The Wayback Machine - https://web.archive.org/web/20180123201017/http://www.upenn.edu/computing/security/views/sysadmin.php
Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Tuesday, January 23, 2018
 
  New Resources
Security Logging Service
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption
 
  Best Practices
Standards
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical Component compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Information Security Resources for System Administrators

Security Responsibilities of Systems Administrators

  1. Ensure that your servers are properly secured.
  2. Ensure that your web applications follow Penn's security standards.
  3. Familiarize yourself with all of Penn's information security, networking and privacy policies.
  4. Identify, register with Information Security and bring into compliance, any Critical Hosts for which you are responsible.
  5. Subscribe to the appropriate Penn security mailing lists.
  6. Subscribe to your operating system vendor and application software vendors' security advisories email list.
  7. Report all critical security incidents to information security.

Alerts & Advisories

  • CERT: The CERT Coordination Center (at Carnegie Mellon) has up-to-date security alerts, as well as general security advice and research resources
  • SANS: Internet Storm Centerâ„¢monitoring and reporting on global internet traffic
  • Microsoft: Security Bulletins from MS TechNet
  • Apple: Security updates from AppleCare's KnowledgeBase
  • Linux: Advisories and information from LinuxSecurity
  • Virus alerts from Penn's virus information center


Security Guides & Checklists

  • In recent years Penn Information Security has provided site-licensed copies of the "Step-By-Step" Guides from the SANS Institute for securing the major operating systems, however, we no longer are licensing them. In their place we are recommending that support providers and system administrators make use of the excellent tools and checklists (most of them free) available from the Center for Internet Security at their website: www.cisecurity.org.

    Even though the SANS Step-By-Step Guides are no longer available at Penn, the SANS website www.sans.org remains an excellent source of information, white papers, etc.
  • Web Security Standards: Things to consider in order to limit the risks associated with using web-based applications for sensitive data
  • Selling/Donating Old Computers: How to prevent private or sensitive information from accidentally being given to the recipients of donated or discarded equipment.

Last updated: Friday, July 13, 2007

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania