Security Administration Overview
Security administration is the process of putting security controls into effect within the IT infrastructure. Security administrators configure and maintain all of the computers and devices to uphold your security policy. While many of a security administrator’s tasks center on Windows server and workstation computers, other devices also require attention. As a security administrator, you’ll be responsible for ensuring that the following hardware components are secure:
Windows servers
Windows workstations and mobile devices
Network connection media
Network connection devices (hubs, switches, routers, gateways, and firewalls)
Wireless access points
Printers
Shared storage devices
Scanners
Any other network devices
The responsibilities of security administration extend far beyond managing hardware. The following are examples of additional items security administrators must ensure are up to date and configured to be as secure as possible:
User accounts
Authentication methods and credentials
Windows OSs
Application software
Anti-malware software and signature databases
Other supporting drivers and software
Software tools and utilities
Group Policy
Active Directory (AD)
Backup schedules
Recovery plans
Maintenance plans
Security administration is the process that puts security controls in place.
The Security Administration Cycle
The security administration process is not a straight-line process that is completed and finished. Security administration is a cycle. The Deming cycle is one common method that describes the phases that you will encounter in security administration. The Deming cycle was made popular by Dr. W. Edwards Deming. It explains standardized quality control. The Deming cycle is also known as the Plan-Do-Check-Act (PDCA) process:
Plan—Establish objectives and the processes to meet a goal. In security administration, the stated goal is one aspect of a security policy. A specification document will be created during the planning activity. It details how to measure your results to determine if you’ve met your goal.
Do—Implement the process you planned in the previous step.
Check—Measure the effectiveness of the new process and compare the results against the expected results from the plan.
Act—Analyze the differences between expected results and measured results. Determine the cause of any differences and proceed to the Plan process to develop a plan to improve the performance.
FIGURE 10-1 shows the PDCA cycle.
FIGURE 10-1
Plan-Do-Check-Act cycle.
© Jones & Bartlett Learning.
Security administration is a quality process. Several basic concepts help keep activities in perspective. First, quality is a continuous process, not a single goal. There is always room for improvement in any IT infrastructure. It is your responsibility as a security administrator to constantly follow the PDCA cycle. Following the cycle ensures that your environment maintains the highest level of security possible.
Second, a proactive plan for security is less expensive than a minimal plan relying on detective controls. Manufacturers know that reducing defects in their processes saves more money than using inspections to catch the defective items. Prevention is always better than a cure. The same concept in security means it is better to implement preventive controls than to rely on detective controls to throw an alert when something bad happens. In reality, both types of controls are needed. Search for a control that denies an undesired action. If controls stop an attack before damage occurs, you’ll spend less time hunting through audit logs trying to figure out what happened.
Security Administration Tasks
The security administration process includes any tasks that directly support an organization’s security policy. The security administrator’s role includes tasks to keep a Windows environment secure. TABLE 10-1 lists some of the more prominent tasks of a security administrator.
TABLE 10-1 Common Security Administrator Tasks |
|
|---|---|
| TASK | DESCRIPTION |
| Provide input for Acceptable use policies (AUPs) | AUPs provide users with a documented statement of actions that are acceptable and unacceptable. AUPs provide guidance for aspects of computer use, such as email, Internet, personal use of business computers, and standard of care when handling business information. Developing AUPs gives planners the ability to state security goals, define controls, and decide on consequences for noncompliance. |
| Enforce password controls | Password controls are some of the most common and visible controls because they affect every user. A user’s password is one of the first targets for many attackers. |
| Enforce physical security standards | Physical security is an important layer to secure all components in the IT infrastructure. Components that store or transmit sensitive data should have stronger physical controls. For example, the database servers that store an organization’s most critical and confidential data should be located in a room with a controlled environment and very limited physical access. |
| Deploy controls to meet encryption requirements | Enforce encryption for data at rest and when sensitive data are transmitted across the network. Appropriate controls depend on data sensitivity and its destination. For example, most, if not all, data should be encrypted when the information is transferred to clients over the Internet. Data transferred between two trusted servers both in a secure datacenter, however, may not need encryption. |
| Implement backup policies | Develop schedules and procedures to ensure all IT infrastructure components are backed up with current data. Waiting too long between backups may mean available backups aren’t very useful for recovery. |
| Keep software up to date | Ensure all OS and application software has as many necessary patches applied as possible without affecting the environment’s ability to perform business functions. |
| Ensure anti-malware controls are current and in force | Enforce requirements to ensure anti-malware software is in place on all computers and is kept up to date. |
| Monitor log files | Identify log files and regularly review each file for unauthorized activity. Know what you’re looking for and have a plan of action if unauthorized activity is located. |
| Monitor system and network performance | Monitor system performance measurements for critical computers and network devices for unusual activity. Have plans in place to react to any identified unusual activity. |
© Jones & Bartlett Learning. |
|
The tasks in Table 10-1 do not represent all of the responsibilities of a security administrator. The tasks listed tend to be common examples across organizations. Each organization will have a slightly different list of tasks its security administrators carry out to maintain a secure environment.