Skip to Content - Skip to Navigation

IUP IT Systems Administrators Procedures and Best Practices

 

Not What You’re Looking For?

or Browse by Categories

This Article’s Categories

Click any item to add it to your Browse by Categories list.

Technical Support Staff(281)

General

  • Comply with all IUP security policies and guidelines:
    University policies and guidelines provide the foundation and framework for IUP’s security guidelines. IUP security policies and guidelines must be followed, and compliance must be documented.

Physical Security

  • Physically secure any resource you manage or own:
    Keep rooms with computer and network equipment locked when unattended. Do not leave portable devices (such as smartphones or notebook PCs) or media (such as DVDs or flash drives) laying around in open areas. Apply BIOS passwords and/or use computer locks if a system resides in an untrusted room (such as a public lab). Secure, disable, or physically block access to external ports if they are not needed (like USB ports).

Authentication and Accounts

  • Implement and use authentication:
    All IUP computing resources, including PCs, servers, applications, and network equipment, must have some form of authentication system using a strong password or certificate. All users should use authentication when using IUP computing resources and should not leave computing sessions open when not in use. Encryption should be always used if available.
  • Do not allow anonymous access or guest access to any resource:
    Almost all IUP computing resources should be configured and managed so that anonymous and guess access is disabled. Anonymous access to resources on the IUP network should not be allowed and is unauthorized for sake of the security of the university’s computing environment.
  • Do not share your password, use blank passwords, or use weak passwords:
    Any computing username at IUP should only have one owner. Sharing your username or password with anyone is prohibited. The use of strong passwords is a must in IUP’s computing environment. A strong password is one that is not easily cracked. A strong password will be more than 8 characters, does not contain words found in a dictionary, and will use numbers and non alpha-numeric characters. Weak passwords may be cracked using automated brute force scripts or by simple guessing techniques.
  • Use low privilege accounts:
    When possible, do not use accounts that have administrative privileges (such as administrator or root). Administrators should run services, tasks, and daemons under low privilege accounts when possible. If a service has a buffer overflow vulnerability that allows for code execution, the malicious code would be limited to what it can do, as it would run under the low privilege user as well. The same thing applies to end-users. Users can limit or reduce risk by using a non-privileged account when using a computer to browse the web, read e-mail, and open documents. Windows Vista and 7 have UAC (User Access Control), which can prompt users before attempting to run administrative executables.
  • More information on IUP accounts and passwords

Secured Hosts

  • Always secure a system before placing it on the IUP network:
    Many vulnerabilities are present in new installations of various operating systems such as Windows and Linux. If you place a newly installed system on IUP’s network before it can be secured, it has a good chance of becoming compromised by an attacker in hours if not minutes. After the system is compromised, performing any tasks to secure the system will be fruitless, as it is already tampered with and should not be trusted. A compromised system will need to be formatted and have its OS and software reinstalled. The system will then need to be secured before placing it back on the network.
  • Secure local data and network shares by allowing access for only people who need access to them:
    All computing media, files, data, and information should be protected by file security so that access control lists are set for only people who need access. Encrypting and password protecting files are other layers of protection that can also be applied. If any data is to be shared via the network (i.e., network share, ftp site, website), access/control should also be applied in the same manner.
  • Patch software and devices in a timely manner from when a security patch is released on any resource you manage or own:
    Unpatched and out-of-date computer software is one of the main reasons computer viruses, worms, and hackers can compromise a system. Computer and network security starts with prevention, and keeping your system updated is the first step in prevention. All IUP computing resources should be updated regularly and on demand if a critical vulnerability is announced. Although there are a few hackers that may find new unknown software flaws/vulnerabilities and exploit them, most attacks are performed on known vulnerabilities, where the vendor has already provided patches or updates for. Many of these known attacks are performed by script kiddies using out-of-the-box scripts or kits created the top elite hackers. Information on software vulnerability notifications from various vendors can be found in the IT Security Resources page. Your vendor will have instructions on where to obtain patches and how to install them. Some vendors, like Microsoft, provide free tools for end-users to use such as Windows Update. Red Hat Linux also provides a RHN (Red Hat Network) and yum service.
  • Change and review default configurations of software packages so that it only contains what is needed for the task at hand:
    Many exploits use vulnerabilities found in obscure or unused features in various computer software. Most exploits are created to compromise as many systems as they can and rely on systems with default configurations and/or systems with various features turned on by default. Changing or minimizing the default configuration to meet your needs will limit your exposure to automated brute-force hacker scripts/kits, worms, and attacks on unknown vulnerabilities.
  • Disable or uninstall any unneeded services or software from any system you manage:
    As discussed above, changing default configurations can help prevent some attacks, but what if you don’t even use or need an installed software package or service? Uninstalling unused software will completely eliminate your exposure to any unknown vulnerabilities in the unneeded software once it is removed from your system. You can apply the same principle to any running network services on your system. If you don’t use or need the service, disable it. The more network services you have running, the more chance you have getting attacked or compromised over the network. Limit your exposure and risk by disabling unused network services.
  • Do not install unknown/untrusted software:
    You should not trust all freeware, shareware, and public domain software. Freeware software is usually home-grown by various individuals who may not have wrote the software with security in mind. One little freeware software package could result in your system being compromised due to poor software coding or an installed backdoor. Try to only install reputable freeware/shareware. Read reviews and do searches on the software on the Web, before deciding to install it. When downloading freeware/shareware software, always download from a reputable site to reduce your risk of Trojan software. The same applies for open source software. If you want to install open source software, it is best to download the source and/or binary versions from the project website or trusted mirrors.
  • Install a host-based firewall if warranted:
    IUP’s network is routable to the Internet, meaning almost anyone can access a system on the IUP network from around the world. Systems and networks across the Internet are scanned 24/7 by potential attackers. Even if the network wasn’t routable to the Internet, your system would still be vulnerable to internal attack or malicious activity. You can protect your system from both external and internal attacks by disabling network services or by using a personal firewall on your PC. A firewall is a system that acts as an interface between two networks, while regulating, isolating, and/or filtering network traffic between the two networks. Many modern network operating systems come with a host-based firewall (Windows 7, XP, Red Hat Enterprise Linux, etc.). There are also third-party companies that sell personal firewall packages, and some distribute free versions. If a firewall is used, it is still important to keep the local security of the system it protects just as strong as it would be without the firewall. Firewalls can sometimes be easily evaded or defeated.

Virus Scanning

  • Install and maintain current antivirus software on any system you manage:
    Did you know there are over 100,000+ known malware (viruses, worms, bots, and trojans)? Most system compromises are a result of viruses and their like. Once a system that is not running current antivirus software is infected with a virus, trojan, or bot, you should format and rebuild the system. Installing antivirus software on a system after it has been compromised is not advised because once a system is infected, the virus may have installed numerous backdoors and may have already modified your system in ways an antivirus package cannot fix. It is imperative for the sake of the security of IUP’s computing environment that all administrators install and maintain current antivirus software and updated virus signatures on all the resources they manage. Viruses are just simple computer programs, but due to their spreading nature and negative effects, they can devastate entire networks with ease. A network of computers is only as secure as the least secure system. Keep your system clean from viruses and worms. IUP provides Sophos anti-virus softwareto protect your systems.
  • More information on viruses

Active Monitoring

  • Monitor and review log files:
    A part of keeping your system secure is to know what is happening on your system daily. By knowing what information your logs normally contain and/or who accesses your system, you will be able to more easily detect malicious activity and/or unauthorized access on your system. Use of an audit trail is recommended. Unsuccessful attempts should be monitored. Many unsuccessful attempts from the same system should be of concern. If you feel your system was compromised by a successful attack, you must turn off your system and contact the IT Support Center immediately! Sometimes preventative security measures such as patching seem like a lot of work, but it is a lot less work than formatting your hard disk and reinstalling your OS and software after your system is compromised. Once a system is compromised, any software and data on the computer should be considered tampered with.

Backup and Recovery

  • Backup your system regularly:
    Make a backup of the data on your system regularly on removable media. If your system gets compromised, your backup data will still be safe and will have kept its integrity. After you rebuild your system, you will be able to recover data from your backup. Backups are not only an important part of security, as they can also come in handy if your system is physically stolen, damaged, or broken. It may seem like a tedious task, but if you ever need your data restored, you will realize that it was well worth the extra time and effort.

Incident Response

  • Report any compromised system, malicious activity, or virus infected system:
    It is imperative that any IUP computing resource that is known to be compromised, assumed to be compromised, or acting “strange,” be shut down right away. If you are unsure, please contact the Technology Services Center. Also, any system or user that is known to be involved in malicious activity or attacks should be reported.

Last modified on 3/21/2014 1:52:01 PM
URL: http://www.iup.edu/itsupportcenter/howto.aspx?id=48925

  • Office Hours
  • Monday through Friday
  • 8:00 a.m.–4:30 p.m.
  • ihelp.iup.edu