Information Security Resources for System Administrators
Security Responsibilities of Systems Administrators
- Ensure that your servers
are properly secured.
- Ensure that your web applications follow Penn's
- Familiarize yourself with all of Penn's information security, networking
and privacy policies.
- Identify, register with Information Security and bring into compliance,
any Critical Hosts
for which you are responsible.
- Subscribe to the appropriate Penn
security mailing lists.
- Subscribe to your operating system vendor and application software vendors'
security advisories email list.
- Report all critical
security incidents to information security.
Alerts & Advisories
- CERT: The CERT Coordination
Center (at Carnegie Mellon) has up-to-date security alerts, as well as general
security advice and research resources
- SANS: Internet Storm
Centermonitoring and reporting on global internet traffic
Security Bulletins from MS TechNet
Security updates from AppleCare's KnowledgeBase
Advisories and information from LinuxSecurity
- Virus alerts from Penn's
virus information center
Security Guides & Checklists
In recent years Penn Information Security has provided site-licensed copies of the "Step-By-Step" Guides from the SANS Institute for securing the major operating systems, however, we no longer are licensing them. In their place we are recommending that support providers and system administrators make use of the excellent tools and checklists (most of them free) available from the Center for Internet Security at their website: www.cisecurity.org.
Even though the SANS Step-By-Step Guides are no longer available at Penn, the SANS website www.sans.org remains an excellent source of information, white papers, etc.
- Web Security Standards:
Things to consider in order to limit the risks associated with using web-based
applications for sensitive data
Old Computers: How to prevent private or sensitive information from accidentally
being given to the recipients of donated or discarded equipment.
Last updated: Friday, July 13, 2007
Information Systems and Computing, University of Pennsylvania