|
|
Security
Tips for IT
General
Security
Also,
Windows, Linux
& Solaris
Best Practices
Account Security
- Access to your account on any system by another party is prohibited
- Accounts are equivalent to signing your name on a tangible document.
Anything done with these accounts under your name is your responsibility and
you may be liable for it.
- Accounts setup for group use is
prohibited
Auditing
- Review
security event logs on a regular basis
- It
is useless to generate event logs if one is not going to monitor them
Backups
- Perform full backups weekly
- Store full backups offsite
in a secure location (NOT at home) at least once per month
- Periodically test the backups for integrity
Business Resumption Plan
- Each college, school or department should have a business resumption
(continuity) plan - COOP
- In case of a disaster, such as a hurricane, you need to have critical
systems back on-line as quickly as possible
- Keep good inventory
Drive Mapping
- Administrators must take precautions when
logging into workstations that have drive mappings to their servers. Many
viruses will propagate using the mapped drive. If an administrator has full
access to servers and logs-in to a workstation that has a drive mapped to a
server, and the workstation happens to be infected with a worm, it may
infect the server as well.
- Administrators should use an account
with limited permission to servers when troubleshooting a workstation.
Or, have the regular user login to the workstation
FTP, SSH and Web Servers
- Disable anonymous FTP
- Disable version banners
- Set filters/wrappers
based on IP addresses to deny access to unwanted hosts
- Run these services/applications with user
permissions other than
administrator or root
Hardware Disposal
- When disposing magnetic media such as hard drives, diskettes, or tapes,
make sure that they are properly erased first
- Physically
destroy the device if necessary
- Use software
to wipe the drive, such as
Install Latest Patches
- Install all vendor recommended
service and security patches
- To accomplish this in an automated way
for common operating systems, please check the Security
Tools page
- Links to web sites to obtain current patches for
your operating system:
Modems
- Modems on
systems which are also attached to the UCF
network is strictly prohibited
- Unmanaged or poorly managed desktop/server modems pose a risk to UCF
Passwords
- Use strong
passwords containing at least 6 to 8 random
characters that are comprised of letters,
numbers, and symbols.
- Strong passwords
must be used on system accounts and, if
necessary, additional passwords for applications
containing sensitive or potentially sensitive
data
- Never share passwords with anyone
- Change passwords at least every sixty (60) days
SSH (Secure Shell)
- Use SSH instead of Telnet or rlogin
- Disable Telnet
where possible
- A good program to use is Putty. Download here
Time Synchronization
- To effectively investigate compromises or security incidents it is
necessary to have clocks synchronized to a common system (NTP - Network Time
Protocol)
- UCF Time Servers:
- time.ucf.edu
-
pegasus.cc.ucf.edu
-
aquarius.cc.ucf.edu
Anti-Malware
- All systems must run an anti-virus
and anit-spyware software package
- Make sure to budget to renew
your antivirus definitions service on a yearly basis. Many programs come
with one free year of upgrades, but you need to budget (usually <
$15) to keep your antivirus upgrade access current.
- Definition
files should be checked on daily basis.
- Inform systems administrators as soon as a
malware has been detected
- Check Security Tips for Everyone
for further tips.
Firewall
- All systems must have a firewall software
installed and enabled
- Build-in firewall on Windows XP or
Vista is sufficient
- On UNIX systems use IPfilters.
Windows Best Practices
- Read UCF Security
Policy
- Review Computer
Security Standards
- Subscribe
to security web sites, such as Microsoft’s
Technet
- Insure
that all critical data is stored on NTFS partitions
- Verify
that the Administrator account has a strong password
- Prevent
Null user sessions
- Unbind
unnecessary protocols
- Remove
additional OS installations. Install only what you need
- Always
install the latest security patches available from the vendor. See
above.
- Update
your operating system regularly – crackers take advantage of
vulnerabilities reported by vendors
- Disable
unnecessary services. Run only the services that are necessary
- Turn
off auto run for CD-ROM
- Review
security event logs on a regular basis
- Make
frequent backups
- Turn on
Built-in firewall
- Install
ani-malware software
Above
Linux Best Practices
- Read UCF Security
Policy
- Review Computer
Security Standards
- Subscribe
to security web sites and mailing lists (i.e., www.securityfocus.com,
www.linuxsecurity.com,
etc.)
- Change
or disable passwords for all default accounts
- Make
sure you choose a secure password for root
- Install
sudo to enhance control over root access
- Always
install the latest security patches available from the vendor. See
above.
- Update
your operating system regularly – crackers take advantage of
vulnerabilities reported by vendors
- If
you are using Red Hat Linux, use up2date to update your system
packages
- If
you are using Debian, use apt-get to update your system packages
- Disable
all network services in /etc/inetd.conf and enable only those you
need
- If
you are using Redhat, make sure to disable the linuxconf line in
inetd.conf (if it exists)
- Check
your runlevel startup files to make sure things you don't want are
not starting up.
- Example:
For System V-like systems, this would be in /etc/rcX.d, where X is
the value of the runlevel your system boots into by default.
For BSD-like systems, this would be in /etc/rc.common or
/etc/rc.
-
Check your
system documentation if unsure of your init system.
- Disable
RPC (portmap, etc) unless you need Sun services
such as NFS
- Disable
LPD unless you need to use the machine for printing purposes
- Install
Secure Shell (Open SSH) for remote access
- Consider
using tcp wrappers to control access to your machine over the
network
- Remove
/etc/hosts.equiv
- Control
remote access to system by modifying /etc/hosts.allow and /etc/hosts.deny
- Make
sure you are running the latest version of Sendmail. You may
consider using Postfix, Qmail, or Exim
- If
you are running an ftp daemon, consider using Proftpd
- Make
frequent backups
Above
Solaris Best Practices
- Read UCF Security
Policy
- Review Computer
Security Standards
- Subscribe
to security web sites (i.e., www.securityfocus.com)
- Change
or disable passwords for all default accounts
- Make
sure you choose a secure password for root
- Always
install the latest security patches available from the vendor. See
above.
- Update
your operating system regularly – crackers take advantage of
vulnerabilities reported by vendors
- Disable
all network services in /etc/inetd.conf and enable only those you
need
- Remove
startup scripts for sendmail and web servers if you don’t need
those services
- Make
sure you are running the latest version of Sendmail. You may
consider using Postfix
- You
should be especially careful with the r-services. They are often not
needed and can pose a significant security risk
- Use
the Secure Shell (SSH) instead of telnet
- Control
access to your machine by installing both tcp wrapper and Wietse
Venemaís version of portmap for SunOS or rpcbind for Solaris
- These utilities cover different groups of network services,
so you need both of them
- Run
syslog, and save the output
- Consider
installing and running swatch, which will notify you when specified
events happen. Even if you decide not to run swatch, syslog output
can be very useful in tracing an incident once it happens
- Remove
/etc/hosts.equiv
- Do
not have a .rhosts file without good reason
- If
you are running ftp daemon, consider using Proftpd
- Make
frequent backups
Above
|
