Page History

...

Security Services/Features needed (based on SLAC MinSec):

1. Anti-virus Software
   1. Install and configure ClamAV (optional, since not in moderate enclave)
2. Application Patches
   1. Configure automatic updates for Applications via apt/yum config
3. Authentication
   1. Requirements met for global accounts via Global account authentication policy handled by Active Directory rules
   2. Use Chef Compliance to scan for and any enabled insecure protocols such as telnet and ftp
4. Logging
   1. Configure syslog to log to central syslog server, and enable logging locally to /var/log/everything
5. Network Services
   1. Check for inappropriate network services via Chef Compliance
6. Operating System Patches
   1. Configure automatic updates for OS patches via apt/yum 
7. Passwords
   1. Configure local password quality checks and policies (expiration time, etc) according to SLAC password policy
   2. Global account password policy handled by Active Directory
8. Baseline Security Configuration
   1. Chef Compliance CIS Desktop profile (modified where appropriate) will be used as baseline
   2. Chef Compliance scanning can report on compliance level for our baseline
9. Training
   1. No additional changes needed (same SLAC Training Assignments are required)
10. Security Scanning
    1. Local scanner account will be enabled to allow authenticated Nessus scans by Cyber Security team
11. Banner
    1. The SLAC DOE login banner will be configured

...

Reference Documents:

• Published SLAC Policies and Governance SLAC Controlled Documents page:
  https://docs.slac.stanford.edu/sites/pub/Pages/SLAC_Policies.aspx
  
  

• Minimum Security Requirements for Computing
  https://docs.slac.stanford.edu/sites/pub/Publications/701-I02-001-00_Min_Sec_Req_for_Comp.pdf
  
  

• Configuration Management Procedures in the SCS twiki:
  https://novel.slac.stanford.edu/twiki/bin/view/SCCS/ConfigurationManagement

   

• SLAC Password Policy
  http://www2.slac.stanford.edu/computing/security/password/passwordpolicy.htm