Security for UD System Administrators

News & Alerts

Accessing UD Systems

Reporting Incidents

UD Home

As a system administrator, you are responsible for maintaining the security of your computer system(s). The details of what must be protected are given in the Responsible Computing Policy and the Information Security Policy.

Configuration Management and System Maintenance Procedures

Follow the installation and configuration procedures detailed in the SANS documentation.
Document non-standard configurations, ie. any deviation from the procedures described in the SANS documentation.
Make sure at least one other person can serve as a Backup System Administrator in your absence.
Give the Backup System Administrator a copy of the configuration document, along with any other software/hardware changes you have made.

Operating System Security Updates

Keep current with your operating system critical security updates (Microsoft Service Packs, Sun and SGI).

Anti-Virus Protection

Install anti-virus software and keep virus definitions current.
UD-licensed McAfee software is available for servers.

Protect computers from remote abuse

Set strong passwords instead of using the default passwords shipped with applications.
Apply application service packs and patches for all installed applications.
Eliminate unneeded services - Web and FTP servers and middleware remotely executed via these servers.
Review Mail Server Security Settings.
Consider Web Server Security Settings.
Address File Sharing Concerns.
Connect securely to other systems / computers.
Protect remote logins - For Win 2000/XP computers: restrict anonymous access to your computer.
To protect against reflected DDoS attacks:
- Do not allow spoofed IP packets to leave your network. Configure routers, firewalls and hosts to forward only IP packets that have a correct source-IP address for the network.
- Disable the directed broadcast address feature on routers. This feature allows a hacker to contact all hosts on a network with a single request.

Security Incident Handling and Escalation

If Information Technologies detects that a system in your area of responsibility is exhibiting behavior indicating a system compromise, they will turn off the network connection and IT-Security Administration will notify you of the problem by e-mail.
Take immediate steps to investigate and resolve the problem. After the problem has been resolved, send a statement to IT-Security Administration describing the corrective action taken and whether high risk personal non-public information (PNPI - e.g., Social Security or credit card numbers - see http://www.udel.edu/security/breachpnpi.html) is stored on, or accessible from (e.g., via a networked drive) the system. The port will be re-enabled after receiving this informaion.
If you have services that flow through a common point, e.g., mail server, all users of that service will experience an outage if a system compromise is detected and the connection disabled. Be sure to closely monitor and securely maintain such services to ensure uninterrupted service to your constituents.
If you detect a system compromise, you must remove the system from the network immediately.
If you think others would benefit from your experience and lessons learned, contact other System Administrators by sending a message to the appropriate mailing list(s).
Contact the System Administrator's User Groups or the IT Help Center at 831-6000 if more help is required.

Backup, Disaster Planning and Response

Server Backup
- Identify at least one person to back up each system. Provide training if necessary. Keep this list current.
- Document the backup system used (location of backups, rotation schedule, labeling scheme, etc.)
- For information about off-site (away from the department) storage of diskettes containing backup files, call University Archives at 831-2750.
- To see equipment designed to help a department back up its information efficiently, e-mail the Technology Solutions Center or call 831-8895.
- For information about having Information Technologies back up a departmental UNIX server, contact Dan Grim.
Desktop Systems Backup Recommendations for Faculty/Staff
- Make backup copies of files on a separate disk, cd, or zip disk on a regular basis. See How to backup data to external media.
- The most commonly backed up files are those in the My Documents folder and the Local Mail folders.
- Backing up E-mail: Outlook Express (Windows) Mozilla Profile (Windows).
Disaster Planning and Response
- Maintain a disaster recovery plan as explained in Departmental Information and Records Management Policies.
- See Planning to Assure Business Continuance in the Event of a Disaster for specific procedures.

Other Recommended Utilities

Networking with Colleagues

Attend Computer Corps meetings and local user group meetings:
- Unofficial UD System Administrators Group Web Site
- LINUX Users Group
See UD Mailing Lists and User Groups to verify that your name is on the appropriate User Group mailing lists (Unix/Linux Administrator User Group, Linux Users Group).
Subscribe to security bulletins (Microsoft, Sans, CERT).

UD Resources

IT Professionals Orientation:
IT Professionals Corner
IT Security website
Unofficial UD System Administrators Group Web Site
- NT/2000 Administrators Group Web Site
- UNIX Administrators Group Web Site

Other Resources

Carnegie Mellon CERT Coordination Center
Microsoft Links
National Security Agency 60 Minute Network Security Guide
Port Information
- Port numbers from IANA.org
  Port numbers are divided into three ranges:
  - System (Well-Known) Ports - 0 through 1023 - these have standardized uses.
  - User (Registered) Ports - 1024 through 49151 - registered with IANA
  - Dynamic and/or Private Ports - 49152 through 65535 - these are unregulated and anyone can use them.
- Port Reference Information from Minasi 6/03 Newsletter
SANS - Information and Computer Security Resources