Server Registration - Register Your Server

Step by step instructions on how to register your server.

Registration process

  1. Ensure your server satisfies server requirements.
  2. Ensure that your server also meets NIST 800-171 Rev 2 Security Requirements 
  3. Make sure that you classify the data that will be stored on the server with NDUS 1203.7 Data Classification Standards 
  4. Understand and Follow Guidelines for Protecting Sensitive Data
  5. Fill out the Server Registration Request Form.
    Submitting this form will initiate a Server Registration Request, creating several emails and a Service Now ticket.
  6. You will receive an Outlook Calendar Request to perform the Server Assessment. Accept or propose a better time for the Server Assessment.
  7. Once the server assessment is scheduled, the Service Now ticket will be sent to Network Engineering and Operations to reserve the IP address and DNS Name (if requested). You will be notified by email when the IP Address and DNS Name (if requested) is reserved.
  8. Run Center for Internet Security Compliance Check Software and perform all remediation steps that you can. Send the results to the NDSU IT Security Officer.
    • Lynis for Linux Computers -  lynis -Q -- report-file (name of server)
    • CIS-CAT Pro for Most Operating Systems - Located in the Google Team Drive - If you need access to the Team Drive please contact ndsu.itso@ndsu.edu
      • Download and Unzip from Google Drive
      • Use an Administrator Command Line tool
      • Change directory to the unzipped folder and then to the Assessor folder
      • In the Command Line enter ./Assessor-CLI.bat -i -html
      • Enter the Number that corresponds with the OS that you are running the report on
      • Enter Number 1 to use that benchmark
      • The scan will run and tell you where you can get your HTML report that you can use to secure your device
  9. Run an nmap -p- and an nmap -sU -p- on your sever. 
    • Save the results to a text document to provide open and filtered/closed ports
    • Any TCP/UDP Ports that are open and not needed will have to be closed with Firewall rules
    • Open TCP/UDP Ports will need to be justified in a document stating reason that the port is open and what scope is being used to protect that port.
    • Create a document with the above and use  this link to upload the document to a secure file transfer location https://filetransfer.ndsu.edu/filedrop/ndsu.itso@ndsu.edu 
  10. Be prepared to answer the following questions about your server for the assessment:
    • What applications are installed on the server?
    • What data will be on the server? 
      • Provide a list of the data that will be required for the service 
        • Give a list of the column names of the data
          • stating that txt, csv, mov files are collected is NOT sufficient, we need to know what specifically is being collected 
      • Provide a list of the data that will be generated by the service 
        • Give a list of the column names of the data
          • stating that txt, csv, mov files are collected is NOT sufficient, we need to know what specifically is being collected 
      • Provide a list of the data that will be stored on the server 
        • Give a list of the column names of the data
          • stating that txt, csv, mov files are collected is NOT sufficient, we need to know what specifically is being collected
    • What have you enabled on the server for data protection?
      • Do you have MFA enabled for remote login?
      • Do you have Rate Limiting enabled for services?
    • Who is going to be able to access the server?
      • Please Provide a list of User accounts on the Server
      • Please Provide a list of User accounts on the Applications that will be running
      • Please Provide an approximate number of people that will be utilizing the services
    • How is the server going to be accessed?
  11. The Palo Alto Cortex XDR Agent needs to be installed, please contact ndsu.itso@ndsu.edu to get the installer for the client.  
  12. The 710 Document will be sent through DocuSign. Please complete and digitally sign the document. The document will also be sent to the heads of your department to sign.
  13. When the Assessment is over, a Nessus scan will be levied against the server and its results sent to you.
  14. System Administrators are to follow these Security Responsibility Guidelines 
If this is New Hardware for an existing service the Server Registration process will have to start from scratch. 

Server Requirements

Account Control Plan
Strong passwords/pass-phrases are used and their use is enforced. Accounts on the server are unique and those that are not needed are disabled or removed. Access to data is on a need to know basis
Patching Plan
Operating System Patches are installed in a timely fashion and given a priority. This plan also includes the application that the server is going to be using and any other 3rd party applications.
Access Controls
All servers have some network access controls enabled, capable of limiting network and Internet access to the server. The server is in a secured location with limited physical access. When possible, the applications and services will work in a non-administrative mode.
Malware Controls
Operating Systems that are historically susceptible to malware attacks have protection installed, enabled, and be able to be updated.
Logging
Operating System level and Application level events are to be logged to assist in troubleshooting and forensic investigations.
Backups
A plan is in place for the backup/recovery of data. Data backups should be stored in an off-site secure location.
Offsite Logging
Store logs in a different location or a central repository so they are not lost due to failure or breach.
Repurposing Plan
A plan is in place to ensure data protection, either physical destruction of the storage media or digital data destruction when the server repurposed or retired.
Data Encryption
Ensure that if data needs to be protected based on data classification and standards, it is encrypted both at rest and in transit.
Multifactor Authentication
Multifactor authentication will be used for servers handling or storing sensitive data.


Keywords:
security register server nmap CIS-CAT Data Classification 
Doc ID:
99013
Owned by:
IT Security in NDSU IT Knowledge Base
Created:
2020-03-17
Updated:
2024-11-19
Sites:
NDSU IT Knowledge Base