2 hours 23 minutes
Welcome back to I t. Security Policy Training here on Cyber Eri.
We're continuing with module for server security policy with Troy Lemaire.
If we look at their learning objective for this training, it'll be general requirements, configuration requirements and monitoring.
Now, if we look at this Sand's sample policy on Service care policy
overview is unsecured available. Servers continue to be a major entry point for malicious threat. Actors,
assistant server installation policies, ownership and configuration management are all about doing the basics well.
And if we get into the actual policy itself, the general requirements all internal servers deployed at the company must be owned by an operational group is responsible for system admin.
So basically, what it's saying is somebody, whether it's within the I T department or its outside of the I T department, needs to be responsible for that server. N b. A system administrator. What you don't want to have is a server that is basically caught in limbo. I t doesn't claim it
within the business. Using the business unit doesn't claim it either, and so therefore it will be missing patches
whenever thinks break it, nobody will be there to troubleshoot it
things like that.
Each operational group must establish a process for changing the configuration guides, which includes a review and approval by info. Sick following up
items must be met.
Servers must be registered within the corporate enterprise management system. At a minimum, the following information is required
positively Identified. The point of contact
server contacts and locations in a backup contact, hardware and operating system and version and the main function and applications if applicable
for security compliance and maintenance purposes. Authorized personnel may monitor an audit, equipment, systems, processes and network traffic for the audit policy
configuration should be in accordance with approved
if we'll set guidelines.
Service's and applications that will not be used must be disabled where practical
access the service is should be log and are protected through access control methods such as Web applications, bar walls
and the most recent security patches must be installed in the system as soon as practical.
Trust relationships between systems are security with risk and there you should be avoided.
Always use standard security pact principles for of least required access to perform a function.
The methodology for secure channel connection is available.
Privilege accounts must be performed over secure channels. Servers should be physically located in an access controlled environment,
and servers are specifically prohibited from operating from uncontrolled cubicle areas.
Now I'm looking at monitoring all security related events. On critical are sensitive systems must be logged. An audit trail saved as follows
logs will be kept online for a minimum of one week. Incremental tape backups will retain for at least one month
and then weekly and monthly backups. Now,
if you're not using backup tapes anymore and everything is digital, you're gonna need to go in here and modify that to not say tape backups and say daily, incremental backups through digital media or something. To that extent,
purity related in Vince must be reported to info sect, and they will review the logs and report incident toe I t management.
And this is where you're gonna have to modify these things so port scan attacks evidence of unauthorized access to privileged accounts. Port scans are pretty commonality. So that was happening all the time. So that my number you want him that you wanna put on there
because it could occupy a lot of your time
anomalous occurrences that are not related to specific applications on the host would be another one that would, you might need to be reported
so in summary in today's brief lecture, we talked about service security policy,
and we looked at the general requirements, the configuration requirements and the monitoring
server Security policy. Recap question. All in internal servers deployed at
whatever company it is must be owned by a blank blank that responsible for system administration
that would be an operational group.
Another recap Question Service's and applications that will not be used must be blank, where practical
and that would be disabled.
And again, the reason you would disable something is if you have a certain type of Telenet connection that is not needed on that machine at all. Don't leave it open for somebody to come in and try to attack that machine via telnet. If it's disabled, they will never be able to get in through that method. That's the reason that you wanted to save all these things.
Looking forward in our next lecture, we're gonna look at service security policies, and it'll be the work station policy.
As always, you have questions, you have clarification needed.
You can reach me on side. Very message. My user name is at Troy Lemaire. And thank you for attending this side. Very training.