Operations Run Book Found

8/21/2019 Operations Run Book Found

1/47

Operations Run Book

Enter Client’s Name Here

Prepared By: Managed Services, Champion Solutions GroupVersion: 1.00Pulication !ate: 0"#0$#1% & ':%$:(( )M

* Copyright "00% Champion Solutions Group

All rights reserved. The information contained in this document is the proprietary information of Champion Solutions Group and may not be used, duplicated, or disclosed except for its intended purpose. All company or product names mentioned are used for identification

purposes only, and may be trademarks of their respective owners.


2/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

DOCUMENT IDENTIFICATION INFORMATIONDocument Name: +perations un Boo- or /nter Clients ame 2ere

ersion: 1.00Date Create!:

Create! B":

Date #u$lis%e!: +ctoer 3, "00%, ":0% PM

&ecurit" Classi'ication: estricted or use y 4BM#CSG Managed Services Clients

Creation &o't(are: Microsot 5ord "003

Contri$utors: MS+C 6eam

CHAN)E HI&TOR*

er+ Date C%an,e Description Appro-al0.01 4nitial drat or revie7 y MS+C team

1.00 4nitial version or pulication

DOCUMENT REIE.Name/Title &i,nature Date

DI&TRIBUTION 0I&T

4BM Managed Services

Champion Managed Services

)ll 4BM#CSG Managed Services Clients

DOCUMENT 0OCATION

6his document is availale via the Champion Portal at https:##777.championpulse.com.

Client’s Final: 6he Clients copy is stored on the CMS portal under their speciic document area

Template1CM& Use Onl"2:

6o otain the internal template rom the CMS portal, please clic- here, or enterthe ollo7ing 89 in your 5e ro7ser:

https:##portal.championpulse.com#C1%#MS+CPoliciesProcedures#6emplates#+perationsunBoo-.doc+

Copyright !""# Champion Solutions Group

$perations %un &ook

Page - i

https://www.championpulse.com/https://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.dochttps://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.dochttps://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.dochttps://www.championpulse.com/https://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.dochttps://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.dochttps://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.doc


3/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Table of Contents

4ntroduction........................................................................................................................................... 1

Contact 4normation............................................................................................................................... 1

Champion..........................................................................................................................................1

4BM.................................................................................................................................................... 1

/scalation Process............................................................................................................................"

Champion Group # 4BM 5e Portal...................................................................................................3

Champion Group # 4BM Phone Support.............................................................................................3

4nrastructure......................................................................................................................................... 3

;acility +vervie7............................................................................................................................... 3

Site restrictions.............................................................................................................................. 3

;ire and emergencies....................................................................................................................3

Shipping 6o 6he ;acility....................................................................................................... ......... 3

!irections...................................................................................................................................... (

Shared Common )reas................................................................................................................. (

2ard7are Coniguration................................................................................................................ .... %

+perating Procedures +vervie7........................................................................................................... <

4ntroduction....................................................................................................................................... <

emote )ccessiility...................................................................................................................... ... '

Purpose......................................................................................................................................... '

Scope............................................................................................................................................ '

General Policy............................................................................................................................... '

e=uirements................................................................................................................................ '

/norcement.................................................................................................................................. $

+perating System Permissions......................................................................................................... $

Purpose......................................................................................................................................... $

Scope............................................................................................................................................ $

Policy............................................................................................................................................. $+7nership and esponsiilities................................................................................................... .$

General Coniguration Guidelines................................................................................................. >

Compliance................................................................................................................................... >

Server Setup..................................................................................................................................... >

+vervie7....................................................................................................................................... >

Scope............................................................................................................................................ >


$perations %un &ook

Page - ii


4/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Policy............................................................................................................................................. >

+7nership and esponsiilities.............................................................................................. ....10

Bac-up Coniguration...................................................................................................................... 11

Sot7are...................................................................................................................................... 11

Policies........................................................................................................................................ 11

!ata estoration Process.............................................................................................................. .1"

Purpose....................................................................................................................................... 1"

+vervie7..................................................................................................................................... 1"

4ncremental Bac-ups...................................................................................................................1"

4ncremental estores.................................................................................................................. 1"

!ataase estores......................................................................................................................1"

6ape 2andling and etention..........................................................................................................1"etention Policies........................................................................................................................1"

!M 6ape 2andling................................................................................................................. ... 1"

esponding 6o )lerts...................................................................................................................... 1(

Change Management..........................................................................................................................1(

6ypes + Change e=uests............................................................................................................ 1(

Severity )nd Priority........................................................................................................................ 1%

Change e=uest Classiications......................................................................................................1%

Scheduled Client Change............................................................................................................1<

Scheduled CSG Change.............................................................................................................1<

/mergency Changes...................................................................................................................1<

5ho 4s )uthori?ed 6o e=uest ) Change@......................................................................................1<

2o7 4s ) e=uest Sumitted@......................................................................................................... 1<

Scheduled Maintenance 5indo7s.................................................................................................. 1'

Change Control Board.....................................................................................................................1'

!ecision Categories...................................................................................................................... .. 1'

6urnaround 6ime............................................................................................................................. 1'

Prolem Management......................................................................................................................... 1'

Business 2ours............................................................................................................................... 1'

Contacting Support AChampion MS+C.......................................................................................... 1'

6elephone.................................................................................................................................... 1'

Champion Portal.......................................................................................................................... 1'

Severity )nd Priority 9evels.............................................................................................................1'

6roule 6ic-et 5or-lo7.................................................................................................................. "0

Monitoring Standards......................................................................................................................... ."1


$perations %un &ook

Page - iii


5/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

P8P+S/......................................................................................................................................."1

/;//C/.................................................................................................................................. "1

+V/V4/5..................................................................................................................................... "1

6hresholds................................................................................................................................. ..... "1

44S Services................................................................................................................................. "1

S9 Server "000......................................................................................................................... "3

Storage )rea et7or- S7itches.................................................................................................."(

5eservers................................................................................................................................. "(

et7or- 4ntrusion !etection System............................................................................................... "(

Purpose....................................................................................................................................... "(

Scope.......................................................................................................................................... "(

General # Policy........................................................................................................................... "(/norcement................................................................................................................................ "(

+perating System Patches # Service Pac-s.................................................................................... "%

Microsot......................................................................................................................................"%

)4D.................................................................................................................................... .......... "%

9inuE............................................................................................................................................ "%

!isaster ecovery........................................................................................................................... "%

)ppendiE ) & 5indo7s Server Security Chec-list........................................................................... .."<

9inuE Security Chec-list......................................................................................................... ..... 33


$perations %un &ook

Page - iv


6/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Intro!uction5elcome to the Managed Services +perations Center AMS+C or Champion Solutions Group ACSG.

)s an 4BM usiness partner, the MS+C has een estalished or the purpose o providing managedservices or customers. 6his document serves as a centrali?ed repository or all policies, procedures,and supporting documents that are associated 7ith the dayFtoFday operations o the MS+C. 6headministrators and engineers are provided the aility to =uic-ly and easily navigate to documentationneeded to perorm assigned duties accordingly.

Contact In'ormation

Champion

Mana,e! &er-ices Operations Center 1To su$mit a re3uest 'or ser-ice2

6elephone: A$$$ >>'F''$>

5e Portal https:##777.championpulse.com

IBM

Name 4 Title Telep%one E5mail

/nter PM ame 2ere /nter PMs Phone 2ere /nter PMs /Fmail 2ere


$perations %un &ook

Page - 1

https://www.championpulse.com/https://www.championpulse.com/


7/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Escalation Process

6he escalation process descries the inormation lo7 in case o nonFcompliance 7ith minimum

service levels. 6his escalation process applies to severity 1 calls only.

6he ollo7ing escalation se=uence is to e utili?ed i a service is not delivered in a speciic timerame.

E&CA0ATION

67 Minutes 8 M&OC Call Center

9995;5;;9

Eric &c%nei!er

7?65@765?@=

AND IBM #roect Mana,er>Enter #M Name HereEnter #M’s #%one HereEnter #M’s E5mail Here

7 Minutes 8 M&OC Mana,er>

a" o$ert

75??5@;9

6 Hour 8 #resi!ent> Mana,e!&er-ices

Ian &utcli''e7?65;5@==> T @?@

AND IBM #roect EGecuti-e>

Enter #E’s Name Here

Enter #E’s #%one HereEnter #E’s E5mail Here


$perations %un &ook

Page - 2


8/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Champion Group / IBM Web Portal

Champion Managed Services has designed a 7e portal called H6he Pulse, or our customers

intended to provide various types o inormation, such as ut not limited to:

1 Customer 4nrastructure !ocumentation

" Procedures#Processes

3 System Monitor 6ools

( +nFline Service e=uests

Champion Managed Services Portal 89:

https:##777.championpulse.com

Champion Group / IBM Phone Support

Customers can directly contact the Managed Services +perations Center directly via the telephoney dialing:

A$$$ >>'F''$>

In'rastructure

Facility Oerie!

6he customers environment is maintained in the Champion Managed Services acility located in the4BM )tlanta BellSouth eB2C AeBusiness. ;or the purpose o this document, 7e 7ill reer to eB2C asthe IacilityJ.

6he acility maintains several security eatures or your protection. Security technology may includeiometric readers, cyerloc-s, and interior and eEterior motionFactivated video surveillance camerasin selected areas.

&ITE RE&TRICTION&

Smo-ing is not allo7ed in the acility. 8nauthori?ed recording devices, including cameras andvideo recorders, are not permitted.

FIRE AND EMER)ENCIE&

6he center maintains a ire suppression system. /mergency announcements are made y theacility manager. !uring a ire emergency, all visitors must report to the ront par-ing lot and 7aitor the +nsite +perations sta to give a ire status. /mergencies should e reported promptly tothe +nsite +perations sta.

&HI##IN) TO THE FACI0IT*

)ny re=uest or shipments must e sumitted through the Champion Managed Services+perations Center AMS+C. 6he details or re=uesting service Asumitting a tic-et are located inthe procedure titled ICreating ) e=uest ;or ServiceJ on Champion Managed Services portalAhttps:##777.championpulse.com.


$perations %un &ook

Page - 3

https://www.championpulse.com/https://www.championpulse.com/https://www.championpulse.com/https://www.championpulse.com/https://www.championpulse.com/


9/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Be prepared to provide the ollo7ing shipping inormation to the MS+C 7hen scheduling thedelivery:

• ame o carrier

•5ay ill numer

• /Epected date and approEimate time o arrival

• umer o pac-ages

• )pproEimate 7eight and dimensions

• Speciic handling instructions

4 the shipment is going to e delayed, contact the MS+C to modiy the shipping inormation.

)ll carriers must e instructed that all deliveries must indicate Insi!e Deli-er".

Shipments must e addressed to:

BellSouthK c#o 4BM Site Manager

Customer name#identiier

BellSouthK 6roule 6ic-et umer

$>

;rom )tlanta 2artsield )irport

1. Follow the airport exit signs to Camp Creek Parkway.

2. Merge onto I-85 N toward I-5 N!"#$"N#".%. #ake the &'-1(!'P)IN* '#)++# exit ,exit nmer 2/(0 toward &'-2(!.

P+"C3#)++ '#)++#.

/. #ake the ramp toward &'-1(!&'-2( N!&'-8!. P+"C3#)++ '#)++#.

5. #rn '$I*3#$4 )I*3# onto $IN0+N "+N&+ N.

6. #rn $+F# onto . P+"C3#)++ '#)++# N.

&HARED COMMON AREA&

6he acility has a common area located past the mantrap. 6he common area is shared y allcustomers o the 4BM eFusiness 2osting Center and has the ollo7ing amenities:

• /ating area

• Vending machines

• Coee machine

• estrooms

• Conerence room


$perations %un &ook

Page - 4


10/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

"ar#!are Confi$uration

#art No+ t"+ Description &er-er NameOperatin,&"stem


$perations %un &ook

Page - 5


11/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

#art No+ t"+ Description &er-er NameOperatin,&"stem

Operatin, #roce!ures O-er-ie(

Intro#uction

Please note that the procedural content o this section is presented on a general, highFlevel asis.Please reer to the Champion Managed Services portal Ahttps:##777.championpulse.com or thedetailed, stepLyFstep procedures.

6he ollo7ing serves as an overvie7 o policies, procedures, and supporting documents that areassociated 7ith the dayFtoFday operations o the Managed Services +perations Center AMS+C. 4t ismade availale to the administrators and engineers, and provides them 7ith the aility to =uic-ly andeasily navigate to the documentation that is needed to perorm assigned duties accordingly.

/ach procedure is structured to lead the engineer and management through steps to ensure the rapidand eicient completion o a particular tas-. 4n addition to the steps, general overvie7s are providedor clarity. )ter having completed a speciic procedure several times, and have ecome amiliar 7ithits ac-ground, you 7ill e ale to use the document as a reerence guide and proceed directly to thesteps re=uired.


$perations %un &ook

Page - 6



12/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

%emote &ccessibility

#UR#O&E

6he purpose o this policy is to deine standards or connecting to Champion Managed Servicesnet7or- and any hosted net7or- environment that Champion manages rom any host. 6hesestandards are designed to minimi?e the potential eEposure to Champion Managed Services, andmanaged net7or- inrastructures, rom damages 7hich may result rom unauthori?ed use, outFdated # insecure encryption methods, and unsupported methods o connection to ChampionManaged Services resources. !amages include the loss o sensitive or company conidentialdata, intellectual property, damage to pulic image, inrastructure device and#or +perating systemconigurations, and damage to critical Champion Managed Services internal systems.

&CO#E

6his policy applies to all Champion Managed Service customers, customer clients, employees,contractors, vendors and agents that re=uire connection to the Champion Managed Servicenet7or- and customerFhosted net7or- environments. emote access implementations that are

covered y this policy include, ut are not limited to, dedicated internet circuits, dialFin modems,rame relay, 4S!, !S9, VP, SS2, and cale modems, etc.

)ENERA0 #O0IC*

1. 6he ollo7ing policies outline details aout dierent methods o accessing net7or- resourcesvia remote access methods, and acceptale use o Champion Managed Services managednet7or-s:

). )cceptale /ncryption Policy

1 /SPF3!/S

" 2ash # /SP )uthentication L M!%, S2), )/SF1"$, )/SF1>", )/SF"%<

3 !F2 group L "

B. Virtual Private et7or- AVP Policy

1 Site to Site L 4PS/C" emote )ccess VP L PP6P AMicrosot Client

". Based on usiness and application re=uirements or administrationN the ollo7ing additionalmethods are acceptale once a secure tunnel has een estalished or re=uests rom thecustomer 7ith ac-no7ledgement o their insecurities can e estalished.

). Microsot 6erminal Services # emote !es-top Protocol

B. Secure Shell !. PC)ny7here

C. 6elnet /. ealVC # VC

REUIREMENT&

1. Secure remote access must e strictly controlled. Control 7ill e enorced via sumission o achange re=uest through the MS+C rom authori?ed personnel rom the customer.

". )t no time should anyone provide their login or email pass7ord to anyone.

3. Customers must sumit all encryption details 7ith the speciic source to destination or thecustomer net7or-. !etails include the ollo7ing: Peer 4P )ddress, PreFShared Oey, Speciichost # net7or- to Speciic host # net7or- destination.

(. ;ire7all change re=uests must e sumitted to the MS+C. o ire7all change re=uests 7ille completed 7ithout the completion o a ;ire7all ule e=uest ;orm.

%. ;rame elay must meet minimum authentication re=uirements o !9C4 standards.


$perations %un &ook

Page - 7


13/47

+perations un Boo-

"#$#"01% & ':%$:(( )M


14/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

)ENERA0 CONFI)URATION )UIDE0INE&

• 6he latest security patches must e installed on all systems as usiness permits.

• 6rust relationships should e avoided 7henever possile.

• )l7ays use standard security principles o Ileast re=uired accessJ to perorm a unction.

• 4 a methodology or secure channel connection is possile, privileged access must e

perormed over secure channels, such as encrypted net7or- connections using SS2 or4PSec.

• Servers are physically located in an accessFcontrolled environment.

COM#0IANCE

• )udits 7ill e perormed on a regular asis y Champion Managed Services.

• )udits 7ill e managed y the internal audit group.

Serer SetupOERIE.

6he purpose o this policy is to estalish standards or the ase coniguration on servere=uipment that is managed y Champion Managed Services. /ective implementation o thispolicy 7ill minimi?e server setup time and ensure staility across environments.

&CO#E

6his policy applies to server e=uipment o7ned y the customer and managed y ChampionManaged Services. 4t deines the process o ho7 the logical operating systems are setup in theChampion managed environment and prepped to accommodate customer S+.

#O0IC*

1. Champion Managed Services support and install the ollo7ing operating systemmanuacturers and versions.

). Microsot

i. 5indo7s "000 Server

ii. 5indo7s "000 )dvanced Server

iii. 5indo7s "003 Standard Server

iv. 5indo7s "003 5e Server

v. 5indo7s "003 /nterprise Server

B. 9inuE

i. ed 2ad, versions >.0, )S ".1, and )S 3.0

C. )4D, version %.1 or later

!. VM5arei. /SD

". +nce a server has een integrated 7ith all 7or- order hard7are resource allocations Asuch asProcessors, )M, 4Cs, 2B)s, etc., the ollo7ing processes are ollo7ed:

). Surveys o hard7are chassis light indicators are conducted prior to operating systemlogical coniguration.

B. Successul posts 7ith ios conirmation o installed hard7are on servers are conductedprior to operating system logical coniguration.


$perations %un &ook

Page - 9


15/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

C. Bios, )4!, etc. irm7are versions are veriied and updated 7ith the latest availale andrecommended versions rom the manuacturer.

!. !is- partitions are uilt as necessary ased on customer re=uirements regarding +Spartitions, and#or data partitions. APreFdetermined y customer and 4BM#ChampionManaged Services technical teams prior to uild dates.

/. Servers are installed 7ith the re=uested +perating System. APreFdetermined ycustomer and 4BM#Champion Managed Services technical teams prior to uild dates.

;. )t the time o server operating systems installation, all availale security and criticalupdates rom the +S manuacturer are applied unless other7ise agreed to in 7riting ythe customer and 4BM#Champion.

G. 4Ps 7ill e ound to the net7or- interace cards 7ith veriied server name instances perthe customer re=uirements.

2. +perating system resources 7ill e -ept on the servers or necessary +SFasedapplications. ;or eEample: i3$< directory 7ill e -ept on a 7indo7s "003 server rootdrive unless customer re=uests other7ise.

4. ;or monitoring reasons, a local or domain account is created or permon statistics to e

used or proactive monitoring. 6he use o a local account or domain account isdetermined y the proected net7or- environment that the server 7ill e participating in.

O.NER&HI# AND REON&IBI0ITIE&

Champion Managed Services ACMS maintains the server hard7are and operating systeminstances. )ll applications are the responsiility o the customer.

4n order to proactively manage the environment, a standard maintenance 7indo7, et7een 3:00 )M and


16/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Bac'up Confi$uration

6he policies discussed in this section are estalished standards, ut can vary per a mutual

agreement to a customer re=uest.

&OFT.ARE

&er-er

64V+94 Storage Manager A6SM %.E

Client

)4D, 6SM Client Module %.E

)4D, )gent Client 3.E

)4D, +)C9/ A6!P )gent

9inuE, 6SM Client Module %.E

9inuE, )gent Client E.E

9inuE, +)C9/ A6!P )gent

5indo7s, 6SM Client Module %.E

5indo7s, )gent Client E.E

5indo7s, +)C9/ QQQ

9icensed, installale physical media is re=uired or )99 o the aove.

#O0ICIE&

Policies are rules that are set at the 4BM 6ivoli Storage Manager server to manage client data.Policies control ho7 and 7hen client data is stored, or eEample:

• 2o7 and 7hen iles are ac-ed up and archived to server storage

• 2o7 spaceFmanaged iles are migrated to server storage

• 6he numer o copies o a ile and the length o time copies are -ept in server storage

6he standard policy consists o a standard policy domain, policy set, management class, ac-upcopy group, and archive copy group. 6he attriutes o the deault policy are as ollo7s:

Backup #olic"

• !aily incremental ac-ups 7ill e ta-en

• )n incremental ac-up is perormed only i the ile has changed since the last ac-up.

• 8p to t7o ac-up versions o a ile on the clients system are retained in server storage.

6he most recent ac-up version is retained or as long as the original ile is on the client

ile system. )ll other versions are retained or up to 30 days ater they ecome inactive.

• +ne ac-up version o a ile that has een deleted rom the clients system is retained in

server storage or


17/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

(ata %estoration Process

#UR#O&E

6he purpose o this section is to descrie the steps necessary to restore data rom ac-ups.

OERIE.

4n order to understand ho7 to restore data rom ac-ups it is necessary to understand ho7ac-ups are organi?ed. Bac-ups are organi?ed on all systems 7ith the ollo7ing concept. )llnonFdataase related iles are ac-ed up under a nightly incremental ac-up. !ataase relatediles are ac-ed up either using the associated 6!P A6ivoli !ata Protection agent, or colddataase ac-up.

INCREMENTA0 BACU#&

6ivoli Storage Manager A6SM uses a incremental strategy 7here the irst time an incrementalac-up is run against the server everything is ac-ed up. /verything means all data eEceptdataase related iles, 7hich are eEcluded in a list maintained in the 6SM client path. )ter the

irst ac-up o all iles that have had their timestamp updated are incrementally ac-ed up. 6hisincremental method ensures that a ull restore is availale at all times.

INCREMENTA0 RE&TORE&

4ncremental restores may e re=uested, and must include:

• Source

• !estination

• ode

• Path

• !ate o source and path

• /stimated amount o data

DATABA&E RE&TORE&

+racle !ataase restores in an 84D environment is handled y the customer via custom M)

scripts. 6he M) script connects to the 6SM Server and opens channelAs to tape drives andpasses the restore re=uest et7een +racle and 6SM.

Tape "an#lin$ an# %etention

RETENTION #O0ICIE&

Policies are rules that are set at the 4BM 6ivoli Storage Manager server to manage client data.Policies control ho7 and 7hen client data is stored, or eEample:

• 2o7 and 7hen iles are ac-ed up and archived to server storage

• 2o7 spaceFmanaged iles are migrated to server storage

• 6he numer o copies o a ile and the length o time copies are -ept in server storage

6he standard policy consists o a standard policy domain, policy set, management class, ac-upcopy group, and archive copy group.

DRM TA#E HAND0IN)

Champions Managed Service acility in )tlanta uses the services o 4ron Mountain or the storageo media osite. 6his procedure eEplains ho7 to send tapes rom the )tlanta acility to o sitestorage, and ho7 tapes are retrieved rom the o site storage vault 7hen the retention policyeEpires.


$perations %un &ook

Page - 12


18/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Champion Managed Services standardi?es on 4BM 96+" tape technology.

6he application that is used to manage these liraries is the !isaster ecovery Manager A!M7ithin the 6ivoli Storage Manager A6SM, 7hich enales these liraries. ) copy is made o all

ac-ups that are scheduled, 7hich are controlled y the !M.6he retention policies set in 6SM controls the !M process that:

1. Sends tapes o site, and

". e=uests tapes to e returned rom vault storage.

&en!in, Tapes O''site 1Onsite5to5O''site2

6o send tapes osite, the ollo7ing tas-s must e perormed:

1. Copies are made o daily scheduled ac-ups.

". !isaster ecovery Manager A!M sets the state on these copies indicating they areready or osite storage.

3. )n automated process 7ill run at 13:00 daily and move the !Media to the 4#+ trays o

the liraries.

(. )n +nsite to +site eport 7ill e eFmailed to Champion Managed Services !ivision andthe 4BM +nFsite System )dministration A+SS) team daily at 13:00.

%. 4BM +SS) team 7ill veriy the tapes in the 4#+ ports 7ith the !Media eport uponremoval.


19/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

%espon#in$ To &lerts

1. Veriy that the alert is a legitimate alert and not ust a monitoring time out.

". 4 it is during 7or-ing hours, chec- 7ith team to see i anyone is 7or-ing on the system.3. Create a tic-et in heat.

(. Contact customer to ma-e them a7are o the alert and to see i they are doing anything to thesystem. 4n the event that the alert is ac-no7ledged y the customer as a valid alert, proceed7ith the ollo7ing:

• e=uest rom the customer i alert constitutes a priority one tic-et.

• 4n the event that it is a priority one tic-et, contact the corresponding 4BM Proect

Manager and inorm them o the status o the tic-et.

• /nter priority into 2eat.

%. otiy the customer that you are creating a tic-et and assigning it to an engineer.


20/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

6he Champion Managed Service +perations Center AMS+C provides the Client 7ith the aility tosumit service re=uests y utili?ing the 2elpdes- System on the MS+C Portal via the 4nternet, or ytelephone. 4t is recommended that priorities 1 and " should e sumitted via telephone.

/ither process provides the capaility o sumitting any o the three types o re=uests:A!ministrati-e Re3uest 1AR2 & !oes not aect production systems, and implementation times areminimal. ;or eEample: ne7 user, change pass7ord, change rights . . .

#ro$lem/FiG Re3uest 1#F2 & 6his is similar to an administrative re=uest eEcept that you may eeEperiencing some outage prolems. ;or instance, a server or a net7or- may e do7n.

C%an,e Re3uest 1CR2 & ) change re=uest is associated 7ith a change in the environment. ;oreEample, i you have a piece o hard7are that is already installed, ut is not currently conigured inthe inrastructure, a change re=uest is re=uired in order to ma-e the hard7are part o the steady stateinrastructure.

Seerity &n# Priority

5hen you sumit any o the three types o service re=uests, you are re=uired to assign a prioritylevel, 7hich identiies criticality o the prolem and the level o support that is needed. 6he our prioritylevels and their deinitions are:

Priority 1: Critical 4mpact#8rgent 6he product, service, or net7or- is not usale or aectsthe customers core usiness. 4t is Champions oective to respond to all priority1 re=uests 7ithin iteen A1% minutes.

Priority ": /mergency e=uest 6he Client needs a =uic- response or reasons deined ythe re=uester. 4t is Champions oective to respond to all priority " re=uests7ithin our A( hours.

Remin!er: Per contract, the Client is permitted only three priority " re=uests permonth, 7hich are included in the Clients monthly ees. 6here 7ill e

additional charges i the Client eEceeds the limit o three priority "re=uests per month.

Priority 3: Maor 4mpact )n important unction or service is not availale, ho7ever theenvironment can still e used. 4t is Champions oective to respond to all priority3 re=uests 7ithin ($ hours and escalated appropriately.

Priority (: Minor 4mpact#4normational 6he product, service, or net7or- is not seriouslyaected and is not currently aecting the customers core usiness. +r, this levelo severity comprises shortcomings, suggestions, or =uestions. 4t is Championsoective to respond to all priority ( re=uests 7ithin one 7ee- and escalatedappropriately.

Chan$e %e)uest ClassificationsChange Management includes any type o change that aects the Clients environment. /Eamples o this include emergency reoots, scheduled reoots, and other changes perormed y either the Clientor CSG that aect the server, net7or-, or storage during, or outside o, a normal maintenance7indo7.


$perations %un &ook

Page - 15


21/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

&CHEDU0ED C0IENT CHAN)E

5hen changes are -no7n in advance, the customer should notiy the MS+C manager. 6heMS+C manager egins the Change Management process y opening a tic-et in 2eat. 6he

MS+C manager is the primary contact or the Client and continues to monitor and trac- thechange re=uest until it is completed.

&CHEDU0ED C&) CHAN)E

5hen CSG re=uires the utili?ation o the regular maintenance 7indo7, the MS+C manageregins the Change Management process, including opening a tic-et in 2eat. 6he MS+Cmanager contacts the Client to inorm them o the upcoming change. 6he MS+C manager is theprimary contact or the Client and continues to monitor and trac- the change re=uest until it iscompleted.

EMER)ENC* CHAN)E&

4 a Client needs to ma-e modiications that re=uire a reoot o the system, the Client should callthe MS+C manager to implement this change immediately. 6he MS+C manager veriies that the

person calling is authori?ed to re=uest changes o this nature. +nce the Client is veriied, a tic-etis opened to trac- the change. 6he Client receives a tic-et numer or trac-ing purposes. 6heMS+C manager is the primary contact or the Client and continues to monitor and trac- thechange re=uest until it is completed.

NOTE: 5ith proper authori?ation, an MS+C )dministrator may perorm this unction or theMS+C manager.

Who Is &uthori*e# To %e)uest & Chan$e+

6he individuals 7ho are authori?ed to re=uest a change dier depending on 7hich entity originatesthe re=uest.

Client 6he Clients authori?ed re=uesters are preFdeined during phase 4V o the postFsales

process. !uring this phase, the MS+C manager is responsile or contacting the Clientto otain the nameAs o the individualAs 7ho are authori?ed to re=uest changes.

IBM ;or a current list o the 4BM authori?ed re=uesters, see Contact 4normation on theChampion portal Ahttps:##777.championpulse.com.

C&) 6he CSG authori?ed re=uesters include:

• +perations Manager

• President, Managed Services

NOTE: Emergency requests will be handled on an ad hoc basis and must be thoroughly documented to include the requester's complete identification, which mayrequire a specific authorization code.

"o! Is & %e)uest Submitte#+

Most change re=uests are to e sumitted via the CSG Managed Services 5e site athttps:##777.championpulse.com. 2o7ever, emergency re=uests can e handled on an ad hoc asis,via the telephone, ut must e thoroughly documented to include the re=uesters completeidentiication, 7hich may re=uire a speciic authori?ation code.

NOTE: A request for change must be received no later than endofday on !ednesday to bereviewed and considered by the "hange "ontrol #oard on the $hursday of the same wee%&


$perations %un &ook

Page - 16

https://www.championpulse.com/https://www.championpulse.com/https://www.championpulse.com/https://www.championpulse.com/


22/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Any request received after endofday !ednesday will not be addressed until $hursday of thefollowing wee-.

5hen a re=uest is received, use the e=uests ;or Service procedure to accommodate the Clients

needs.

Sche#ule# Maintenance Win#o!s

Champion Managed Services ACMS maintains the server hard7are and operating systeminstances. )ll applications are the responsiility o the customer.

4n order to proactively manage the environment, a standard maintenance 7indo7, et7een 3:00 )M and an! Fri!a" Is it e-er"!a"

T%ere are ot%er sections t%at ma" re3uire mo!i'ications too+ AND> t%e policies an!proce!ures (ill re3uire t%e same mo!i'ications+

(ecision Cate$ories

6here are three categories into 7hich a decision may e deined:

Appro-e! 6he Client is inormed 7hen the change 7ill e perormed.

Decline! 6he Client is inormed 7hy the change 7as declined. 6his may re=uire that acompletely ne7 sales process egin in order to deine speciic re=uirements.

#ostpone! 6he Client and the CCB mutually agree to postpone the change until a later date.6his may re=uire that a completely ne7 sales process egin in order to deine


$perations %un &ook

Page - 17


23/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

speciic re=uirements.

Turnaroun# Time

5hile an immediate ac-no7ledgement is provided to the Client, the turnaround time or scheduledchanges is 7ithin one 7ee- rom the day the re=uest is revie7ed y the CCB. Many tas-s associated7ith a re=uest may e perormed the same day, or 7ithin one 7ee- rom the day the re=uest isapproved.

) re=uest or change must e received no later than endFoFday on 5ednesday to e revie7ed andconsidered y the Change Control Board on the 6hursday o the same 7ee-. )ny re=uest receivedater endFoFday 5ednesday 7ill not e addressed until 6hursday o the ollo7ing 7ee-.

NOTE: Emergency requests will be handled on an ad hoc basis and must be thoroughly documented to include the requester's complete identification, which may require a specific authorizationcode.

#ro$lem Mana,ement

Business "ours

Champions Managed Service +perations Center AMS+C is availale "( hours per day, ' days per7ee-. 6he MS+C provides you 7ith the aility to sumit service re=uests y utili?ing the 2elpdes-System on the MS+C Portal via the 4nternet, or y telephone.

Contactin$ Support ,Champion MSOC-

6he ollo7ing contact inormation is provided or the customers or the purpose o creating a re=uestor service and incident reporting:

TE0E#HONE 6oll ;ree: $$$F>>'F''$>

9ocal # !irect: %>'F''$>

CHAM#ION #ORTA0

1. 9og on to the Champion Portal. https:##777.championpulse.com

". Clic- the Support utton at the top o the page.

3. ;rom the let navigation panel, clic- 2elpdes- System. 4n an eort to protect your records, youmay need to enter your user name and pass7ord to enter this restricted area.

4nstructions or ICreating ) e=uest ;or ServiceJ is provided on the portal under !ocuments.

Seerity &n# Priority .eels

5hen a service re=uest is sumitted, a priority level must e selected and assigned to there=uest. /ach level identiies the criticality o the prolem and the level o support that is needed.6he our priority levels and their deinitions are:

Priority 1: Critical 4mpact#8rgent 6he product, service, or net7or- is not usale or aectsthe customers core usiness. 4t is Champions oective to respond to all priority1 re=uests 7ithin iteen A1% minutes.


$perations %un &ook

Page - 18



24/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Priority ": /mergency e=uest 6he Client needs a =uic- response or reasons deined ythe re=uester. 4t is Champions oective to respond to all priority " re=uests7ithin our A( hours.

Remin!er: Per contract, the Client is permitted only three priority " re=uests permonth, 7hich are included in the Clients monthly ees. 6here 7ill eadditional charges i the Client eEceeds the limit o three priority "re=uests per month.

Priority 3: Maor 4mpact )n important unction or service is not availale, ho7ever theenvironment can still e used. 4t is Champions oective to respond to all priority3 re=uests 7ithin ($ hours and escalated appropriately.

Priority (: Minor 4mpact#4normational 6he product, service, or net7or- is not seriously aectedand is not currently aecting the customers core usiness. +r, this level o severitycomprises shortcomings, suggestions, or =uestions. 4t is Champions oective torespond to all priority ( re=uests 7ithin one 7ee- and escalated appropriately.


$perations %un &ook

Page - 19


25/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Trouble Tic'et Wor'flo!


$perations %un &ook

Page - 20


26/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Monitorin, &tan!ar!s

P%POSE

6he purpose o this document is to outline the thresholds that are associated 7ith standardmonitoring activities perormed or the Champion Managed Services Clients.

%EFE%E0CE

Please contact the Manager o Managed Services +perations Center to clariy any process 7ithin thisprocedure and or any concern eyond its scope.

O1E%1IEW

Champion Managed Services provides monitoring services ased on the standard, gloal thresholdsor the activities listed elo7 under 6hresholds. 5hile the standard monitoring thresholds are listedelo7, Champion Managed Services is ale to provide modiied settings or the alerts associated 7ithparticular monitoring activities. )ny alternative parameters 7ill e assessed on an asFneeded asis.

Threshol#s

6he ollo7ing are the current standard monitoring unctions and their respective thresholds.

II& &ERICE&

6he ollo7ing are the thresholds or 44S Services:

PerfMon Status

.arnin, 0e-el Alert

Critical 0e-el Alert!o7n R" Minutes

Pa$e File

.arnin, 0e-el Alert

RL >0 % Minutes

Critical 0e-el Alert

RL >> % Minutes

Memory sa$e

.arnin, 0e-el Alert

RL $0 % Minutes


RL >0 % Minutes

(is' sa$e


$perations %un &ook

Page - 21

mailto:[email protected]:[email protected]


27/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

.arnin, 0e-el Alert

TL 10 4mmediate


TL 1 4mmediate

CP sa$e

.arnin, 0e-el Alert

RL >0 3 Minutes


RL >% 3 Minutes

(0S Serer %esponse.arnin, 0e-el Alert

RL 10000msec % Minutes


RL 10000msec % Minutes

PortMonitor Status ,.(&P2 Web2 E3mail-

.arnin, 0e-el Alert Critical 0e-el Alert

!o7n R% Minutes

Pin$


!o7n R3 Minutes

Pin$ %esponse Time

.arnin, 0e-el Alert Critical 0e-el AlertRL300msec 3 Minutes

S!itch S0MP Status


!o7n 4mmediate


$perations %un &ook

Page - 22


28/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

&0 &ERER @===

6he ollo7ing are the thresholds or S9 Server "000:

PerfMon Status


!o7n % Minutes

Processor Time

.arnin, 0e-el Alert

RL $0 % Minutes


RL >0 3 Minutes

Buffer Cache "it %atio

.arnin, 0e-el Alert

TL >0


Cache "it 4 Cache Count

.arnin, 0e-el AlertTL $(


Conflicts 4 For 0e!

.arnin, 0e-el Alert

RL 1#sec


.o$ se#

.arnin, 0e-el Alert

RL $0 % Minutes


RL>' % Minutes


$perations %un &ook

Page - 23


29/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

&TORA)E AREA NET.OR &.ITCHE&

6he ollo7ing are the thresholds or S) s7itches:

Port Status

.arnin, 0e-el Alert


RL" 4mmediate

.EB&ERER&

6he ollo7ing are the thresholds or 5eservers:

&ailable Memory

.arnin, 0e-el Alert

TL1"$M


0et!or' Intrusion (etection System

#UR#O&E

5ith the increased compleEity o security threats, achieving eicient net7or- intrusion security iscritical to maintaining a high level o protection. Vigilant protection ensures usiness continuityand minimi?es the eects o costly intrusions.

&CO#E Champion Managed Services provides net7or- intrusion detection on all incoming and outgoinginternet traic. Signature updates are applied as supplied y the manuacturer 7ithin one 7ee-o posting or validation and testing purposes. 4!S logs are availale to the customer via servicere=uest tic-et sumission.

)ENERA0 / #O0IC*

Champion Managed Services monitors activity logs and responds as alert thresholds are metpertaining to manuacturer supplied signatures. 6he 4!S system is designed to accuratelyidentiy and classiy -no7n and un-no7n threats targeting your net7or-, including 7orms, denialFoFservice A!oS, and application attac-s. Multiple detection methods are employed, thusensuring comprehensive coverage. 6he methods include stateul pattern recognition, protocolanalysis, traic anomaly detection, and protocol anomaly detection. 6he 4!S technologyimplemented y Champion Managed Services uses multilayer protection options to prevent anattac- rom successully reaching targets. )ter the attac- is accurately identiied and classiied,the system can stop the attac- eore damage occurs.

ENFORCEMENT

4n the event o any type o threat that is deemed to re=uire attention and actions, ChampionManaged Services et7or- team 7ill assess the activity, deem necessary actions, and contactthe customer. 6he customer contact 7ill e constructed 7ith inormation o attac-, necessary


$perations %un &ook

Page - 24


30/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

actions needed to e perormed, and veriication o needed inormation as they pertain tocustomer proprietary applications.

Operatin$ System Patches / Serice Pac'sMICRO&OFT

Patches and service pac-s are deployed rom Shavli- during the speciied scheduledmaintenance 7indo7s. Please reerence the section heading cheduled (aintenance !indows or more inormation.

NOTE: Some patches may re=uire a reoot at this time.

AI

Patches and service pac-s are to e installed during the speciied scheduled maintenance7indo7s. Please reerence the section heading cheduled (aintenance !indows or moreinormation.


0INU

Patches and service pac-s are to e installed during the speciied scheduled maintenance7indo7s. Please reerence the section heading cheduled (aintenance !indows or moreinormation.


(isaster %ecoery

)ll UhardenedU 4BM acilities are o an enterprise class nature, complete 7ith redundant po7erincluding generator ac-Fups. )ll data management is maintained using multiple copies o criticaldata to e stored onsite in the hardened acility, as 7ell as an alternative location osite.

!isaster ecovery is not included in the asic managed service oering and 7ill not e addressedunless other7ise agreed to in 7riting et7een the customer and 4BM.


$perations %un &ook

Page - 25


31/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Appen!iG A 8 .in!o(s &er-er &ecurit" C%ecklist6

6he ollo7ing chec-list is a recommended 7indo7s security chec-list that Champion ManagedServices suggests customers to re=uest implementation on ne7 net7or- environments. 6hreesecurity consideration chec-lists are listed elo7 or customer ease o application and operatingsystem assessment needs.

Basic &ecurit" Consi!erations

Proi#e Physical Security for the machineMost security reaches in corporate environments occur rom the inside. Culprits can e7ell meaning Upo7er usersU 7ho conigure their coF7or-ers PCs, to disgruntled employees,or they can e ull lo7n corporate spies that are 7or-ing at your company. 4t may not epractical to physically secure every 7or-station in your environment, ut your servers needto e in a loc-ed room 7ith monitored access. Consider placing surveillance cameras inyour server rooms and -eeping the tapes or 30 days. ;or des-tops, install a loc- on the

CP8 case, -eep it loc-ed, and store the -ey saely a7ay rom the computer at a securelocation. Ai.e. a loc-ed cainet in the server room

(isable the Guest &ccount 5indo7s "000 inally disales the guest account y deault, ut i you didnt uild theimage yoursel, al7ays doule chec- to ma-e sure the guest account is not enaled. ;oradditional security assign a compleE pass7ord to the account any7ay, and restrict its logon"(E'.

.imit the number of unnecessary accounts/liminate any duplicate user accounts, test accounts, shared accounts, generaldepartment accounts, etc., 8se group policies to assign permissions as needed, and audityour accounts regularly. 6hese generic accounts are amous or having 7ea- pass7ordsAand lots o access and are at the top o every hac-ers list o accounts to crac- irst. 6hiscan e a ig prolem at larger companies 7ith understaed 46 departments. )n audit at a;ortune 10 company 4 7or-ed or revealed that 3,000 o their 1%,000 active user accounts7ere assigned to employees 7ho no longer 7or-ed or the company. 6o ma-e matters7orse, 7e 7ere ale to crac- the pass7ords on more than hal o those inactive accounts.

Create 5 accounts for ministrators4 -no7 this goes against the previous caveat, ut this is the eEception to the rule. Createone regular user account or your )dministrators or reading mail and other common tas-s,and a separate account A7ith a more aggressive pass7ord policy or tas-s re=uiringadministrator privileges. 2ave your )dministrators use the Uun )sU command availale7ith 5indo7s "000 to enale the access they need. 6his prevents malicious code romspreading through your net7or- 7ith admin privileges.

%ename the ministrator &ccount Many hac-ers 7ill argue that this 7ont stop them, ecause they 7ill use the S4! to ind thename o the account and hac- that. +ur vie7 is, 7hy ma-e it easy or them. enaming the

)dministrator account 7ill stop some amateur hac-ers cold, and 7ill annoy the moredetermined ones. ememer that hac-ers 7ont -no7 7hat the inherit or grouppermissions are or an account, so theyll try to hac- any local account they ind and then

1 Copyright * "00( Microsot Corporation. )ll rights reserved


$perations %un &ook

Page - 26

http://labmice.techtarget.com/windows2000/Administration/runas.htmhttp://labmice.techtarget.com/windows2000/Administration/runas.htm


32/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

try to hac- other accounts as they go to improve their access. 4 you rename the account,try not to use the 7ord )dminU in its name. Pic- something that 7ont sound li-e it hasrights to anything.

Consi#er creatin$ a #ummy ministrator account )nother strategy is to create a local account named U)dministratorU, then giving thataccount no privileges and impossile to guess 10 digit compleE pass7ord. 6his should-eep the script -iddies usy or a 7hile. 4 you create a dummy )dministrative account,enaled auditing so youll -no7 7hen it is eing tampered 7ith.

%eplace the 6Eeryone6 Group !ith 6&uthenticate# sers6 on file sharesU/veryoneU in the conteEt o 5indo7s "000 security, means anyone 7ho gains access toyour net7or- can access the data. ever assign the U/veryoneU Group to have access to aile share on your net7or-, use U)uthenticated 8sersU instead. 6his is especially importantor printers, 7ho have the U/veryoneU Group assigned y deault.

Pass!or# Security ) good pass7ord policy is essential to your net7or- security, ut is oten overloo-ed. 4nlarge organi?ations there is a huge temptation or la?y administrators to create all local

)dministrator accounts Aor 7orse, a common domain level administrator account that usesa variation o the company name, computer name, or advertising tag line. i.e.)companyname)1, 7in"-)companyname), etc. /ven 7orse are ne7 user accounts7ith simple pass7ords such as U7elcomeU, UletmeinU, Une7"youU, that arent re=uired tochanged the pass7ord ater the irst logon. 8se compleE pass7ords that are changed atleast every 0 days. Pass7ords should contain at least eight characters, and preeralynine Arecent security inormation reports that many crac-ing programs are using the eightcharacter standard as a starting point. )lso, each pass7ord must ollo7 the standards setor strong pass7ords .

Pass!or# protect the screensaer +nce again this is a asic security step that is oten circumvented y users. Ma-e sure allo your 7or-stations and servers have this eature enaled to prevent an internal threatrom ta-ing advantage o an unloc-ed console. ;or est results, choose the lan-screensaver or logon screensaver. )void the +penG9 and graphic intensive program thateat CP8 cycles and memory. Ma-e sure the 7ait setting is appropriate or your usiness. 4 you can get your users in the hait o manually loc-ing their 7or-stations 7hen they 7al-a7ay rom their des-s, you can proaly get a7ay 7ith an idle time o 1% minutes or more.Wou can -eep users rom changing this setting via Group Policy.

se 0TFS on all partitions;)6 and ;)63" ;ile systems dont support ile level security and give hac-ers a ig 7ideopen door to your system. Ma-e sure all o your system partitions are ormatted using

6;S.

&l!ays run &nti31irus soft!are )gain, this is something that is considered a asic tenet o security, ut you 7ould esurprised at ho7 many companies dont run )ntiFVirus sot7are, or run it ut dont update it.6odays )V sot7are does more than ust chec- or -no7n viruses, many scan or othertypes o malicious code as 7ell.


$perations %un &ook

Page - 27


33/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Secure your Bac'up tapes4ts ama?ing ho7 many organi?ations implement eEcellent platorm security, and then dontencrypt and#or loc- up their ac-up tapes containing the same data. 4ts also a good idea to

-eep your /mergency epair !is-s loc-ed up and stored a7ay rom your servers.

Mi! 0e-el &ecurit" Measures

se the Security Confi$uration Toolset inclu#e# !ith Win#o!s 5777 to confi$ure policies8Microsot provides a Security Coniguration 6oolset 7hich provides plug in templates or theMMC that allo7 you to easily conigure your policies ased on the level o security youre=uire. 6he template includes a long list o conigurale options Amany o 7hich appear onthis chec-list and also includes a useul security analysis tool. ;or more inormation,

do7nload the documentation here. 4 your 7or-station is not part o a domain, you can stillenale policies y using the Poledit.eEe ile rom the 5indo7s "000 Server C!F+M. ;ormore inormation, chec- out Microsot Ono7ledge Base )rticle: "'>> F 2o7 to Secure5indo7s "000 Proessional in a onF!omain /nvironment.

(on9t allo! unmonitore# mo#ems in your enironment +ne o the easiest hac-s in the 7orld is inding a companys phone numer preiE andsuiE range and 7ardialing or a modem that pic-s up. )ter 7eeding through the aEmachines, you can either loo- or an unsecured 7or-station 7ith )S enaled, or one 7ithSymantecs PC )ny7here loaded on it. 4 either one is conigured incorrectly, you caneasily gain access to the local machine and 7or- up rom there. 4 you have a digital phonesystem, get a list o every analog line that comes into your 7or-place and ind out 7here itgoesX /very PC hoo-ed to a modem is a security ris-. Ma-e sure theyre conigured

correctly and audited regularly.

Shut #o!n unnecessary serices8nnecessary services ta-e up system resources and can open holes into your operatingsystem. 44S, )S, and 6erminal Services have security and coniguration issues o theiro7n, and should e implemented careully i re=uired. 6here are also several maliciousprograms that can run =uietly as services 7ithout anyone -no7ing. Wou should e a7are o all the services that all run on your servers and audit them periodically. 6he deault servicesallo7ed in a 5indo7s 6 (.0 C" certiied installation are:

Computer Bro7ser

Microsot !S Server

etlogon

69M SSP

PC 9ocator

6CP#4PetB4+S2elper

Spooler

Server

54S

5or-station


$perations %un &ook

Page - 28

http://www.microsoft.com/windows2000/techinfo/howitworks/security/sctoolset.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/security/sctoolset.asphttp://support.microsoft.com/?kbid=269799http://support.microsoft.com/?kbid=269799http://www.winnetmag.com/Articles/Index.cfm?ArticleID=2293http://www.microsoft.com/windows2000/techinfo/howitworks/security/sctoolset.asphttp://support.microsoft.com/?kbid=269799http://support.microsoft.com/?kbid=269799http://support.microsoft.com/?kbid=269799http://www.winnetmag.com/Articles/Index.cfm?ArticleID=2293


34/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

PC Service /vent 9og

5indo7s "000 has not een sumitted or C" certiication y Microsot, so an updated listo services is not availale. 5hat services are deemed unnecessary may vary ased onthe unction o your server and#or 7or-stations. Please test your speciic coniguration in ala environment eore enaling it in your production net7or-. ) list o services availale in5indo7s "000 Server Aas 7ell as their deault settings can e ound here

Shut #o!n unnecessary ports6his is a udgment call ased on your needs and ris-s. 5or-stations arent normally at ris-ehind a ire7all, ut never assume your servers are saeX ) hac-ers irst attempt atrattling the doors and 7indo7s usually involves using a port scanner. Wou can ind out a listo open ports on your local system y opening the ile located at systemrootYdriversYetcYservices. Wou can conigure your ports via the 6CP#4P Security consolelocated in the 6CP#4P properties AControl #anel J Net(ork an! Dial Up Connections J

0ocal Area Connection J Internet #rotocol 1TC#/I#2 J #roperties J A!-ance! JOptions J TC#/I# Filterin, 6o allo7 only 6CP and 4CMP connections, conigure the 8!Pand 4P Protocol chec- oEes to UPermit +nlyU and leave the ields lan-. ) list o deaultports or 5indo7s "000 !omain Controllers can e ound here

Enable &u#itin$ 6he most asic orm o 4ntrusion !etection or 5indo7s "000 is to enale auditing. 6his 7illalert you to changes in account policies, attempted pass7ord hac-s, unauthori?ed ileaccess, etc., Most users are una7are o the types o doors they have un-no7ingly letopen on their local 7or-station, and these ris-s are oten discovered only ater a serioussecurity reach has occurred. )t the very minimum, consider auditing the ollo7ing events:

E-ent 0e-el o' Au!itin,

)ccount logon eventsSuccess, ailure

)ccount management Success, ailure

9ogon events Success, ailure

+ect access Success

Policy change Success, ailure

Privilege use Success, ailure

System events Success, ailure

Set permissions on the security eent lo$ 6he event log iles are not protected y deault, so permissions should e set on the eventlog iles to allo7 access to )dministrator and System accounts only.

Store all sensitie #ocuments on file serers )lthough most ne7 7or-stations come 7ith some very large drives, you should consider


$perations %un &ook

Page - 29

http://labmice.techtarget.com/articles/win2000services.htmhttp://support.microsoft.com/?kbid=289241http://support.microsoft.com/?kbid=289241http://labmice.techtarget.com/articles/win2000services.htmhttp://support.microsoft.com/?kbid=289241


35/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

storing all o a users data Adocuments, spreadsheets, proect iles, etc., on a securedserver, 7here the data is ac-ed up regularly. Modiy the parameters or the UMy!ocumentsU older to al7ays point to the users net7or- share on a secured server. ;or

laptop users, enale the UMa-e availale olineU capailities to synchroni?e the olderscontent.

Preent the last lo$$e#3in user name from bein$ #isplaye# 5hen you press CtrlF)ltF!el, a login dialog oE appears 7hich displays the name o thelast user 7ho logged in to the computer, and ma-es it easier to discover a user name thatcan later e used in a pass7ordFguessing attac-. 6his can e disaled using the securitytemplates provided on the installation C!, or via Group Policy snap in. ;or moreinormation, see Microsot OB )rticle 3101"%

Chec' Microsoft9s !eb site for the latest hotfi:esoody 7rites 30 million lines o code and is going to have it perect the irst time, soupdating service pac-s and hotiEes can go a long 7ay to plug security holes. 6he prolem

is that hotiEes and service pac-s arent regressionFtested as thoroughly as service pac-sand can come 7ith ugs o their o7n. Wou should al7ays test them on a comparale, nonproduction system eore deploying them. Chec- Microsots 6echet Security Page re=uently or the latest hotiEes and decide 7hich ones you need to roll out. Tip; +ur homepage at 9aMice.net al7ays eatures Microsots latest hotiE to save you time.

A!-ance! &ecurit" &ettin,s

Set a po!er on pass!or# 6his should e mandatory or all laptop users, ut is rarely done in most environments orservers and 7or-stations ecause it doesnt allo7 you to remotely log on and reoot amachine to the point that the +perating System 7ill restart. Oeep in mind that an intruder7ho can physically open your computers central processing unit ACP8 can adusthard7are s7itches to disale the po7erFon pass7ord, and could also temporarily install adrive and oot another +S, ypassing all o your security settings. 4 this is a concern oryour company, consider loc-ing the case Ai the model permits it or using removale harddrives that are loc-ed up every night.

(isable (irect(ra! 6his prevents direct access to video hard7are and memory 7hich is re=uired to meet theasic C" security standards. !isaling !irect!ra7 may impact some programs that re=uire!irectD Agames, ut most usiness applications should e unaected. 6o disale it edit theegistry *+(-.$E(-"urrent"ontrolet-"ontrol-/raphics0rivers-0"I and set the valueor 6imeout A/G!5+! to 0

(isable the #efault shares5indo7s 6 and 5indo7s "000 open hidden shares on each installation or use y thesystem account. A6ip: Wou can vie7 all o the shared olders on your computer y typingNET &HARE rom a command prompt. Wou can disale the deault )dministrative sharest7o 7ays. +ne is to stop or disale the Server service, 7hich removes the aility to shareolders on your computer. A2o7ever, you can still access shared olders on othercomputers. 5hen you disale the Server service Avia Control #anel J A!ministrationTools J &er-ices, e sure to clic- Manual or !isaled or else the service 7ill start theneEt time the computer is restarted. 6he other 7ay is via the egistry y editing


$perations %un &ook

Page - 30

http://support.microsoft.com/?kbid=310125http://www.microsoft.com/TechNet/security/default.asphttp://www.labmice.net/http://www.labmice.net/http://support.microsoft.com/?kbid=310125http://www.microsoft.com/TechNet/security/default.asphttp://www.labmice.net/


36/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

He"0ocalMac%ineK&*&TEMKCurrentControl&etK&er-icesK0anMan&er-erK#arameters. ;orServers edit )utoShareServer 7ith a /G!5+! Value o 0. ;or 5or-stations, the edit

)utoShare5-s. Oeep in mind that disaling these shares provide an eEtra measure osecurity, ut may cause prolems 7ith applications. 6est your changes in a la eoredisaling these in a production environment. 6he deault hidden shares are:

&%are #at% an! Function

CL DL EL oot o each partition. ;or a 5indo7s "000 Proessional computer,only memers o the )dministrators or Bac-up +perators group canconnect to these shared olders. ;or a 5indo7s "000 Servercomputer, memers o the Server +perators group can also connectto these shared olders

ADMINL SWS6/M++6 6his share is used y the system during remoteadministration o a computer. 6he path o this resource is al7ays the

path to the 5indo7s "000 system root Athe directory in 7hich5indo7s "000 is installed: or eEample, C:Y5innt.

FAL +n 5indo7s "000 server, this used y aE clients in the process osending a aE. 6he shared older temporarily caches iles andaccesses cover pages stored on the server.

I#CL 6emporary connections et7een servers using named pipesessential or communication et7een programs. 4t is used duringremote administration o a computer and 7hen vie7ing a computersshared resources

Net0o,on 6his share is used y the et 9ogon service o a 5indo7s "000Server computer 7hile processing domain logon re=uests.

#RINTL SWS6/M++6YSWS6/M3"YSP++9Y!4V/S 8sed duringremote administration o printers.

(isable (ump File Creation ) dump ile can e a useul trouleshooting tool 7hen either the system or applicationcrashes and causes the inamous UBlue Screen o !eathU. 2o7ever, they also can providea hac-er 7ith potentially sensitive inormation such as application pass7ords. Wou candisale the dump ile y going to the Control #anel J &"stem #roperties J A!-ance! J&tartup an! Reco-er" and change the options or 5rite !eugging 4normationU to one.4 you need to trouleshoot uneEplained crashes at a later date, you can reFenale thisoption until the issue is resolved ut e sure to disale it again later and delete any storeddump iles.

Enable EFS ,Encryptin$ File System-5indo7s "000 ships 7ith a po7erul encryption system that adds an eEtra layer o securityor drives, olders, or iles. 6his 7ill help prevent a hac-er rom accessing your iles yphysically mounting the hard drive on another PC and ta-ing o7nership o iles. Be sure toenale encryption on ;olders, not ust iles. )ll iles that are placed in that older 7ill eencrypted. ;or more inormation chec- out our /;S esource Center


$perations %un &ook

Page - 31

http://labmice.techtarget.com/windows2000/FileMgmt/EFS.htmhttp://labmice.techtarget.com/windows2000/FileMgmt/EFS.htmhttp://labmice.techtarget.com/windows2000/FileMgmt/EFS.htm


37/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

Encrypt the Temp Fol#er )pplications use the temp older to store copies o iles 7hile they are eing updated ormodiied, ut they dont al7ays clean the older 7hen you close the program. /ncrypting

the temp older provides an eEtra layer o security or your iles.

.oc' #o!n the %e$istry 4n 5indo7s "000, only )dministrators and Bac-up +perators have deault net7or- accessto the registry, ho7ever you may 7ish to tighten this do7n even urther. 6o restrict net7or-access to the registry, ollo7 the steps listed in 6echet )rticle 1%31$3

Clear the Pa$in$ File at shut#o!n6he Pageile is the temporary s7ap ile 5indo7s 6#"000 uses to manage memory andimprove perormance. 2o7ever, some 3rd party programs may store store unencryptedpass7ords in memory, and there may e other sensitive data cache as 7ell. Wou can clearthe pageile at shutdo7n y editing the egistry OeyHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory

Management and changing the data value o the ClearPage;ile)tShutdo7n value to 1

(isable the ability to boot from a floppy or C( %OM on physically unsecure#systems86here are a numer o 3rd party utilities that pose a security ris- i used via a oot dis-Aincluding resetting the local administrator pass7ord. 4 your security needs are moreeEtreme, consider removing the loppy and C! drives entirely. )s an alternative, store theCP8 in a loc-ed eEternal case that still provides ade=uate ventilation.

(isable &uto%un for C(3%OM #ries on physically unsecure# systems8+ne o the easiest 7ays or a hac-er 7ith physical access to a companys PCs to distriutemalicious code is via the C!F+M. By creating a custom C! 7ith a payload set to launchrom the autorun eature in any machine, a hac-er can aect any numer o unloc-ed

systems 7ithout ever leaving a ingerprint or touching a -eyoard. +r he#she can simplyleave a e7 o these lying around the oice mar-ed UMP3sU, or UPayroll !ataU and 7ait oran unsuspecting user to simply pic- it up and insert it into their machine. Wou can disalethis unction y editing the egistry and changing the HE*0OCA0MACHINE

K&*&TEM KCurrentControl&et K&er-ices C!rom su-ey and set the AutoRun value to 0

%emoe the OS/5 an# POSI< Subsystems4 you are not using these susystems Aand people rarely do, removing them may improveperormance and also closes a potential security ris-.

To remo-e t%e O&/@ an! #O&I su$s"stems:1. !elete the K(inntKs"stem


38/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

e": 2O/W9+C)9M)C24/YSWS6/M

&u$ke": CurrentControlSetYControlYSession ManagerY/nvironment

Entr": +s"9iPath

alue: delete entry


&u$ke": CurrentControlSetYControlYSession ManagerYSuSystems

Entr": +ptional

alues: delete entry


&u$ke": CurrentControlSetYControlYSession ManagerYSuSystems

Entr": delete entries or +S" and P+S4D

6he changes ta-e eect the neEt time the computer is started. Wou might 7ant to updatethe emergency repair dis- to relect these changes.

Consi#er usin$ SmartCar# or Biometric #eices instea# of pass!or#s86he more stringent your pass7ord policy is, the more li-ely your users 7ill egin -eepingpaper pass7ord lists in their des- dra7ers, or taped to the ottom o their -eyoard.5indo7s "000 supports these devices, so consider the costs vs. ris-s o your mostsensitive data.

Consi#er implementin$ IPSec Basically, 4PSec provides encryption or net7or- sessions using the 4nternet Protocol A4Pand promises to oer transparent and automatic encryption o net7or- connections. ;ormore inormation, clic- here


$perations %un &ook

Page - 33

http://labmice.techtarget.com/networking/ipsec.htmhttp://labmice.techtarget.com/networking/ipsec.htmhttp://labmice.techtarget.com/networking/ipsec.htm


39/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

0INU &ECURIT* CHEC0I&T

6he ollo7ing is a recommended security chec-list or 9inuE servers. 6his document should eused as a guide to the installation and coniguration o 9inuE Servers in conunction 7ith anagreed security plan or the identiied systems. 6he document is designed or use y eEperiencedsystem administrators. Some o the settings may e dependant on the patch levels o thecomponents in use, and thereore dierencies may eEist et7een this document and the actualile paths and access control settings on your machine. Most o the points elo7 can eaddressed y running security scripts made speciically or every system AE. 2ardensuse, utdue to the general nature o these scripts or applications it is not advised to use them 7ithout

proper testing.Initial Installation

Install t%e 0atest #atc%es

4n most cases distriution vendors 7ill provide an update acility or the distriution o patches.6he latest system patches should e installed prior to operational deployment. Particularattention should e paid to those net7or- services that the operating system ma-es availale toremote clients Aeg: 5e A)pache, Mail Asendmail#postiE#imapd, and so on.

4t is also recommended that the system e updated 7ith ne7ly realeased patches as soon asoperational circumstances allo7.

Bypassing the vendor, and installing patches directly rom the application provider Aeg: romapache.org may also e appropriate in some circumstances, 7here the prolem in =uestion is

signiicant, or the distriution vendor response to security issues is poor.

9atest Patches can e ound at

•!eian tp:##tp.deian.org#deian#dists#staleFproposedFupdates#

•ed2at tp:##tp.redhat.com#pu#redhat#linuE#updates

•SuSe tp:##tp.suse.com#pu#suse#i3$


40/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

)ll the servers should have the same time settings in order to e ale to evaluate logs properly.

1. 6here should e a timeF?one entry in #etc#sysconig#cloc- containingZ+/LJ/urope#BerlinJ. +r in !eian #etc#time?one should contain /urope#Berlin

". 6here should e a 6P system installed 7ith timeservers conigured or synchronisationAE. #etc#ntp.con should contain server a..c.d preer

• 6imeservers in +ssBss are 10.130."00.'0 or 10.130."00.$0

o 4n Management net7or- 10.10.$.'0 or 10.10.$.$0

o 4n internet net7or- there are oicial time servers at

http'((www.eecis.udel.edu()mills(ntp(clock*.htm

&o't(are &election

4 system should e reshly installed, there should e core installation used and only thosepac-ages added that are re=uired or operation o the system. )ll the eEternal pac-ages thatcant e patched should e -ept updated to the latest operational version AE. SS2 pac-ageshould e version 3.(.1 or higher.

)ll the unnecessary modules should e also removed.

Minimie $oot ser-ices or !aemons

)ll the unnecessary daemons or services starting at oot time A etcrc2&d should e removed ordisaled. 6hey can also e listed 7ith ch%config 3list on all systems eEcept !eian&

;D.) service can e disaled 7ith ch%config 3level 4 lpd off or ust removed rom etcrc&drc4&d15lpd

Messa,e TeGt 'or users attemptin, to lo, on

#etc#motd

Place the ollo7ing message Aor a similar one into this ile. 4t contains a message that 7ill e

printed ater a successul login.$his is a private computer facility& Access for any reason must be specificallyauthorized by the owner& 6nless you are so authorized, your continued access andany other use may e7pose you to criminal andor civil proceedings& 6sage may bemonitored&

#etc#issue

Place the ollo7ing message Aor a similar one into this ile. 4t contains a message that 7ill eprinted during the login process.

$his is a private computer facility& Access for any reason must be specificallyauthorized by the owner& 6nless you are so authorized, your continued access andany other use may e7pose you to criminal andor civil proceedings& 6sage may be

monitored&#etc#issue.net

Place the ollo7ing message Aor a similar one into this ile. 4t contains a message that 7ill eprinted during the login process.

$his is a private computer facility& Access for any reason must be specificallyauthorized by the owner& 6nless you are so authorized, your continued access andany other use may e7pose you to criminal andor civil proceedings& 6sage may bemonitored&


$perations %un &ook

Page - 35


41/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

NOTE: 6he users may see oth the #etc#motd and the #etc#issue messages 7hen they login.

SS2 daemon should e conigured to display the message y putting this line into sshdconig:Printmotd yes

#ri-ile,e! Account 0o,in &ource

4n order to ensure security o the root account there should e limitations placed on the source ologin.

oot should e ale to log into the system only locally Avia console or 7ith su command.

6his can e ensured y :

1. 4n etcnologin there should e all the administrative accounts

". 4n etcsecurityaccess&conf there should e a line

F:)99 /DC/P6 7heel shutdo7n sync:console

F:)99 /DC/P6 root:)99 /DC/P6 console

3. 4n sshdcon put line Permitoot9ogin no

Net(ork !ri-er con'i,uration

Ma-e the ollo7ing adustments to the etcsysctl&conf to protect the machine rom some types onet7or- attac-s.

1. net.ipv4.ip_forward = 0

2. net.ipv4.conf.all.accept_source_route = 0

3. net.ipv4.tcp_max_syn_backlog = 40!

4. net.ipv4.conf.all.rp_"lter = 1

#. net.ipv4.conf.all.send_redirects = 0

!. net.ipv4.conf.all.accept_redirects = 0

$. net.ipv4.conf.default.accept_redirects = 0

and protect the configuration file'

• cho7n root:root #etc#sysctl.con

• chmod 0


42/47

+perations un Boo-

"#$#"01% & ':%$:(( )M

comsat: a daemon 7hich is used to notiy users o ne7ly arrived email. 6here are alternatemeans o doing the same thing, and there are occasional rumors o security prolems 7ithcomsat. 8nless you have some over7helming need or this, turn it o.

talk: allo7s users to communicate y typing at each others terminals.uucp: oody uses uucp anymore F disale this. 5hile you are at it, you may as 7ell turn oeEecute permission on the uucpFrelated shell commands.

t'tp: ;6P 7ithout any security. 6his should e needed only i your system 7ill e used or ooting7or-stations. 4 this is the case, you must invo-e the daemon 7ith the Fs lag, as in:

tftp dgram udp wait root in&tftpd s tftpboot

4 you dont, ttp can e used to retrieve any ile rom your system, anonymously. )lso ma-e all theiles in the ootile directory readFonly. ;inally, restrict access to the service using 6CP7rappersand

4P;ilter#4PChains.

'in,er : this gives out inormation on 7ho is loggedin, or peoples phone numers and oices.8nortunately this inormation can e used y a potential intruder to ind accounts to attac-. Woumay 7ish to disale this, run a custom inger daemon, or restrict access to it using 6CP7rappersand

4P;ilter#4PChains.

s"stat> netstat: these services give out inormation aout your system. 6he comments or ingerapply to these.

time : Gives out the system time to any remote host that as-s or it. Proaly sae ut can edisaled 7ithout impacting the system.

ec%o> !iscar!> !a"time> c%ar,en: these are used or testing, and are generally sae, thoughthere have een reports o 6CP pac-ets 7ith orged 4P source addresses eing used to tric- asystem into sending echo pac-ets to itsel, causing a pac-et storm on the local ethernet segment.!isale them and only turn them on 7hile testing.

reG! F this is the emote Pr

Documents

Operations Run Book Found