Scribd
Upload
123 views5 pages

Server Security Checklist: Server Identification and Location

This document is a server security checklist that contains various security controls and best practices for securing servers. It includes sections on maintaining a secure network and physical environment, keeping systems patched, enabling proper logging, implementing system integrity controls, performing vulnerability assessments, enforcing authentication and access controls, and ensuring backups and disaster recovery plans are in place. The checklist provides references for each control and space to initial that the control has been implemented.

Uploaded by

Suresh Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
123 views5 pages

Server Security Checklist: Server Identification and Location

This document is a server security checklist that contains various security controls and best practices for securing servers. It includes sections on maintaining a secure network and physical environment, keeping systems patched, enabling proper logging, implementing system integrity controls, performing vulnerability assessments, enforcing authentication and access controls, and ensuring backups and disaster recovery plans are in place. The checklist provides references for each control and space to initial that the control has been implemented.

Uploaded by

Suresh Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Server Security Checklist

Server identification and location: _________________________________________________

Completed by (please print): ___________________________ Date: _____________

Signature: _________________________ Next scheduled review date: _______________

Manager’s signature: ________________________________ Date: _____________

Secure Network and Physical Environment Ref. Initials


1. Server is secured in locked rack or in an area with restricted access. (1.1)

2. All non-removable media is configured with file systems with access controls enabled. (1.2)

3. Server is set up in an environment with appropriately restricted network access. (1.3)

4. The server displays a trespassing banner at login. (1.4)


If unable to display banner, check box 

Patching/ Server Maintenance Ref. Initials


5. There is a documented maintenance process to keep applications and operating systems
at the latest practical patch levels. (2.1)
Where is it documented? ___________________________________
6. Vendor-supported operating systems and application patches are readily available to RIT. (2.2)

7. Operating systems or applications that are no longer supported by the vendor or an


open source community have an exception request pending or granted by the ISO. (2.2)

8. There is a documented maintenance process which includes a reasonable timetable


for routine application of patches and patch clusters (service packs and patch rollups). (2.3)
Where is this documented? _________________________________________
9. Systems supported by vendor patches have the patch application integrated into
a documented server maintenance process. (2.4)
Where is this documented?__________________________________
10. There is a process to inventory the current level of patches specific to this server (2.5

11. There is a process for monitoring patch installation failures (2.6)

Logging Ref. Initials


12. Server is configured with appropriate real-time OS/application logging turned on. (3.1)

13. There is a documented process for routine log monitoring and analysis. (3.2)
Where is it documented? ____________________________________________
14. Reviews are conducted periodically to ensure effectiveness of the server logging process. (3.3)
How often? (At least monthly): _________________________
15. There is a schedule for log monitoring of the server. (3.4)
Where is it documented? _________________________________________

Creative Commons Share Alike License


ServerSecurityChecklist-2014.doc 1 of 5 Revised 12/21/2017
Server Security Checklist

16. Logging has been configured to include at least 2 weeks of relevant OS/application information. (3.5)
The logging elements include:
 All authentication
 Privilege escalation
 User additions and deletions
 Access control changes
 Job schedule start-up
 System integrity information
 Log entries should be time and date stamped
17. Intentional logging of private information, such as passwords, has been disabled. (3.6)

18. Logging is mirrored in real time and stored on another secure server. (3.7)

System Integrity Controls Ref. Initials


19. System is configured to restrict changes to start-up procedures. (4.1)

20. There is a documented change control process for system configurations (4.2)
Where is it documented? _____________________________________
21. All unused services are disabled. (4.3)

22. If available, anti-virus software and definitions are current and up-to-date. (4.4)

23. Server has a host firewall installed and enabled. (4.5)

24. Is host-based intrusion prevention software (HIPS) enabled? (Y/N)_____________ (4.6)

25. Is this an authentication server? (Y/N)_________ (4.6)

(Host-based intrusion prevention software is required for authentication servers)


26. If available, hardware-based system integrity control is enabled. (4.7)

Vulnerability Assessment Ref. Initials


27. A pre-production configuration or vulnerability assessment has been performed on (5.1)
the server and its services prior to moving to production.
28. Server was scanned using an ISO-approved vulnerability scanner before being moved (5.2)
to production, after being moved to production, and ISO-specified periods thereafter.
How often is the server being scanned? _________________________
29. A copy of the configuration and/or vulnerability assessment reports done at initial server (5.5)
configuration has been retained for possible future use by the ISO.
30. After vulnerabilities with the CVSS score of 7 or greater are announced the (5.6)
corresponding patches and/or configurations are updated within one business day.
31. If no CVSS applies to a vulnerability then the vulnerability should be evaluated for (5.6)
remote exploitation.
32. The ISO is authorized to perform vulnerability scanning for this server. (5.3)

Creative Commons Share Alike License


ServerSecurityChecklist-2014.doc 2 of 5 Revised 12/21/2017
Server Security Checklist

33. The ISO vulnerability scanner is not blocked specifically or permanently whitelisted. (5.3)

34. A systems/server administrator is authorized to perform scans when approved by the (5.4)
system owner or the ISO.
Is there anyone else authorized to perform scanning?(Y/N)________
If yes, who? ________________________________________
35. Confirm only ISO-approved security assessment tools are used for scanning (acceptable tools
are listed at: https://www.rit.edu/security/content/technical-resources. (5.7)

Authentication and Access Control Ref. Initials


36. All trust relationships have been identified and reviewed. (6.1)

37. All manufacturer and default passwords have been changed. (6.2)

38. Strong authentication has been configured for all users with root or administrator system privileges.(6.3)
Refer to the ISO website for a list of strong authentication practices.
39. Access Control has been configured to allow only authorized, authenticated access to the system (6.4)
and its applications and data.
40. There is a documented process for granting and removing authorized access (6.4)
Where is it documented? ____________________________________
41. Generic or persistent guest accounts allowing user interactive logins have been disabled. (6.4)
(Service accounts are excluded from this requirement.)

Backup, Restore, and Business Continuity Ref. Initials


42. Operationally Critical data has been backed up. (7.1)

43. All servers with Operationally Critical data have documented back-up, system and application (7.1)
restoration (including configurations) and data restoration procedures to support business
continuity and disaster recovery planning.
Where is this documented? ____________________________________
44. Back-up procedures are verified at least monthly through automated verification, customer (7.1)
restores, or through trial restores.
How often are they verified? _____________________________
45. Backups are not being stored solely in the same building where the Operationally Critical (7.1)
data is located.
46. Backups have been made readily accessible. (7.1)

47. Measures to transmit server back-ups securely have been put in to place. (7.1)

48. Back-up media is compliant with the Portable Media Security Standard. (7.1)

Creative Commons Share Alike License


ServerSecurityChecklist-2014.doc 3 of 5 Revised 12/21/2017
Server Security Checklist

Applications Administration Ref. Initials


49. The application administrator is responsible for application-specific aspects including ensuring (8.2)
the application is in compliance with the server standard where applicable.
50. The applications/module administrator is responsible for ensuring the security of their (8.1)
applications/modules.
51. For each application, the application owner should identify an application administrator and (8.1)
systems administrator. These administrators should be approved by their management.
(Use the form on the last page to list all applications and their application and systems administrators.)

Security Review and Risk Management Ref. Initials


52. Is this a new server installation? (Y/N) ______ (9.1)
If No, skip to 53.
53. A security review/risk assessment has been completed (9.1 - 9.2)
(See ISO Server Security Standard Section 9.2 for specific criteria.)
When? _____________________________________
By who? ____________________________________
Are they ISO approved? _______________________
54. Any system or application administration contract is reviewed by purchasing for appropriate
risk management clauses. (9.5)

Server Registration Ref. Initials


55. The server has network access and has been registered in an ISO-approved centralized (10.1)
registration system.

Server Hardware Replacement and Retirement Ref. Initials


56. Have there been any server storage media and/or devices containing RIT Confidential Information(11.1)
been removed or replaced? (Y/N)___________
If yes, the media or device should be degaussed or the data otherwise rendered unrecoverable.

Server Administration Ref. Initials


57. All computers used to administer servers conform to the requirements for RIT-owned or leased (12.1)
computers as stated in the Desktop and Portable Computer Security Standard.
58. Secure protocols are being used for administrative functions and transmission of login credentials. (12.2)
59. NTP and DNS have authoritative sources. (12.2)

High Performance and Distributed Computing Ref. Initials


60. Does this server participate in High Performance/Distributed Computing/grid computing? (13.1)
(Y/N) ________
If yes, list which one: _____________________________________________

Servers that do participate in this type of computing should employ appropriate and documented
safeguards to protect RIT Confidential Information and access to RIT internal networks.

Creative Commons Share Alike License


ServerSecurityChecklist-2014.doc 4 of 5 Revised 12/21/2017
Server Security Checklist

(For Checklist Item #50/Standard Requirement 8.1)

Application Application Administrator Systems Administrator


__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

__________________________ ________________________________ ______________________________

For more information:


RIT Information Security
585-475-4122
[email protected]
https://www.rit.edu/security

Creative Commons Share Alike License


ServerSecurityChecklist-2014.doc 5 of 5 Revised 12/21/2017

You might also like