Educause Security Discussion mailing list archives
Re: Secure Server Procedure
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Tue, 27 Feb 2007 11:55:29 -0700
Some ideas... You can find standards for securing servers from Microsoft (online) from CIS (Center for Internet Security) and from NIST that I think are helpful. Another way to approach it would be to design a solution that assures passing the full PCI standard, that's a really good base for secure operations. What you need to do is match these to your objectives and services and pick what's best aligned to your goals, objectives, and the tactics in place - perhaps something like ISO 20002:2007 type standard (or something from NIST) could inform the selection of controls and the baseline that best fits your effort. The CIS tools allow you to productionalize the distribution of policy, so they may be as helpful as anything in that they not only give you a standard (which you can alter) but a method for enforcing and pushing it out. I'm not an admin nor have I had to do this, I'm just repeating the line from the whitepapers and the industry as I've read it on the above. I have used all these sources to some positive end on creating agreement for security standards. If nothing else there is a good basis for commendable practice in them. It seems that the CIS stuff is all about what you are trying to accomplish. Best wishes, Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** -----Original Message----- From: Charlie D. Kutil [mailto:kutil () TAMHSC EDU] Sent: Friday, February 23, 2007 10:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Secure Server Procedure We are defining some new servers that we wish to classify as Secure Servers. We have a policy in place for server hardening, however we do not have a step based procedure or checklist. Is anyone willing to share their procedure for developing a Secure Server? Thank you, Charlie Kutil Charlie Kutil, M.P.H., CISSP Information Policy & Security Officer Office of Information Technology (OIT) Texas A&M Health Science Center Coastal Bend Health Education Center (O) 361-825-2805 (C) 361-876-3781
Current thread:
- Secure Server Procedure Charlie D. Kutil (Feb 23)
- <Possible follow-ups>
- Re: Secure Server Procedure Chad McDonald (Feb 27)
- Re: Secure Server Procedure Brian Smith-Sweeney (Feb 27)
- Re: Secure Server Procedure Casas, Victoriano (ISO) (Feb 27)
- Re: Secure Server Procedure Jim Dillon (Feb 27)