The System Administrators of MegaCorp: Security Goals - Assignment Example

? Enhancing Security in System Administration Introduction Operating systems are often regarded as software that provides greater access towards various hardware resources like computer system. The various sorts of operating systems generally tend to offer superior access to diverse disk devices on which different programs are collectively stored. It is worth mentioning that operating systems run various programs in dissimilar processes. One of the challenges related with the developer of operating systems is to adopt and execute various applications concurrently. This signifies that operating systems which would be installed must be able to execute various programs in a single point of time (Santos, Rodrigues & Ford, n.d.). Contextually, it can be affirmed that an operating system is usually viewed to be one of the major fundamental aspects concerning improving the security of every computing system by a considerable level. It can be argued in this similar regard that secured programs require safe operating system and ignorance of this may lead to failure. In other words, operating systems must be capable of ensuring effective execution of various programs as well as mechanisms effectively and most vitally enabling high performance use of various computer resources. Ensuring secure performance of all operational processes largely relies on accurate implementation of different hardware resources and scheduling mechanisms (Jaeger, 2008). Specially mentioning, the security threats associated with various system administrators are recently receiving increasing attention driven by series of events resulting in significant damage due to security threats. The primary challenges related with system administrator can be attributed by taking into concern certain significant aspects like security and manageability. In practice, operating systems require various tasks that need to be executed in order to make sure that the system operations impose extensive impact on sensitive user data and process. For instance, adding and removing various software systems and drivers may result in causing the user data to be at risk through corruption, leakages and losses (Scarfone, Janseen & Tracy, 2012).) With this concern, the primary purpose of this paper is to develop, document and assess best practices for server deployment and administration that would eventually support and enhance the security of Megacorp towards upgrading its new operating system. 1. Enhancing Security a. Before Server Deployments Deployment of servers in any organization is costly and daunting. The servers provide broad array of services to internal as well as external users and stores along with delivers different sensitive information to the organizations. Moreover, servers are frequently introduced by the intruders in order to gain unauthorized access of valuable data and other services. There exist certain few common threats to servers that have been represented below: Malicious objects may use software bugs in the server or its operating system in order to gain unofficial access to the server Denial of service (DoS) might also be directed to secondary network infrastructure, deterring the valid users to execute the server services Sensitive information stored in the main server may get access by the intruders or may change in an unauthorized manner Sensitive data or information that are transferred or encrypted amid the servers and thus the client may get interrupted by unauthorized users. Correspondingly, it can be admitted that it is often more difficult to address the security of servers after the deployment or the implementation of effective operation systems. Thus, security should be prudently measured from the preliminary stage of planning. It is essential to make effective decisions about determining the configurations of various information systems appropriately and consistently in order to ensure effective outcome of the deployment plan. It has been ascertained that organizations often fail to address dissimilar human resource associated requirements for deployment as well as operational phases of server and other supporting infrastructure. Thus, it is vital for MegaCorp to consider the below mentioned points prior to server deployment. Sorts of personnel needed for deploying server Training needs and skills for effective deployment of server Collective and Individual staffing requirements b. During Server Deployments It can be firmly admitted that the conduct of appropriate practices by the management team of any organization is crucial for operating and maintaining secure server system. It is worth mentioning that several threats associated with the implementation of servers can be duly avoided if the operating systems are appropriately configured. Contextually, in order to ensure the development of a secured operating system, it is essential for MegaCorp to follow the following steps carefully. Patch and update various operating systems Harden and construct the operating system for ensuring sufficient security level If needed, install and organize security controls Test the security of the operating system in order to ensure successful and secure installation of operating systems. It can be affirmed that once the operating systems are installed and configured appropriately, the next step should be directed towards installing and securing the server software in an effective manner. It is essential to go through the documentation of server software before starting the installation process. With respect to the server installation process, it is worth mentioning that partially installed or configured server should not be exposed to the external users. Subsequently, the access of internal network should be limited until all the programs are prudently configured and installed. One of the potential principles related with the deployment of server can be associated with the elimination of the known threats and susceptibilities that mainly arises through patches or upgrades. In order to ensure secure sever deployment, it is indispensable for MegaCorp to follow the below mentioned steps. Install the server software either on a dedicated host or on dedicated visitor operating system Apply upgrades or patches to rectify the known threats and vulnerabilities Develop a committed physical disk or logical participation for server data (Scarfone, Janseen & Tracy, 2012). c. After Server Deployments After the successful implementation of the server, it is crucial to ascertain any type of needless application, script and service that are installed during the deployment stage. Subsequently, all the unnecessary applications, scripts and services should be removed prudently once the installation process is successfully completed. Moreover, administrators should ensure and maintain the server security continuously once the installation of server is completed. Administrators are required to perform various activities such as handling and evaluating log files, conducting regular server backups, testing server security and performing remote administration securely after sever developments (Scarfone, Janseen & Tracy, 2012). 2. Enhancing Security a. Before The Implementation Of A Domain Environment (i.e., AD DS) Active Directory Domain Services (AD DS) in the Window Server 2008 R2 operating system comprises several new features that aid in improving Active Directory supportability, performance and manageability by a greater extent. Usually, AD DS deployment requires the execution of three phases that include a design phase (before implementation), deployment phase (during the implementation) and operational phase (after the implementation). These phases need to be executed well for the purpose of ensuring better as well as secured domain environment. Before deploying Window Server 2008 Active Directory Domain Services (AD DS), it is essential to plan and design logical structure for ensuring greater security of the domain environment. Specially mentioning, it is also quite crucial to determine the logical structure of AD DS in order to manage shared network accounts and resources by a considerable level. With regard to determine AD DS logical structure, it is vital for MegaCorp to identify the number of forests that are required by the organization and create attractive design especially for the Domains, Domain Name Systems, infrastructures and organizational units among others (Microsoft1, 2013). Once the design is approved, it would be vital to test the design for enhancing and ensuring the security during the implementation phase. It is also crucial to determine the appropriate number of domain controllers for each site and verify in order to ascertain that the hardware requirements associated with Window Server 2008 are duly complied (Microsoft1, 2013). b. During The Implementation of a Domain Environment (i.e., AD DS) The forest root domain is regarded as the foundation for AD DS forest infrastructure. In order to deploy AD DS, it is essential to install forest root domain initially. Correspondingly, in order to enhance the security and the installation of the forest root domain, it would be vital to review AD DS design and also to configure of DNS service related with forest root domain. Once the deployment of the forest root domain is completed, the next phase would be making necessary arrangements for installing any new Window Server 2008 regional domains as specified in the AD DS design. In order to deploy and enhance the security, it will be vital for MegaCorp to organize effective domain controllers for each regional domain. However, Window Server 2008 domain provides efficient and straight forward options to take the advantages of the operating system i.e. Window Server 2008 features as well as functionality. It can be stated upgrading Window Server 2003 to Window Server 2008 would eventually facilitate in improving the security, manageability and the scalability of various network infrastructures at large (Microsoft2, 2009). c. After The Implementation Of A Domain Environment (i.e., AD DS) After the successful implementation of the domain environment, the system administrators should strive to create collaborative relationships amid two domains or forests i.e. between the Window Server 2008 domains and Window Server 2003 domains for enhancing the level of security. Furthermore, it is also crucial to monitor Active Directory replication status across all domain controllers and identify the problems that are associated with specified domain controller (Microsoft2, 2009). 3. Enhancing Security a. Before Infrastructure, Application, File, and Print Services It is crucial for a system administrator to coordinate all the events associated with network infrastructure as well as data storage support and also to centralize the enterprise server. In order to enhance the security of network infrastructure, it is essential to identify and comply with organizational policies, procedures and standards. Furthermore, it is also indispensable to conduct security tests before conducting infrastructure, application, file and print services. It is vital to set effectual printing standards in order to ensure efficient security of printing system. Prior to conduct infrastructure, applications, file and print services, it is quite vital to withdraw and remove discontinued printers. It can be further admitted that verifying of application licensing and testing the application need to be executed efficiently in order to enhance the security while performing infrastructure, application, file and print services (CGIAR, 2009). b. During Infrastructure, Application, File, and Print Services In order to ensure adequate security of the network infrastructure, it is crucial that network devices are configured safely and are accessed in a secured manner. During the conduct of infrastructure, application, file and print services, secure protocols should be introduced as well as utilized for network communication. Moreover, remote access to internal network should be managed securely. In this regard, it is suggested that there should be clear understanding about the security characteristics and its implications during the time of preparing these services i.e. infrastructure, application, file and print services (CGIAR, 2009). c. After Infrastructure, Application, File And Print Services The system administrator should ensure that all the network components such as firewalls switches, routers and installed and maintained prudently after effectively performing infrastructure, application, file and print services. Furthermore, in order to ensure and enhance security in performing infrastructure, application, file and print services, it is vital for the system administrators to become more updated in terms of systems and networks managed by them. Additionally, machines such as computer systems need to be physically secured and the system administrators should logout after the completion of certain specific jobs. It is equally important that the system administrators should remain much cautious regarding root password as well as administrator password. It is suggested in this regard that passwords should not be stored in plain texts. This would eventually enable the system administrators to attain secure infrastructure (Nguyen, Deo & M, 2008). 4. Enhancing Security a. Before The Implementation of Storage and High Availability Solutions In recent times, clusters have emerged as one of the most popular architectures for conducting efficient performance computing. The differences between the time taken by the processors or networks to read or write data along with slower speed of storage devices often negatively influences the storage subsystem and the overall system performance by a greater extent. Thus, it is crucial for system administrators to maintain high level of reliability in order to eliminate any sort of failure or fault in the storage devices. Moreover, a cluster must be well-designed in order to balance computational and input-output needs. The system administrators need to evaluate costs associated with the implementation of storage and high availability solutions for achieving enhanced business performance along with greater application availability and protection of data (Nguyen, Deo & M, 2008). b. During The Implementation of Storage And High Availability Solutions During the implementation of storage and high availability solutions, it is recommended that the system administrators must use Window Server 2008 cluster for managing high availability applications. This might be owing to the reason that this cluster i.e. Window Server 2008 would aid the system administrators to back up and restore configuration of valuable data. Furthermore, it will also enhance security as it enables the system administrators to gather a sequence of data or events amid the cluster nodes in one location. This facilitates in avoiding the need for reviewing cluster logs as well as system event logs and ensures effective security (Nguyen, Deo & M, 2008). c. After The Implementation of Storage and High Availability Solutions After installing storage and high availability solutions, the system administrators should add or remove the accessible product options. It is recommended to the system administrators in this regard to use controllers for the purpose of discarding single point of failure in the system. Using controllers shall facilitate in attaining adequate security for mass storage as well as high availability solutions (Nguyen, Deo & M, 2008). With respect to adding products in storage and high availability solutions, the system administrators should not add more products, as this may require more management as well as increase the vulnerability related with security. Before deploying Window Server 2008 Active Directory Domain Services (AD DS), it is essential to design an effective as well as a dynamic logical structure in order to reduce the implications emerging from any potential threat (Nguyen, Deo & M, 2008). 5. Enhancing Security Via a. Management of Enterprise Server Systems A typical organization uses a wide variety of application packages in order to manage its computing infrastructure. Despite the availability of large volume of information, it is quite difficult to manage the enterprise server system. It is vital that all the internal servers installed at MegaCorp must be owned by the operational group who are accountable for preserving an efficient system administration. It is also essential for the system administrators to establish as well as to maintain approved server configuration guide in accordance with the business needs. It can be affirmed that the services and the applications that are not used should be disabled or removed. The system administrators should ensure that access to various valuable services is protected with the adoption and the execution of access-control methods. It can be argued that trust relationship often increases security risks by a greater extent. Hence, it is suggested that system administrators should avoid the notion of trust relationship with other communication related methods. It is firmly recommended that system administrators should always make use of standard security fundamentals for accessing different valuable data and perform effective functions. It is vital that servers are located in an access-control environment which would eventually prohibit the access of servers from getting affected by any potential threat (SANS Institute, 2006). b Monitoring of Enterprise Server Systems Monitoring of enterprise server systems can be executed through several performance and state-related mediums. It is crucial to track the operational performance of the servers in order to enhance the security of server deployment and administration. The system administrators attached with MegaCorp should constantly analyze the current environment through prudent observation of the most relevant data. Besides, the system administrators should remain much capable of promptly identifying flaws in the system and further proactively identify the root-causes of the problems ascertained. The system administrators should adapt to prevailing conditions and gather adequate information in order to ensure efficient and correct operation of the enterprise server systems (SANS Institute, 2006). The system administrators should regularly monitor various sorts of server databases through using custom utilities and must also track critical server events. The various events spotted during the monitoring of enterprise server system should be represented in charts, so that it becomes quite easy to understand the changes and the deviations that take place in the operations of enterprise server system. This would enable the system administrators to distinguish between relevant and non-relevant data. The understanding of relevant and accurate data would ultimately facilitate in increasing the efficiency of the enterprise server systems by a considerable level (SANS Institute, 2006). c. Backup of Enterprise Server Systems It can be apparently observed that the value of data is growing rapidly and is being duly considered to be one of the primary assets for an organization dealing with storage, dissemination and retrieval of data. However, in recent times, various IT related organizations are often encountered with numerous challenges that are related with implementation of reliable backup and recovery solution in a cost-effective manner. In order to ensure enhanced security of core backup of enterprise server systems, Window Server 2008 encompasses Microsoft Management Console (MMC) in order to provide reliable solutions for day-to-day recovery and backup needs (Yang, 2003). 6. Creation of a Supporting Diagram Critical Path and Process Flow for Active Directory Domain Service (AD DS) Design Source: (Microsoft3, 2008). Conclusion From the above analysis, it can be inferred that operating systems are software that provide greater access to numerous hardware resources which comprise the computer system. The system administrators of MegaCorp should establish security goals and execute deliberate efforts in order to attain these security goals while preventing unauthorized access or attacks from intruders. Moreover, they should primarily engage in building a secured operating system. It is essential to design an effective operating system in order to enhance the security level by a greater degree. Specially mentioning, the system administrators of MegaCorp should eliminate possible threats and vulnerabilities with the use of upgrades and patches during the implementation of server systems. Once the installation of server systems is completed, the system administrators should continuously maintain server security by a significant level. It is equally important for a system administrator to review Domain Name Server (DNS) during the implementation of domain environment. After the implementation, the system administrators should identify the backups so that no valuable data is damaged or lost. These vital aspects would eventually support MegaCorp to expend a huge figure of money in upgrading from Windows 2003 and Windows XP to Server 2008 and Windows 7 in near future. References CGIAR. (2009). Network infrastructure security good practice guide. Retrieved from http://www.cgiar.org/www-archive/www.cgiar.org/pdf/iau/gpn_Network%20Infrastructure%20Security.pdf Jaeger, T. (2008). Operating system security. Morgan & Claypool, pp. 1-207. Microsoft3. (2008). Active directory design decision process. Retrieved from http://technet.microsoft.com/en-us/library/cc300146.aspx Microsoft1. (2012). AD DS design requirements. Retrieved from http://technet.microsoft.com/en-us/library/cc754200 Microsoft2. (2009). Introduction to administering domain and forest trusts. Retrieved from http://technet.microsoft.com/en-us/library/cc816746.aspx Nguyen, N. Deo, B. A., & M, S. ( 2008). High-availability clustering in Microsoft windows server 2008. Retrieved from http://www.dell.com/downloads/global/power/ps2q08-20080222-Shabana.pdf SANS Institute. (2006). Server security policy. Retrieved from http://www.sans.org/security-resources/policies/Server_Security_Policy.pdf Santos, N., Rodrigues, R., & Ford, B. (n.d). Enhancing the OS against security threats in system administration. Yale University, pp. 1-19. Scarfone, K., Janseen, W., & Tracy, M. (2008). Guide to general server security. National institute of standards and technology, pp. 123-153. Yang , C. Q.(2003). Operating system security and secure operating systems. Retrieved from http://www.giac.org/paper/gsec/2776/operating-system-security-secure-operating-systems/104723 Read More