Administrative Procedures Manual. Office of Information Technology Services Cape Fear Community College October 23, 2015

Transcription

1 Administrative Procedures Manual Office of Information Technology Services Cape Fear Community College October 23,

2 Introduction Cape Fear Community College has adopted the IT Standards published 1 by the North Carolina Community College Institutional Information Processing System (IIPS) users group. Those standards, in turn, fall under the NC Department of IT s Statewide Information Security Manual 2. In this document, where CFCC follows the standard, only that is noted. When there is a change from the standard, additional information is provided. 1 IIPS Standard published online at < 2 Security Manual available online at < 2

3 Chapter 1 Classifying Data and Legal Requirements 1.1 Classifying and Storing Information 1.2 Complying with Legal Obligations 3

4 Chapter 2 Securing the End User 2.1 Controlling Access to Information and Systems Managing Access Control Standards (See Standard ) Managing User Access (See Standard ) Requesting and Granting User Access The process to create network user accounts has been automated. Basic network access is automatically assigned and removed based on the HR position information entered in Colleague User Names User names are automatically generated by the Colleague process that creates user accounts in Active Directory. The standard is for the user name to be made up of the first initial, middle initial, last name, last 3 digits of the Colleague PERSON ID, and a sequential digit in the case of a duplicate user name Colleague (ERP system) User access to the Colleague system must be requested by an employee s supervisor. The Colleague Access Form must be filled out and signed by the employee, the employee s supervisor, and the Vice President of the employee s division. When the paperwork has been completed, the ERP Administrator will create the OPERS and SVM records that grant access to the system to the employee s user account New User Orientation New employees are required to attended the HR orientation and given the option to attend an IT-specific orientation offered by the Help Desk Colleague (SIS) Training Training on the SIS system is handled by the individual departments Access from Workstations The Colleague system is accessed through a GUI client that communicates with a dedicated UI server. All traffic to the database server flows through the UI server. Inactive sessions are disconnected after they have been idle for 30 minutes. The type of data a user has access to is restricted by the security classes assigned to the user. The data a user can extract is limited to the screens and reports to which he has access. Transfer of files (ex: FTP) is denied by default and allowed only to users who have a business need. Access to the Informer report tool is given to all employees. Users are restricted to data based on their role as defined in the Colleague security system Additional Access Control On the Colleague server the system security is managed at the application level in Colleague with the use of security classes that restrict access to mnemonics, office codes that allow access to certain documents in the Communication Management modules, and a few record-level security subroutines that restrict access to individual fields and/or records. 4

5 2.1.3 Securing Unattended Work Stations All employee workstations are configured to activate the screen saver after 15 minutes of inactivity. The user is required to re-authenticate to get back on the computer Managing Network Access Controls Default Network Access to Colleague All services on the Colleague servers blocked by the local firewall. Only required services are opened to the network: 1. DMI Listeners - required for Colleague access through UI, WebAdvisor, SelfService, and Mobile 2. UniRPC - required for reporting by Informer 3. SSH - System Administrators have secure shell access to perform privileged duties in an encrypted environment NOTE: Users do not access the Colleague server directly, but instead connect to the UI server and that passes the traffic back to the Colleague server Controlling Access to Operating System Software System Administrators General system administration at the operating system level is accomplished through the sudo tool. It allows access to operating system tools through a set of access control lists (ACLs) and logs every use of those tools. The root account is used only by the ERP System Administrator and the Assistant ERP System Administrator Managing Passwords (See Standard ) Passwords Passwords follow the Active Directory standards: eight characters long or more, and must contain at least one upper case and one lower case letter, and one number and or a special character. Passwords cannot contain any part of a users name. Passwords should not be something that is easily guessed (ex. children s names, spouse s name, pets). Passwords will expire every 90 days. Passwords must not be shared with anyone, and if written down, must be kept in a secure place (ex. wallet or purse) and must not be left on the desk or posted on the monitor Non-expiring Passwords for Service Accounts RISK ACCEPTED: Because certain remote systems need to be able to log into the Colleague server and the passwords have to be encoded in the remote server (and in the case of the DMI and EPL users are used to encrypt the keystore files), these non-user accounts have passwords that never expire. Until such a time as a mechanism can be developed to reliably update all the passwords in a timely manner to avoid interrupting the service. Accounts affected: matrix - for the nightly matrix index download epladmin - E-Procurement entity client user dmiadmin - Datatel DMI process user ezadmin - Easy Spooler administrator login Monitoring System Access and Use 5

6 2.1.8 Controlling Remote User Access (See Standard ) Access from the Network Outside access to the server VLANs is blocked by a firewall. Access Control Lists allow connections from college-owned computers connected to the employee VLANs Remote Access through VPN Access to the Colleague system from VPN is controlled by the VPN-COLLEAGUE user group in Active Directory. Supervisor permission through a KBox ticked is required before a user is added to the group Contracting with External Suppliers/Other Service Providers Third parties, including vendors, suppliers, contractors, and consultants, are required to follow the college s IT security policies. Access is granted only when required for performing work, and with the full knowledge and prior approval of the information asset owner. Access shall be removed when contract or service is complete. 2.2 Personnel Information Security Responsibilities 2.3 Training and Awareness 6

7 Chapter 3 Securing the Network 3.1 Networks 3.2 System Operation and Administration 3.3 and Internet Communication 3.4 Telephones and Faxes 3.5 Securing Data 3.6 E-Commerce Issues 3.7 Wireless Networks Wireless Networks Wireless access points (APs) are segmented from the colleges internal wired local area network (LAN). Additionally guest wireless access is segmented from student and employee wireless access Secure Wireless CFCC s wireless network uses the secure 802.1X protocol to authenticate, encrypt and segment different kinds of traffic. Employees of the college who are authenticated by the wireless controllers are granted secure access to the internal VLANs. 7

8 Chapter 4 Securing Systems 4.1 Purchasing and Installing Software 4.2 Software Maintenance, Upgrade, and Disposal Technical Vulnerability Management Applying Patches to Software (See Standard ) Loading Colleague Patches Colleague software updates will often need to be loaded once a week. The software updates are released by the System Office in Raleigh after they have gone through their testing procedures. Software Updates shall be loaded in the Test environment when they are first released and the users responsible for testing will be notified of what software updates have been loaded and the documentation that accompanied the software updates. Software updates should be tested for at least one week before being loaded in the Production environment. User approval in the form of a comment on the KBox ticket related to the software update must be received before loading any update Upgrading Software Supporting Application Software Operating System Software Upgrades (See Standard ) Solaris Patches on the Colleague Server Patches are loaded once a quarter on the Colleague server with the Recommended Patch cluster. The system office sends out an message to coordinate all the community colleges in downloading the same dated patch cluster. Then once it has been tested on the system office server they will send out a second message stating that the patch cluster is okay to load. At that point a time to load the cluster on the Colleague is scheduled Support for Operating Systems Recording and Reporting Software Faults 8

9 4.2.8 Disposing of Software 4.3 Controlling Software Code 4.4 Software and System Development 4.5 Software and Systems Operations Managing System Operations and System Administration Log-on Procedures System Utilities Data Validation Controls Data Recovery Controls Corruption of Data Monitoring Error Logs (See Standard ) System Auditing Log files are created by the system at the OS level and reviewed daily by the System Administrators. The basic log files (/var/adm/messages, /var/adm/syslog, /var/adm/lastlog) are automatically filtered and archived daily to be kept for a year. Additional log files (/var/adm/authlog, /var/adm/maillog) are filtered and mailed to the system administrators for inspection, but an archived copy is not kept. The Colleague application creates a log of each batch process that is run on the system that can be viewed by UTRR. While not checked on a regular basis, these can be a useful tool to find out when a process was executed and by whom Scheduling System Operations (See Standard ) Weekly System Maintenance Schedule A weekly maintenance period is scheduled from 5:30 AM to 7:00 AM every Thursday morning, except for when the business schedule requires the system to be available (Ex: during registration, year-end processing, etc.). 9

10 4.5.9 Monitoring Operational Audit Logs Responding to System Faults 4.6 Testing & Training 4.7 Web Site Development and Maintenance 4.8 Purchasing and Installing Hardware 4.9 Cabling, UPS, Printers and Modems 4.10 Using Portable Computing and Storage Devices 4.11 Other Hardware Issues 4.12 Data Management Managing Data Storage Managing Databases (See Standard ) Colleague: Database Maintenance Weekly file maintenance is necessary for the UniData database files used by the Colleague system. Every night the WEEKLY.UDT.FILE.ANALYSIS (WUFA) process runs to calculate the new blocksize and modulo for each file and creates a DATATEL.RESIZE.FILES paragraph. Once a week the DATATEL.RESIZE.FILES paragraph should be run to resize the files Managing Folders/Directories (See Standard ) 10

11 File and Directory Permissions Colleague Server The default umask on the Colleague server is 07 for users and 0022 for root, which means files normally are created as 770 by users and 755 by root. Since all users on the system are in the group "users, it means that every user on the system can read and modify files created by other users. Files created by root can only be modified by root, but can be read and executed by anyone. RISK ACCEPTED: the Ellucian Colleague software requires that all users be able to modify database-related files at the operating system level. Application level security restricts what users can have access to (see security in section ) Unidata The UniData catalog (currently /usr/ud73/sys/ctlg) that holds global subroutines and other program code is set up with world-writable permissions on every subdirectory. UPDATE ( ): the permissions and ownership of these files has been changed to remove the world write access, but this must be applied each time a new version of UniData is installed Easy Spooler The following files in /var/spool/lps/adm have world write access. -rw-rw-rw- 1 root root Aug 1 10:57./adm/queue -rw-rw-rw- 1 root root Aug 1 10:57./adm/pctl -rw-rw-rw- 1 root root Aug 1 06:36./adm/rclog -rw-rw-rw- 1 root root Aug 1 06:30./adm/queue.old -rw-rw-rw- 1 root root Aug 1 05:45./adm/pctl.old -rw-rw-rw- 1 root root Jul 28 15:58./adm/oldrclog -rw-rw-rw- 1 root other 2482 Mar 6 10:33./adm/ezpref_root.ezr RISK ACCEPTED: These files will be left alone until the impact of changing the permissions can be established Sharing Data on Software and Information Systems Updating Student and Business Information 4.13 Backup, Recovery and Archiving Backup and Recovery of Systems (See Standard ) System Backup Backup Schedules There are three different backup schedules on the Colleague server and each schedule has a specific frequency and retention rate. Hourly Snapshot - retained for 24 hours Daily Incremental Backup - retained for 1 week 11

12 Weekly Full Backup - retained for 1 year Hourly All data files are kept on a dedicated Storage Area Network (SAN). The SAN management software creates a disk-level snapshot every hour that can be used to recover files from deletion or other soft errors. The snapshot is then replicated to the SAN at the North Campus Data Center where it is available for recovery from a hardware failure or other hard error Daily Incremental The daily backup is performed by the Unitrends appliance and uses it s own agent to create a file-level backup of the server OS and data Weekly Full The weekly backup is also performed by the Unitrends appliance and is scheduled to run on Sunday Data Recovery Restore from the Backup Appliance Files are restored from back-up through the Unitrends Management Interface ( When restoring single files it is best practice to choose to restore them to a different location and then copy the files back to the original location once the contents have been verified. When restoring to the production environment, the data owner must verify that the data has been restore correctly before resuming production activity Restore From SAN There are two methods one can use to restore data from the SAN. The first is to is copy individual files from from a local snapshot, and the second is to roll back to a known good snapshot on the SAN (warning: a rollback is permanent) Backing Up Data on Portable Computers 4.14 Using Outsourced Processing and Third Party Services 12

13 Chapter 5 Physical Security 5.1 Premises Security 5.2 Other Premises Issues 13

14 Chapter 6 Cyber Security Incident Response 6.1 Combating Cyber Crime 6.2 Reporting Information Security Incidents 14

15 Chapter 7 Business Continuity and Risk Management 7.1 Business Continuity Management 7.2 Information Technology Risk Management Program 15

16 Appendix A Revisions [2015] October 23 - Jakim Friant - Reformatted the document to follow the headings from the latest IIPS IT Standards. Updated the section on Colleague backups. Added the information about secure wireless. [2015] October 20 - Jakim Friant - Updated the document for SACS. Removed all references to the legacy (IIPS) system. Updated the Colleague information to reflect the changes to the software (Release 18), SAN, and Backups. Removed outdated information about automatic and manually process. [2007] May 8 - Jakim Friant - Updated the link to IT forms in section Link. In section Link, added a short description of Default Access, and added udssltelnet to the list of default access ports. Updated the script name in section Link. Changed the title from Information System Analyst to Colleague System Administrator in section Link. Added Informer to the list of data extraction tools in section Link. Changed "You" to "One" in the update paragraph in section Link. Added two sections (Link and Link) about backing up to and restoring from the new IPStor SAN. [2006] August 1 - Jakim Friant - Added a new list of world-writable files that are used by Easy Spooler and updated the notes about UniData to reflect the changes in permissions in section Link. [2006] May 8 - Jakim Friant - Added a note about the online resources (knowledge base, etc) with the URL. [2006] March 28 - Jakim Friant - Added information about the way the syslog is configured in section Link. Added note on UniData directory permissions in section Link. [2006] March 27 - Jakim Friant - Updated user creation guidelines and added links to the Colleague form in section Link. Updated the section on automated processes to reflect the fact that these have moved from IIPS to Colleague. Added notes about the log filter script in section Link. Added appendices on cron schedules and firewall ports. Removed the section on patch removal since it is duplicated in the knowledge base. [2006] March 16 - Jakim Friant - Began converting layout to match the IT Standards released by the System Office. [2006] Jan Jakim Friant - Added additional information about restoring from back-up tapes. Added information about system accounts that have passwords which do not expire. Updated section Link with current guidelines on creating user accounts. Added guidelines to review log files (section Link), on the securing of terminals that transmit and receive data (section Link), and notes about Datatel s transaction logging (section Link) [2006] Jan Jakim Friant - Added information about /etc/gateways on Solaris servers in section Link. Added section Link covering user access to system data. Removed Part 5 about common solutions since it was out-dated. [2005] Sept Jakim Friant - Renamed section Link. Updated section Link to include SSH access. Content under Security changed to a subsection labeled additional access control, and the password subsection moved under security. Added section Link on system auditing and log files. 16