Server Management
Program Review / Training
To Review SMP structure, requirements, logistics To increase quality and benefit of documentation Provide/review examples and upgraded templates
Unit IT Managers are accountable for comprehensive application of SMP
within the unit
SMP: Document Repository
& Update Cycles
SMP Portal is where all required documents are to be
stored
https://agrilife-smp.tamu.edu
Updates for annual documents are due by Oct 31
st Monthly, Quarterly documents are due at end of each cycle
Will be assumed content is always here and up to date
SMP: Document Naming
Conventions
Templates provided in Template Zip – Do not change names
Examples:
AccountManagementLog.docx
DisasterRecoveryPlan.docx
Use Portal Checkout and Check-in Functionality (
Demo)
Up to 4 years of past documentation will be maintained for state
SMP: Documentation
Grouping
Many units manage groups of servers with the same process
and tools.
For systems that are managed this way one document (e.g.
Disaster Recovery) can be created to cover all servers with the
same procedures
Document should clearly list the DNS name for all the individual
SMP: Procedures & Logs
SMP consists of both Procedure documents and Logs Procedures should be written with enough detail to accommodate someone else performing the process (see examples)
Logs should at a minimum identify who, when, what was performed and the associated server(s)
Procedures require scheduled annual reviews to maintain familiarity and verify process viability with noted changes formally documented immediately
SMP: What Requires
Documentation?
The system will be SERVING a function to PUBLIC
(i.e. web server, file server, video server, workstation with LAMP etc.)
It is running a known server operating system
(
may require review of build/version edition information to determine)
System is SERVING a function to INTERNAL user base
(i.e. web server, file server, video server, etc.)
Not a server but may still need account and patch
SMP: SERVER/DOCUMENT
INDEX
Each Unit should maintain updated Server/Document Index
SERVER-INDEX.xlsx (see required template)
Template facilitates SMP, MRT, ISAAC and System Audit Needs List Servers, Classify Server, fill in remaining detail
SMP: Backup Procedure
Documentation
Goal : Protect specified data in a scheduled manner enabling quick and
efficient restoration
Procedures should identify all backup solutions, the associated
hardware/software, data that is backed up, specific steps to setup the backup process and to recover the data
Backups should be tested monthly and the recovery process tested annually
with testing dates and results noted in log (DisasterRecoveryBackuplog.docx)
Documented process of backup, recovery and testing procedures required
SMP: Disaster Recovery
Documentation
Goal : Minimize negative operational impacts by identifying critical systems,
prioritize their recovery, define steps to reconfigure and recover these systems to normal operation
Procedures should include procuring replacement parts, access to
necessary media and backups, steps for restoring/restarting systems and checking system/application functions
Procedures should be tested annually with testing dates and results noted in
log (DisasterRecoveryBackuplog.docx)
Documented process of recovery and testing
SMP: Account Management
Documentation
Only required for non-AGNET Servers
Must have documented Account Management Procedure including
steps for account creation, change and removal (Example)
Account Management template specifies minimum tracking
information (AccountManagementLog.docx) necessary to log both creation
and removal of accounts
Reviews should occur to identify inactive (90 days) or former
employee accounts potentially missed during off boarding
Reviews are to be logged with changes noted per
SMP: Security Monitoring
Goal : Review logs, etc. to identify unusual events that may indicate malicious
activity
Procedure should include steps for reviewing
Failed login attempts
Login attempts from foreign countries for legitimate accounts associated with
faculty/staff not traveling overseas
High resource consumption of disk space or high system processor utilization Large number of failed job executions
Reviews should occur weekly for mission critical systems, monthly for non-mission critical systems with each review and its results logged(SecurityMonitorLog.docx)
SMP: Physical Security
Goal : Monitor physical access to servers and network equipment
Procedure should include steps for obtaining access to server room and whether escorted access is required
If not using a key card swipe system must have a log sheet in room (PhysicalSecurityAccessLog.docx)
List of those provided room access via cards/keys must be reviewed and renewal required at least once a year
Documented process for obtaining access required
SMP: Change Management
Goal : Establish standardized, efficient methods for managing change
Procedure should establish regimented steps for change requests spanning from the initial inquiry to
notification of completion
Changes must be logged (ChangeManagementLog.docx) when any of the following occurs on a server:
Configuration change in hardware or software
Relocation of a server
Network configuration change
Software installation, removal or reaffirmation (reaffirm need for software annually)
Patch/updates applied to server
SMP: Confidential
Information
Identity Finder now available at no cost from sell.tamu.edu Scan should be performed annually at a minimum
Each scan should be logged with findings and remediation steps noted (ConfidentialInfoScanLog.docx)
Any violations must be logged and reported to AIT ISO immediately
Servers persisting confidential information must be authorized by the ISO and
TAMU System ISO, per System policy, prior to the storage commencing
Identity Finder Installation available via AGNET domain on a scheduled basisSMP: ISAAC Risk
Assessment Process
ISAAC REPORTS should cover ALL SERVERS and ALL WORKSTATIONS within your unit, no matter where they are located, funding source or owner.
Unit IT Manager is accountable for comprehensive ISAAC assessment for
unit.
All units will be required to send completed reports to AIT for QA review 2 WEEKS PRIOR TO UNIVERSITY DEADLINE
Any remediation resulting from ISAAC will be coordinated through the AgriLife ISO
Starts September 1 and ends November 22
SMP: Patch Management
Business owner or administrator, representing each server, must attend the monthly Information Systems Security meeting
Critical patches/updates must be applied as identified
Operating system and application software patches/updates must be applied and confirmed on a monthly basis
Patch/update installation must be logged in the Change Management log (ChangeManagementLog.docx) for servers not using AGNET WSUS or Red Hat subscription services
SMP: Vulnerability Scanning
and Remediation
Goal : Perform scan on all systems to detect and remediate vulnerabilities
Systems monitored by AIT Nessus scanner are provided with monthly report via email
Campus systems not reachable by AIT Nessus scanner can either utilize the CIS Nessus
scanner or if no active scanning being performed a documented Risk Assessment Review report must be created
Vulnerabilities should be reviewed, remediation scheduled and results logged
(VulnerabilityScanLog.docx)
Generally less than 30 days
For more high/critical ASAP timeframe
Accountabilities of Unit IT Manager
Facilitator for entire unit even if not managing a server
Must assist or source solutions to resolve vulnerabilities of all unit servers
Alternatively, recommend to unit head alternative solution/resource
Workstation Management:
WSUS
Windows Server Update Service (WSUS) available to all
departments and centers with update policy selected by adding
computer to a group
Three policy setting options available via groups
Default: automatic patch download, install and reboot
WSUS-NoReboot: automatic patch download, install with manual reboot WSUS-Servers: automatic patch download, manual install and reboot
Note: Do not rename, delete or remove any of the groups
Workstation Management:
WSUS
Default for all policies
Computer checks for updates 3 am nightly
If computer is not powered on at 3 am service will attempt updates 2-3 hours after the system is powered on
- Under these circumstances options 1 & 2 automatically install updates after download and then prompt for reboot on hourly basis. User has option to defer reboot.
Automated Report
Emailed third Tuesday of each month
Provides patch status for computers that have ‘checked in’ within the last 30 days and that have outstanding patches
Workstation Management:
WSUS
Report entries include computer name, …..
Security bulletin (SB) is a notice, sent upon release, detailing the release date, issue(s) addressed, actions to take, software impacted, etc.
(Example: MS13-047 – 13 indicates release in 2013, 47 indicates sequence number of patch)
Knowledge Base (KB) is same content as security bulletin but filed in MS system for reference and may have additions over time to reflect new data, etc.
(Either SB or KB may be ‘Googled’ to view the specific details)
Severity rating indicates the impact of vulnerabilities addressed by patch Statusindicates progress of patch install for system
Workstation Management:
WSUS
Severity Ratings
Critical – Vulnerability whose exploitation could allow code execution without user interaction. (apply immediately)
Important – Vulnerability that could result in compromise of confidentiality, integrity or availability of user data or processing resource. (apply asap)
Moderate – Vulnerability whose impact is mitigated significantly by factors such as authentication requirements, etc. (apply time dependent on factors impacted)
Low – Vulnerability’s impact mitigated by characteristics of affected component Unspecified – Vulnerability does not have a severity rating
Workstation Management:
WSUS
Status
Not Installed – An attempt to install the patch has not been made at time of report generation.
Downloaded – Update downloaded and is sitting on system waiting to be installed Installed Pending Reboot – Update downloaded, installed and requires reboot to
complete the installation
Failed – Update downloaded and an attempt made to install but install failed
