Security Basics mailing list archives
Server Configuration Standards
From: "Tony Toni" <tony572000 () hotmail com>
Date: Thu, 23 Jan 2003 03:26:43 +0000
Hi,How many of you have very specific configuration standards for the various flavors of Windows and UNIX production servers? We have high level 3 page standard for both the Unix and Windows platforms. This is about to change as a result of recommendation from a consultant.
A private consultant has convinced our CIO that we need very detailed configuration standards for each server platform (ie AIX, Solaris, Win2k, NT, etc). He has provided us the requirements for each platform that is about 5 to 20 pages long . We have about 700 production servers that includes just about every flavor of Unix/Window/Linux.. It has been like pulling teeth trying to get our admins to operate in a secure and controlled environment...it is like the wild west. One of the work goals assigned to me by the CIO is to help ensure the successful adoption of these polices. I will be sort of a like a project manager but have no enforcement authority. I know that it is going to be an up hill battle.
Does your company have detailed configuration requirements for servers? What are the operational challenges in doing this? What are some good arguments I can use to persuade the admins that this is not an impossible task.
Tony CIA,CISA,CDP,MBA Security and Audit Services Nations Banking & Trust _________________________________________________________________MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Current thread:
- Server Configuration Standards Tony Toni (Jan 24)