Before You Connect

These steps should be taken by all system administrators, even if you do not have sensitive data stored on your computer. If you need assistance implementing these steps, please contact the ITU Support Center at (703) 993-8870.

Join Mason's Systems Administrators Leadership Team (S.A.L.T.) listserv and attend meetings.

• Why? SALT meetings will be held regularly throughout the year so that sysadmins can share their ideas, expertise, best practices, and socialize to build a stronger technical and security conscientious community.
• How? To join the meetings subscribe to the listserv. Details are available on the IT Security website.

Understand your job responsibilities by reviewing the Responsible Use of Computing Policy.

• Why? Understanding the Responsible Use of Computing Policy is fundamental to successfully fulfilling your role as a systems administrator. The rules and responsibilities provide the accepted framework for ensuring confidentiality, integrity, and availability of IT assets and data assigned to you.
• How? Read the Responsible Use of Computing Policy 1301, by visiting the University’s policy website.

Before connecting your server to the Internet, make sure you have installed the latest patches. Verify that all ports and services that are not needed are disabled or closed.

• Why? Simplify. Minimize the amount of opportunities the hackers have to exploit your system. Although some vendors are making an effort to deliver secured systems by default, it is necessary for system owners to review those default configurations in the context of their environment. Chances are better than good that the software needs to be patched against the latest threats and that several services are extras, unnecessary for your business purposes. Take the time to carefully review your systems business needs and eliminate (disable) extraneous services.
• How? For patches visit the web site of your vendor. Common vendors include:
  • Windows - http://www.microsoft.com/security/
    default.mspx
  • Sun Solaris - http://sunsolve.sun.com/pub-cgi/show.pl?target=home
  • Redhat - http://www.redhat.com/security/
  • Debian - http://www.debian.org/security/
  • Caldera - http://www.caldera.com/support/security/
    Linuxsecurity.com
  • OpenBSD - http://www.openbsd.org/errata.html
  • FreeBSD - http://www.freebsd.org/security/
  • SGI - http://www.sgi.com/support/security/
  • Securemac.com
  • Apple Security Updates

Before connecting to the network, remediate against the SANS Top 20.

• Why? The Top 20 list is a consensus effort that has identified the most critical Internet Security threats. At the very least a systems administrator should remediate against these known threats.
• How? The top 20 list is available on the SANS website. http://www.sans.org/top20/
  The website includes the individual threats and step-by-step instructions on how to remediate against these threats.