Thursday, May 28, 2009




Periodically Classified System Administrator’s Task

Daily Task

Review Audit logs:

  • Check application log for warning and error messages for service startup errors, application or database errors and unauthorized application installs.
  • Check security log for warning and error messages for invalid logons, unauthorized user creating, opening or deleting files.
  • Check system log for warning and error messages for hardware and network failures.
  • Check web/database/application logs for warning and error messages.
  • Check directory services log on domain controllers.
  • Report suspicious activity to IAO
    [Tools – Windows: Event Viewer]

Perform/verify daily backup:

  • Run and/or verify that a successful backup of system and data files has completed.
  • Run and/or verify that a successful backup of Active Directory files has completed on at least one Domain Controller.
    [Tools: Windows Backup Tool, Other Backup Software]


Track/monitor system performance and activity:

  • Check for memory usage
  • Check for system paging
  • Check CPU usage
    [Tools: Microsoft Management Console/ Performance Log and Alerts/ Task Manager/ System Monitor/ Microsoft Operations Manager]

Check free hard-drive space:

  • Check all drives for adequate free space.
  • Take appropriate action as specified by site's Standard Operating Procedures
    [Tools: Disk Defragmenter/ Disk Management/ Disk Quotas]

Physical checks of system:

  • Visually check the equipment for amber lights, alarms, etc.
  • Take appropriate action as specified by site's Standard Operating Procedures.

.

.

Weekly

Archive Audit logs:

  • Archive audit logs to a media device with one year retention

Perform/verify weekly backup:

  • Run or verify that a successful backup of system and data files has been completed
    [Tools: Windows Backup Tool/ Other Backup Software]

Update Anti-Virus signature file:

  • Download and install current Anti-Virus signature files

Run Anti-Virus scan on all hard-drives:

  • Scan all hard-drives using current Anti-Virus signature files

Check Vendor Websites for Patch Information:

  • Check vendor websites such as Microsoft, Sun, HP, Oracle, etc fornew vulnerability informations including patches and hotfixes

Run file system integrity diagnostics:

  • Run diagnostic tools to detect any system problems
    [Tools: Disk Defragmenter/ Error-checking tool/ Device Manager]

Check for Password Files:

  • Perform file search on system checking for documents containing words such as 'password', 'passwd', 'pwd', etc

Perform Wireless Check:

  • Check system for wireless devices and access

Perform server clock/time synchronization:

  • Synchronize system clock with master server
    [Tools: Windows Time Service]

Check for Unnecessary Services:

  • Check system services for any unnecessary services running

.

.

Monthly

Perform Self-Assessment Security Review:

  • Review technology checklist for any changes
  • Run current security review tool
  • Import results into Vulnerability Management System (VMS)
    [Tools: For Windows: DISA FSO Gold Disk and Scripts/ eEye Retina Scanner/ Citadel Hercules Remediation Tool]

Perform Hardware/Software Inventory:

  • Review hardware and compare to inventory list
  • Review software and compare to inventory list
  • Update VMS, where applicable

Run Password-Cracking Tool (Domain Controller only)

  • Run (or verify IAO team has run) a password-cracking tool to detect weak passwords
    Provide output to IAO team
    [Tools – Windows: John-the-Ripper/L0phtCrack]

Perform/verify monthly backup:

  • Run or verify that a successful backup of system and data files has been completed.
    [Tools: Windows Backup Tool/ Other Backup Software]

Verify User Account Configuration:

  • Run DumpSec tool to verify user account configuration
  • Verify and/or delete dormant accounts with IAO approval
  • Provide output to IAO team
    [Tool available on DISA FSO Gold Disk (Windows)]

.

.

Quarterly Task

Test backup/restore procedures:

  • Restore backup files to a test system to verify procedures and files
    [Tools: Windows Backup and Recovery Tool/ Other Backup Software ]

.

.

Annually Task

Change Service-Account passwords:
Work with appropriate application administrator to ensure password changes for service accounts such as database accounts, application accounts and other service accounts are implemented

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)