Goal 1: Maintain Security of ITS Enterprise Systems

Transcription

1 INFORMATION TECHNOLOGY SERVICES University Technology Administration, Infrastructure and Support Open Systems Infrastructure Calendar Year 2018 Overview The primary mission of Open Systems Infrastructure is: to manage all central enterprise storage, backup, and recovery services for the University to provide central file storage services to departments and users to provide virtual machine services to University departments to provide virtual application services to University departments to provide hardware and operating system support for all central Unix and Linux enterprise systems to provide web hosting services, mail listserv services, and file transfer services for the University to administer the service and system monitoring service for enterprise ITS systems and services to support the University s Disaster Recovery systems Goal 1: Maintain Security of ITS Enterprise Systems Continue maintenance information communication for FSU ITS/ERP including regular meetings and documentation. Continue regular credentialed Nexpose scans of hosts and work with application teams to mitigate/remedy identified issues, especially those outside of the core operating system (including hosts within the Disaster Recovery arena). Initiate Oracle database specific Nexpose scans of ITS Oracle databases. Coordinate with ISPO to perform Personally Identifiable Information (PII) scans for ITS systems (current tool: Identity Finder). 1

2 Continue to assist the Middleware group in implementing Big-IP ihealth and security scans of F5 management appliances. Beginning January 2018 will review ihealth results of qkview file evaluation of all F5 instances monthly with MW to identify issues to be addressed. With respect to application security updates, assist application owners in awareness of needed updates and follow up on planned execution for updates. Continue working with ITS senior management on firming security goals and prioritization for ITS systems through documentation and recommendations. Prepare for cloud security considerations as FSU ITS builds its cloud presence. Continue to examine Privileged Access Management (PAM) applications and make recommendation for FSU ITS/ERP implementation. Implement Multi-Factor Authentication (MFA) for remote access to key critical ITS systems and applications. Provide communication outreach to FSU Department customers of MEAS systems on post vulnerability scans and remediation follow up similar to FSU Department customers of LEAS systems. Examine alternate anti-virus scanning application software and assist in implementation as needed. Review potential to provide on-access scanning as well as scheduled scans. In 2018 may move to another anti-virus solution that provides more on-demand scanning capability (Sophos?) Alternately, if ClamAV remains the anti-virus of choice, in 2018 will move toward more frequent scans of rapidly changing filesystems and add scanning for NFS file systems. January 2018, an updated joint Unix/Microsoft presentation is planned for the ITS Managers on ITS Vulnerability Status & Review. Implement regular security reviews of hosts (including reviewing accounts, iptables, Firewall rules, ACLs, sudo rules). Implement an automated process to review system accounts and cleanup/remove unnecessary accounts. Lock down generic/shared accounts and require users to login as themselves and sudo to the shared account. Tighten network access for shared accounts. Implement more secure, more complex shell account password rules to all of our Linux hosts. Perform regular operating system patching for all hosts with goal of at least semi-annual patching for enterprise hosts and quarterly patching for departmental VMs. Work with DBA team to implement standard procedures for patching Exadata systems. Continue to support the Splunk Cloud and onsite syslog server/gateway forwarder environment. Support other ITS teams in their use of Splunk Cloud to address security, performance, and operational concerns. Complete retirement of oldest VLANs in use in favor of newer VLANs that match our current network security model. Work with ISPO to set up regular Identify Finder scans of ITS CIFS storage and NFS storage services. Incorporate standard security benchmark standards (such as CIS, NIST, or other) into standard RHEL operating system builds. 2

3 Goal 2: Ensure Operational Stability, Reliability, and Performance for ITS Enterprise Systems Complete retirement of aged hosts that represent a significant risk to both security and delivery of services. This includes completing the retirement of all RHEL5 systems. Improve system and service monitoring, alerting, and reporting. Explore option of creating a Red Hat Satellite capsule server to allow for external provisioning of Red Hat Linux licenses/packages/updates in the cloud. Monitor and manage available capacity on Xtremio block storage array to ensure adequate storage is available for critical systems. Make plans to request funding for additional block storage capacity as needed. Work with DBAs to evaluate and assess alternative backup strategies for Oracle databases, including possible backups to the cloud and/or leveraging ITS infrastructure as alternatives or adjuncts to NWRDC BaaS services. Create Splunk dashboards and reports to improve system monitoring and alerting for performance and security. Plan roadmap and start process of moving all RHEL6 systems to RHEL7 in preparation for RHEL6 End of Life. Goal 3: Enhance Service Offerings and Improve Customer Experience Continue to promote the use of the VLab environment with other colleges and departments. Introduce more efficiencies into server deployment process via increased automation of server deployment and further standardization. Explore options to introduce public cloud-based virtual services for customers along with on premise private cloud services we have today. Research the feasibility of offering a service to manage applications for external customers. Research opportunities to utilize container technologies. Explore opportunity/costs to offer Splunk as a service to campus units. Support Enterprise Applications with their initiatives to utilize more public cloud service offerings. 3

4 Support staff development/training efforts to ensure staff are in the best position to provide value to internal and external customers. Goal 4: Support the University s Disaster Recovery Plan Continue to provide support for all of the systems and storage at the DR site. Keep the DR site up to date with patching and security updates as needed. Keep data synchronization for DR hosts up to date. Participate in DR testing and validation activities. Initiate planning for procedures to fail systems and services back to the primary site after failing over to the DR site. Participate in planning for next phase/iteration of DR site and any changes in scope that result from the Business Impact Analysis scheduled to be done this fiscal year. Participate in evaluation of use of public cloud services for DR in lieu of existing method of managing our own infrastructure in Atlanta. Goal 5: Implement secure research computing environment in support of NIST requirements Provision and maintain secure cloud computing environment to provide infrastructure needs for research contracts that have NIST compliance requirements. Ensure continued availability and security of NIST computing environment. Goal 6: Support ITS Initiatives to Operate According To ITIL Framework Obtain and utilize tool to assist in system and application documentation, dependency mapping, etc. in order to improve organization s ability to understand and react to system/service interactions. Adhere to established CRM case management guidelines. 4

5 Continue to follow standardized change management practices. Transition to the use of ServiceNow for change and project management as it becomes the designated ITS tool for these activities. Perform effective long term planning for infrastructure to provide enhanced visibility for larger infrastructure refresh project needs. FSU Strategic Goals reference(s): Strategic Goals reference(s): FSU Strategic Goals (Click Here for More) Goal I: Deepening Our Distinctive Commitment to Continuous Innovation Goal II: Amplifying Excellence Across our Academic and Research Programs Goal III: Realizing the Full Potential of Diversity and Inclusion Goal IV: Ensuring Student Success on Campus and Beyond Goal V: Preparing our Graduates for 21st Century Careers Goal VI: Investing Strategically in Our Institution and Reputation 5