Server Configuration Standards

["Tony Toni" <tony572000 () hotmail com>]

Hi,

How many of you have very specific configuration standards for the various 
flavors of Windows and UNIX production servers?  We have high level 3 page 
standard for both the Unix and Windows platforms.  This is about to change 
as a result of recommendation from a consultant.

A private consultant has convinced our CIO that we need very detailed 
configuration standards for each server platform (ie AIX, Solaris, Win2k, 
NT, etc).  He has provided us the requirements for each platform that is 
about 5 to 20 pages long .  We have about 700 production servers that 
includes just about every flavor of Unix/Window/Linux..  It has been like 
pulling teeth trying to get our admins to operate in a secure and controlled 
environment...it is like the wild west.  One of the work goals assigned to 
me by the CIO is to help ensure the successful adoption of these polices.  I 
will be sort of a like a project manager but have no enforcement authority.  
I know that it is going to be an up hill battle.

Does your company have detailed configuration requirements for servers?  
What are the operational challenges in doing this?  What are some good 
arguments I can use to persuade the admins that this is not an impossible 
task.



Tony CIA,CISA,CDP,MBA
Security and Audit Services
Nations Banking & Trust




_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus