Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Back to the original question - what is a Sys Admin?

From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 3 Apr 2006 15:17:37 +1000

Hello Mattias,
If you want to become a (Unix/Linux) Systems Administrator, you should understand what the role really is.

The basic responsibilities of a system administrator are:
        staff training and support
        software installation, maintenance, and upgrading
        hardware installation, maintenance, and upgrading
        research and troubleshooting
        routine network administration and maintenance
        network documentation
        database supervision

Daily tasks may consist of:
        performing backups of the server,
        adding and deleting new network users
        making sure that malware protection software is up-to-date, and cleaning any viruses that infect computers
        training and assisting staff in using hardware and software efficiently
        troubleshooting any routine problems that staff cannot fix on their own,

Some good reading on the topic.

``Essential System Administration'', 3rd Edition, by Æleen Frisch
ISBN: 0-596-00343-9, Publisher: O'Reilly & Associates
(There is an Online Version)
 
``Unix System Administration Handbook'', 3rd Edition, by Evi Nemeth, Garth Snyder, Scott Seebass, Trent R. Hein.
ISBN: 0-13-020601-6, Publisher: Prentice Hall

Security comes into the role from the aspect of being able to lock a system down and to engineer the thing in the first 
place. Forget port scanning. Even if it was legal, doing a port scan does not demonstrate initiative, it demonstrates 
that you do not understand the role.

Learning to port scan a system does nothing to help you compile a secure kernel. It does nothing to load patches and 
check that they have valid signatures. It does not help in reviewing logs for either performance or to see if there has 
been yet another attempt to crack the system.

Port scanning will not tell you if the users have changed their passwords and if they have a process to change them. It 
is far easier to check and than lock down services

Port scanning will not tell you if you have a cgi-script vulnerability on the secure web server open to students and 
staff only.

For all that is posted about this on the list, learn to engineer a system well and you will go much further in the long 
term.

Regards,
Craig

Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP G7799 GCFA AFAIM
Manager - Computer Assurance Services
BDO Chartered Accountants & Advisers
Level 19, 2 Market Street,
Sydney, NSW 2001
Telephone: +61 2 9286 5555
Fax: +61 2 9993 9705
Direct: +61 2 9286 5497
<Mailto:CWright () bdosyd com au>

"The scientist is free, and must be free to ask any question, to doubt any assertion, to seek any evidence, to correct 
any errors." Oppenheimer, J. Robert

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: