Security bingo for administrators
Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.
Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security.
My service or system…
…is following a software development life-cycle. | …is patched in an automatic and timely fashion. | …runs a tightened local ingress/egress firewall. | …uses CERN Single-Sign-On (SSO). | …has physical access protections in place. |
…runs all processes / services / applications with least privileges. | …has a defined and documented disaster recovery plan. | …is logging remotely all accesses and critical actions. | …is maintained by administrators who followed dedicated security training sessions. | …has no openings in CERN’s outer perimeter firewall. |
…restricts access to all privileged accounts to a very few people. | …does not use shared folders. | …adheres to the CERN “Security Baselines for Servers”. | …has all USB ports disabled. | …has a password protected BIOS, IPMI interface and boot loader. |
…is managed by a configuration management system. | …has had all its code & configuration reviewed. | …restricts user access. | …uses very few local accounts. | …has all unnecessary processes and services disabled. |
…is running a local intrusion detection system (IDS). | …does not use any default passwords. | …has been successfully scanned by the Computer Security Team. | …tightly controls access to all local data stores. | …has all modems disabled. |
In the event of more than three credibly correct replies, we will draw from the pool of these correct replies.