UAlbany Network Server Standards & Compliance Procedures
*in PDF format
Introduction
The purpose of this document is to identify a set of standards that server systems must meet in order to operate on the University at Albany's Network. This document is not intended to impart all knowledge required to operate or secure a server, but rather identify topics of concern common to most if not all System Administrators and the server systems they manage.
What is a Server?
Any machine which intentionally has services open to other computers on the network is considered a server. It is also presumed that each server will be actively administered by a system administrator, who should ensure that the server complies with the University at Albany Server Standards outlined below. Please note that any services which are open on a computer create potential security problems and in general, should only be run on a designated server system.
UAlbany Network Server Standards
In order to run a server system on the UAlbany Network the following standards must be met:
1. The server must be accounted for in NetReg with ownership and contact information clearly indicated.
2. The server must be managed by at least one system administrator(1).
3. The server should be running a current(2) operating system as well as a current version of the service.
4. Patches(3) should be evaluated and applied in a timely fashion by the System Administrator.
5. The server should be configured in a secure manner (4) .
6.The server owner must respond to Server Inventory notices and indicate whether the system holds protected data(4).
7. If the server holds protected data,(5), it must meet all regulatory requirements.
8. Only properly licensed software should be run on the server.
9. The server or service must not interfere with any UAlbany Enterprise services for example; DHCP and Wi-UAlbany.
Preparing a Server for the UAlbany Network
Procedures for running a server on the U. Albany Network
1.1 Verify that your computing needs are not already met by U. Albany ITS or department servers.
1.2 Assign a system administrator to setup, maintain, and monitor the machine.
1.3 Take appropriate precautions during the installation of a server and/or software.
1.4 Check environmental and physical controls.
1.5 Install a current version of the OS and service(s).
1.6 Perform and validate backups and archives.
1.7 Turn on logging.
1.8 Disable default accounts and sample scripts.
1.9 Only activate/operate needed services.
1.10 Restrict network access.
1.11 Setup only secure methods of authentication.
1.12 Use strong pass phrases for administrator-level accounts.
1.13 Employ vulnerability scanning and file integrity checks.
1.14 Designate your server as a server system in NetReg.
Maintaining Services & Security on a UAlbany Server
Staying Connected, Ongoing Maintenance
2.1 Review service logs and backup logs regularly.
2.2 Periodically review running services and evaluate the continued need for those services/server(s).
2.3 Apply vendor/community provided updates regularly for both the OS and applications.
2.4 Regularly monitor and maintain all user accounts.
2.5 Maintain current registration information in NetReg.
Additional Information:
Below you will find links to various sites containing information about secure configurations, scanning tools, patches and updates for various operating systems and software. Some patches and updates may only be available if you have a support contract.
Preparing a Server for the UAlbany Network: Details
1.1 Verify that your computing needs are not already met by U. Albany ITS or department servers.
Before you decide to undertake the task of installing, configuring, securing, and operating your own server on the U. Albany Network, check that the services you require are not already being serviced by Information Technology Services, or your own department's server systems. Your department's Technology Coordinator should be able to assist you in this.
1.2 Assign an administrator to the machine
In today's quickly changing world of Information Technology, someone must be assigned to properly manage a server. Their responsibilities include keeping up to date with security issues and assuring the system's availability and reliability. This individual must be responsible for keeping the system up to date and taking any precautions necessary to maintain a secure system, otherwise the system may quickly fall victim to some form of attack.
1.3 Take appropriate precautions during the installation of a server and/or software
Unfortunately in today's computing environment, by the time installation media reaches you from the manufacturer, it may already be vulnerable to a known and available exploit. As such, we suggest that when setting up a new server you do so in a protected environment. This will allow you to download patches but it does not expose you to would-be hackers looking for your machine.Consider the use of a hardware firewall, automated installation using patched media, or installation of the server system and/or software and any required patches "off-line."
1.4 Check Environmental and Physical controls
When configuring a server system, it is important to consider the location of the server. A server must have a location which will not only provide the appropriate power and cooling, but provide a means for physically securing the server. In order to ensure the security of the data contained on the server, the machine itself must be secured. This can best be accomplished by housing servers in a separate “server room” with restricted access by key or id-card. Otherwise potential attackers who may have physical access can simply walk away with your sensitive data. Generally any machines which are in public areas should not be considered physically secure.
1.5 Install a current version of the OS and service(s)
If you are using an operating system or software which is no longer supported by a vendor or community effort, your servers may have several known and un-patched exploits and vulnerabilities.
If you absolutely need to run an old OS or software for some reason, a hardware firewall may be the best solution. The University offers hardware firewalls for such systems. Information, including the cost for the service can be found at: http://www.albany.edu/its/telecommunications_firewall_service.htm
PLEASE NOTE: If a server is found to be exploited due to the use of an old OS or Software, the machine will not be allowed back onto the network until the OS and/or software is upgraded and/or a hardware firewall is put in place.
1.6 Perform and check backups and archives
No server system can be complete without backups. Not only are they good as a matter of practice but they can be vital in restoring the security and data integrity of a damaged or compromised server system. In the event that a machine is compromised you may have no choice but to revert to previously backed up copies of various data. As such it is important that each server have a backup schedule and that backups are tested on a regular basis to ensure the integrity of the data.
1.7 Turn on logging
In order to effectively monitor the security and integrity of your server, you should enable reasonable logging of events.Logging of server activity, including but not limited to Internet traffic, can show patterns of activity and identify abusers of your server, allowing you to take action to deny service to those abusers. Additionally, once you have a baseline for "normal" events, you can identify anomalies which could be linked to a compromise of your server.
Regular monitoring of server logs can greatly improve the security of your server.
1.8 Disable default accounts and sample scripts
Any account you have on your system is a potential doorway for intruders to walk right in. Default accounts give the attacker the advantage of knowing where the door is. Disabling default accounts gives you a little extra security and is a good precaution. Most modern operating systems do not install default exploitable accounts, however, several software packages do. An example is Oracle, a database product that installs several default accounts and passwords which must be changed before the server is exposed to the Internet. Also note that software may contain sample scripts or test configurations which are not designed for production use and these should be disabled and/or removed before the server's configuration is complete.
1.9 Only activate/operate needed services
Every service you run on a server carries its own potential vulnerabilities and security issues. If you are not using a running service you are unnecessarily exposing the machine and increasing your workload. The last thing you want is to have your server hacked because of a service you weren't even using. Keep an eye out for default services which may be running on a newly installed system, or come with newly installed software. Often these services need to be configured so that only the appropriate personnel are using them.
1.10 Restrict network access
Consider the use of a firewall or host-based filtering software. A vendor provided firewall provides you with an extra level of security by allowing you to restrict access to those ports you open. Similarly, host-based filtering software such as ipfilter and tcpwrappers can assist in ensuring that only those machines that have legitimate reasons for connecting to the server will be given access.
1.11 Setup only secure methods of authentication
Currently, authentication comes in many flavors: something you know (e.g., password), something you have (e.g., RSA token), or something you are (e.g., fingerprint). Systems that employ more than one of these use multi-factor authentication. No matter which one you choose, make sure that you use it securely. Even secure authentication needs to be maintained or it ceases to be effective.
Passwords:
The most common type of authentication, passwords offer the advantages of being free and easy to set up. However, in order for passwords to be secure they should follow these guidelines:
- They should not be used over insecure protocols (e.g., telnet, FTP, HTTP). If you use passwords over these protocols, they are not secure. The passwords are sent in plain text over the network to reach their destination. Use secure protocols for password authentication such as ssh.
- You should use complex passwords or long pass phrases for all accounts. Simple passwords are vulnerable to guessing and dictionary attacks.
- Keep your password confidential. The only value your password has is its confidentiality; once that is compromised, it is worthless.
ID-Card/SmartCard:
Cards which contain integrated circuits capable of authentication can be purchased from various security companies. As with biometric identification, the cost and use of such systems should be weighted against the need for security.
Biometric Identification:
Various biometric identification systems are available which use a variety of methods to authenticate an individual.
1.12 Strong pass phrases for administrator level accounts
In order to keep your services secure, you have to be certain that only those authorized have access to administrator accounts. Administrator accounts have access to anything on the server and if an administrator account is compromised it is very serious.
The use of a pass phrase is suggested where possible*. This is due to the simple fact that the longer your authentication credential is, the more difficult it is to crack. A pass phrase is a set of words at least 20 characters in length. Titles, lyrics, lines from a poem, these examples all work as pass phrases.
The advantage to a pass phrase is it's length. It can be made even more secure by using special characters, numbers, and capitalized letters. The end result is a pass phrase that is easy to remember and has better security features by virtue of its length than a shorter, complex password.
*Some systems truncate passwords/pass phrases at eight characters, reducing the security of the password/pass-phrase, so verify that the system you are using supports pass phrases if you plan on using them or recommending them to your users.
1.13 Vulnerability scanning and file integrity checks
In today's connected environment, routinely scanning your servers helps you to better understand running services and potential problems that they may present. There are many tools available for scanning a server. Two popular Administrator tools for the network scanning of your server are NMAP and Nessus. Both allow you to identify open ports/running services so that you can audit those running services and be aware of what should be running on your server. Nessus goes one step further in that it is a penetration testing utility that attempts to identify vulnerabilities and offers information on closing those vulnerabilities. (You can find links for these tools in the “Where to go for more information” section of this document.)
In addition to network scans you should also consider the use of file-integrity checking software. There are several products in this arena and each Administrator will have to find one that suits their needs. It is vital that one regularly check the integrity of system data as even the most well-managed machine may one day be exploited. Depending on the nature of the attack, file integrity checks may be the only way to detect the intrusion. Examples of such software include but are not limited to:
Tripwire - http://www.tripwire.com/
Veracity - http://www.rocksoft.com/veracity/
1.14 Designate your server as a server in Net-Reg
Designating your system as a server allows us to take the extra steps necessary in notifying you of a problem if your system is ever exploited. This will allow us to more quickly get in touch with you to resolve the situation, minimizing exposure and disruption of services.
Maintaining Services & Security on a UAlbany Server: Details
2.1 Review service and backup logs regularly
Unless system and backup logs are reviewed regularly they have no value as a detective control. Additionally, if you review your service logs regularly, you may be able to stave off an attack or notice a weak point in your security before it becomes a problem. Making sure that your backups are completed successfully is vital to assuring that you have the ability to restore any critical data.
2.2 Periodically review running services and evaluate the need for those services/server
It is vital that you periodically evaluate the actual need for running services and/or servers. If a service is no longer being used and you cannot see a reason for that service to be running, stop it. It will be one less thing to worry about and one less point of attack on your server system. If a server is no longer required, shut it down. It is natural to neglect a server that no users are actively utilizing. Unfortunately, this makes your server a prime target for hackers seeking to exploit un-patched and unattended machines.
2.3 Apply vendor/community provided updates regularly
Installing a current OS is great, but if you do not keep up with vendor/community provided updates, your system will quickly become insecure again. Most vendors and on-line-communities provide methods to install updates. Please see your vendor/community's documentation for details.
2.4 Regularly monitor and maintain all user accounts
A crucial part of maintaining a server's security is maintaining its accounts. Once an account is no longer needed it should be removed or disabled so that it does not provide an access point into the server. Additionally, it is also helpful to regularly audit users on the machine to see if there are accounts that were never authorized as this could be a sign of a security breach.
2.5 Maintain current registration information
In the future, NetReg will require the renewing of a system's U. Albany Network Registration. Currently, keeping the information up-to-date ensures that we have the right contact listed for the server you are maintaining. It also ensures that you will be contacted as soon as possible if we detect a possible problem.
1) A system administrator in this context is defined as an individual who is in charge of the setup, maintenance and ongoing operation of a computer or other networked server.
2) The term "current" is used to define an Operating System and/or Service which is maintained by either a vendor or community to ensure that identified vulnerabilities or performance issues are dealt with in a timely manner.
3) Patches refer to any updates available for the Operating System and Software installed on the server system.
4) "Secure manner" refers to the procedures outlined in the "Preparing a Server on the U. Albany Network" section.
5) "Protected data" refers to any data which falls under regulatory requirements such as, but not limited to; HIPAA, FERPA, GLBA, and the NYS Information Security Breach & Notification Law.
|