerabilities addressed by patch Status indicates progress of patch install for system

21 Workstation Management: WSUS Severity Ratings Critical Vulnerability whose exploitation could allow code execution without user interaction. (apply immediately) Important Vulnerability that could result in compromise of confidentiality, integrity or availability of user data or processing resource. (apply asap) Moderate Vulnerability whose impact is mitigated significantly by factors such as authentication requirements, etc. (apply time dependent on factors impacted) Low Vulnerability s impact mitigated by characteristics of affected component Unspecified Vulnerability does not have a severity rating

22 Workstation Management: WSUS Status Not Installed An attempt to install the patch has not been made at time of report generation. Downloaded Update downloaded and is sitting on system waiting to be installed Installed Pending Reboot Update downloaded, installed and requires reboot to complete the installation Failed Update downloaded and an attempt made to install but install failed

23 Workstation Management Local Account Report Monthly Automated Delivery for AGNET Domain Systems IT Managers should review Remediate any extraneous, guest or unused accounts