Guidelines for Trusted Computing
Guidelines for Securing Sensitive Systems
Systems that store or process sensitive information should be managed
according to the guidelines identified in this document. For general, non-technical strategies
on handling sensitive information in your unit, please consult the
Guidelines for Handling Sensitive Information.
For help determining whether an information system should be classified as a sensitive system,
please consult the Information Classification Standard.
The guidelines set forth in this document are not necessarily requirements and
are not intended to supersede any of the requirements established in ratified
UGA information security policies and standards.
Pertinent policies and standards include:
Click any statement to reveal the official text and commentary where available.
Expand All
View Printable Version
Guidelines
Establish responsibility for security
The sensitive system should be managed by a
designated part of the organization, and responsibility for the security of the system should
be assigned to an individual.
Screen employees
A background check should be conducted prior to employment or before a change of employment for all employees,
contractors, or 3rd party users who would operate or have access to the sensitive system.
Establish procedures for changes of employment
After termination, change of employment, or change in contract or duties, the access
rights of all employees, contractors and third party users to the sensitive system
should be revoked or updated appropriately.
The UGA Human Resources
Exit Checklists provide detail on the required steps for transfer or termination.
Provide physical security
Sensitive systems should be hosted in an area that
protects the system from unauthorized physical access. The
should be applied to physical access.
Barriers such as walls, barred windows, card controlled or lockable doors, manned reception
desks, etc. can all be used to ensure that an area is physically secure.
Protect removable media
Media containing sensitive information should be protected against unauthorized access,
misuse or corruption in storage and/or during transportation beyond the organization's
physically secure area boundaries. Encryption should be considered for all removable
media that contains sensitive information.
Truecrypt is a free tool that
can be used for whole disk or file encryption. Hardware encryption is another emerging
option for encryption. Both Ironkey and
Lexar are secure
USB flash drive products.
Securely dispose of media
Provide a dedicated computing environment
Sensitive systems should have a dedicated computing
environment to support the , minimize potential vulnerabilities,
and reduce the risks of unauthorized access or misuse.
For example, web servers and database servers should have separate, dedicated computing
environments rather than running on the same server. Development and production environments
should also be separated.
Limit network access
Network access to sensitive systems should be limited
as appropriate to ensure least access to the system and to prevent unauthorized access to
the networked system.
For example, a firewall may be deployed to limit connections to a
web server to legitimate web traffic only, or a system may be assigned a private, non-routable
IP address to assure local network communication and restrict internet communication.
The system should be appropriately separated from other systems and services on the local network.
For example, a database server might only allow network connections from a web server that it
supports.
Appropriate authentication methods should be used to control access by remote users connecting
from shared or external networks. For example,
UGA's enterprise VPN service can be used to authenticate users and allow access to the
core UGA network from the Internet.
Control user account access and privileges
The allocation and use of user account privileges on sensitive systems
should be restricted and controlled in accordance with the
to reduce opportunities for unauthorized or unintentional modification or
misuse of the system. There should be a formal registration process for user accounts and
users should have a unique identifier (user ID/login name) that is assigned for their personal
use only and not shared. User privileges should also be reviewed at regular intervals.
The UGA MyID and Password is the recommended unique
identifier and password for most applications and systems.
Secure login and authentication procedures
Access to sensitive systems should be controlled by a secure/encrypted log-on procedure.
Passwords should be assigned appropriately and in compliance with the
UGA Password Policy.
Establish session controls
Restrictions on connection times should be used to provide additional security for sensitive
systems. Inactive sessions should expire after a defined period of inactivity.
Validate input and output in applications
Input and output data validation checks should be incorporated into sensitive system
applications to prevent corruption of information through error or misuse, and to minimize vulnerabilities.
Web applications in particular are subject to many threats that take advantage of insecure
input and output validation practices.
The Open Web Application Security Project (OWASP) can be consulted for help on validating data
in web applications.
Protect against malicious code
Detection, prevention, and recovery measures to protect against malicious code and
appropriate user awareness procedures should be implemented.
F-Secure is freely available to the UGA community and provides
anti-virus, host-based firewall, host-based intrusion detection, and anti-spyware functionality.
Log and monitor
System administrator and system user activities should be logged and monitored on sensitive
systems to help detect unauthorized information processing
activities. Faults should also be logged, analyzed and appropriate action taken.
All logging systems and log information should be protected against tampering and
unauthorized access, and the system clocks of the system and all relevant logging systems
should be synchronized with an agreed accurate time source.
Establish a change management process
Changes to sensitive system should be
controlled by a formal process. Changes should be reviewed, documented and tested to ensure
there is no adverse impact on the operation or security of the sensitive system.
Identify and manage vulnerabilities
Vulnerabilities in sensitive
systems should be identified, evaluated, and appropriate measures taken to minimize the
risk of unauthorized access to or misuse of the system. Sensitive systems should be
patched in a timely manner and unnecessary services should be disabled to minimize potential
technical vulnerabilities. When sensitive systems are being developed and implemented,
known vulnerabilities should be accounted for.
Units can participate in the
Campus Vulnerability Management service to receive scheduled vulnerability
reports and remediate plans, or use the secure configuration checklists such as
UGA's CheckIT or
SANS SCORE to help manage
technical vulnerabilities.
