6. Ongoing Activities
At this point in time, your site has hopefully developed a complete
security policy and has developed procedures to assist in the
configuration and management of your technology in support of those
policies. How nice it would be if you could sit back and relax at
this point and know that you were finished with the job of security.
Unfortunately, that isn't possible. Your systems and networks are
not a static environment, so you will need to review policies and
procedures on a regular basis. There are a number of steps you can
take to help you keep up with the changes around you so that you can
initiate corresponding actions to address those changes. The
following is a starter set and you may add others as appropriate for
your site.
- Subscribe to advisories that are issued by various security incident
response teams, like those of the CERT Coordination Center, and
update your systems against those threats that apply to your site's
technology.
- Monitor security patches that are produced by the vendors of your
equipment, and obtain and install all that apply.
- Actively watch the configurations of your systems to identify any
changes that may have occurred, and investigate all anomalies.
- Review all security policies and procedures annually (at a minimum).
- Read relevant mailing lists and USENET newsgroups to keep up to
date with the latest information being shared by fellow
administrators.
- Regularly check for compliance with policies and procedures. This
audit should be performed by someone other than the people who
define or implement the policies and procedures.