Manage Servers with Confidential Information

Important Steps for Configuring Active Directory

 

Logging:

  • Keep domain controller logs centrally.
  • Keep security logs from all domain joined servers centrally.
  • Create and monitor alerts on:
    • The use (success or failure) of any domain administrator credentials.
    • The use of any local administrator credentials.
    • Changes to domain administrator or other sensitive groups in AD.

Cached Credentials:

  • Use GPO to set cached credentials on servers to the minimum you possibly can (0 or 1 for servers - for desktops, you may find...
Read more about Important Steps for Configuring Active Directory

Securely overwrite or destroy physical media

Securely overwrite disk drives in servers at a block level or physically destroy when the server is removed from service or disk drives are permanently removed from servers.

Report possible breach, loss or theft of confidential information

Follow instructions posted on the Information Security Website to start the incident reporting process. The University CISO and the OGC will be informed as appropriate of any known or suspected breach of a server containing confidential information. In addition, the University maintains a whistleblowing policy. The policy is intended to encourage all members of the Harvard community to report suspected violations of law or Harvard...

Read more about Report possible breach, loss or theft of confidential information

Use software to review logs

Use software (e.g. Splunk) to periodically review the server and application logs to see if the system is under attack (e.g., many bad password guesses) and that the users are following documented practices (e.g., not logging as root).

Identify user and time of access

User and administrator access to servers and applications must be logged, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use.