Nerd:Security
From ASD Wiki
[edit]
ADE - IT Security Policy Compliance
This Alma Wiki page is dedicated to ADE's new IT Security Policy and the steps we've taken to comply with their suggestions.
[edit]
Section 1 - Security Management
[edit]
Policy Statement & Standards
District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure, modification or denial of sensitive information.
[edit]
1B1 - Security Responsibility
[edit]
1B2 - Data Sensitivity
[edit]
1B3 - Training
[edit]
Section 2 - Physical Security
[edit]
Policy Statement & Standards
Physical access to computer facilities, data rooms, systems, networks and data will be limited to those authorized personnel who require access to perform assigned duties.
[edit]
2B1 - Workstation Security
[edit]
2B2 - Computer Room Security
- Data Center - (1023 Hwy 64 E) Admin Annex
- Most of our servers and our core switches are located in this recently remodeled building which is home to the Technology Department, Special Education, and the Alma Opportunity School (Alternative).
- Our leased fibre WAN terminates here
- Campus Application & Home Directory Servers
- Servers and core switches located in each school, behind at least two doors which only office personnel are permitted
- High - Office
- Middle - Tech Data Center
- Intermediate - Library
- Primary - Office
- Servers and core switches located in each school, behind at least two doors which only office personnel are permitted
[edit]
Section 3 - Network Security
[edit]
Policy Statement & Standards
Network perimeter controls will be implemented to regulate traffic moving between trusted internal (District) resources and external, untrusted (internet) entities. All network transmission of sensitive data should enforce encryption where technologically feasible.
[edit]
3B1 - Perimeter Security
Internet access to and from our LAN passes through our hardware firewall. And beyond that, the state-provided Cisco Router.
[edit]
3B2 - Wireless Networks
[edit]
3B3 - Remote Access
We allow remote Terminal Server access over RDP/High, and allow administrative SSH access to a few SLES hosts.
[edit]
3B4 - Warning Banners
Novell Client is the workstation client facilitating access to Novell Directory Services, and we present our Acceptable Use Policy as a banner graphic during the network login process.
Except for the graphic, this is a completely unmodified Client32 login.
Click this link to find out how to create your own custom Client32 graphic.
[edit]
Section 4 - Access Control
[edit]
Policy Statement & Standards
System and application access will be granted based upon the least amount of access to data and programs required by the user in accordance with a business need-to-have requirement.
[edit]
4B1 - System Access Controls – Authentication
[edit]
4B2 - System Access Controls – Authorization
[edit]
4B3 - System Access Controls – Accounting
[edit]
4B4 - Administrative Access Controls
[edit]
Section 5 - Application Development & Maintenance
[edit]
Policy Statement & Standards
Application development and maintenance for in-house developed student or financial applications will adhere to industry processes for segregating programs and deploying software only after appropriate testing and management approvals.
[edit]
5B1 - Systems Development
[edit]
5B2 - Systems Maintenance & Change Control
[edit]
Section 6 - Incident Management
[edit]
Policy Statement & Standards
Monitoring and responding to IT related incidents will be designed to provide early notification of events and rapid response and recovery from internal or external network or system attacks.
[edit]
6B1 - Incident Response Plan
[edit]
Section 7 - Business Continuity
[edit]
Policy Statement & Standards
To ensure continuous critical IT services, IT will develop a business continuity/disaster recovery plan appropriate for the size and complexity of District IT operations.
[edit]
7B1 - Business Continuity Planning
Alma currently utilizes the RSYNC project for backup. More on this backup project and how Alma is implementing it can be found here.
[edit]
Section 8 - Malicious Software
[edit]
Policy Statement & Standards
Server and workstation protection software will be deployed to identify and eradicate malicious software attacks such as viruses, spyware, and malware.
[edit]
8B1 - Malicious Software
- We currently use Kaspersky Enterprise Workstation security, and manage all of our staff workstations with Kaspersky Administration Kit. This allows a centralized point of administration to make sure our staff workstations are protected. Every virus detection is logged by the Admin Kit and email notifications are promptly distributed to the tech staff describing the machine and location. Should it detect more than 15 viruses within 10 minutes, the Admin Kit goes into "virus outbreak" mode and schedules an immediate full file scan on all known workstations, notifies the tech staff via email and catapults the local workstation network scanning policy to full protection. This heightened alert state will subside once the threats have been removed.
- We deploy Faronics DeepFreeze on our student workstations and labs. DeepFreeze power-cycles these machines every afternoon, so if anything malicious is accumulated during the day, it is removed nightly.
