Time
2 hours 23 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:01
Welcome back to I t. Security Policy Training here on Cyber Eri.
00:05
We're continuing with module for server security policy with Troy Lemaire.
00:15
If we look at their learning objective for this training, it'll be general requirements, configuration requirements and monitoring.
00:24
Now, if we look at this Sand's sample policy on Service care policy
00:29
overview is unsecured available. Servers continue to be a major entry point for malicious threat. Actors,
00:35
assistant server installation policies, ownership and configuration management are all about doing the basics well.
00:43
And if we get into the actual policy itself, the general requirements all internal servers deployed at the company must be owned by an operational group is responsible for system admin.
00:52
So basically, what it's saying is somebody, whether it's within the I T department or its outside of the I T department, needs to be responsible for that server. N b. A system administrator. What you don't want to have is a server that is basically caught in limbo. I t doesn't claim it
01:10
within the business. Using the business unit doesn't claim it either, and so therefore it will be missing patches
01:15
whenever thinks break it, nobody will be there to troubleshoot it
01:19
things like that.
01:22
Each operational group must establish a process for changing the configuration guides, which includes a review and approval by info. Sick following up
01:30
items must be met.
01:30
Servers must be registered within the corporate enterprise management system. At a minimum, the following information is required
01:38
positively Identified. The point of contact
01:41
server contacts and locations in a backup contact, hardware and operating system and version and the main function and applications if applicable
01:49
for security compliance and maintenance purposes. Authorized personnel may monitor an audit, equipment, systems, processes and network traffic for the audit policy
02:00
configuration requirements.
02:01
Operating systems
02:02
configuration should be in accordance with approved
02:06
if we'll set guidelines.
02:07
Service's and applications that will not be used must be disabled where practical
02:13
access the service is should be log and are protected through access control methods such as Web applications, bar walls
02:19
and the most recent security patches must be installed in the system as soon as practical.
02:23
Trust relationships between systems are security with risk and there you should be avoided.
02:29
Always use standard security pact principles for of least required access to perform a function.
02:36
The methodology for secure channel connection is available.
02:39
Privilege accounts must be performed over secure channels. Servers should be physically located in an access controlled environment,
02:46
and servers are specifically prohibited from operating from uncontrolled cubicle areas.
02:53
Now I'm looking at monitoring all security related events. On critical are sensitive systems must be logged. An audit trail saved as follows
03:01
logs will be kept online for a minimum of one week. Incremental tape backups will retain for at least one month
03:07
and then weekly and monthly backups. Now,
03:10
if you're not using backup tapes anymore and everything is digital, you're gonna need to go in here and modify that to not say tape backups and say daily, incremental backups through digital media or something. To that extent,
03:23
purity related in Vince must be reported to info sect, and they will review the logs and report incident toe I t management.
03:30
And this is where you're gonna have to modify these things so port scan attacks evidence of unauthorized access to privileged accounts. Port scans are pretty commonality. So that was happening all the time. So that my number you want him that you wanna put on there
03:46
because it could occupy a lot of your time
03:50
anomalous occurrences that are not related to specific applications on the host would be another one that would, you might need to be reported
04:02
so in summary in today's brief lecture, we talked about service security policy,
04:06
and we looked at the general requirements, the configuration requirements and the monitoring
04:15
server Security policy. Recap question. All in internal servers deployed at
04:18
whatever company it is must be owned by a blank blank that responsible for system administration
04:25
that would be an operational group.
04:30
Another recap Question Service's and applications that will not be used must be blank, where practical
04:38
and that would be disabled.
04:41
And again, the reason you would disable something is if you have a certain type of Telenet connection that is not needed on that machine at all. Don't leave it open for somebody to come in and try to attack that machine via telnet. If it's disabled, they will never be able to get in through that method. That's the reason that you wanted to save all these things.
05:00
Looking forward in our next lecture, we're gonna look at service security policies, and it'll be the work station policy.
05:08
As always, you have questions, you have clarification needed.
05:12
You can reach me on side. Very message. My user name is at Troy Lemaire. And thank you for attending this side. Very training.

Up Next

Introduction to IT Security Policy

Introduction to IT Security Policy, available from Cybrary, can equip you with the knowledge and expertise to be able to create and implement IT Security Policies in your organization.

Instructed By

Instructor Profile Image
Troy LeMaire
IT Security Officer at Acadian Ambulance
Instructor