From the course: Career Essentials in System Administration by Microsoft and LinkedIn

What security means to the role of a systems administrator

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

What security means to the role of a systems administrator

- Many large organizations have a security team, but most organizations aren't large enough to have this luxury. So this is going to fall on one or more of the sysadmins in a company. It's important to know what will be expected of you as a sysadmin when it comes to security. The average cost of a security breach is now in the millions. And I've seen more than one company go under for a single breach. Your job as a sysadmin, who also works to secure the infrastructure, starts with monitoring systems. Make sure you have a good monitoring program, regardless if your data is in the cloud or on-premises. If any resource like a server goes offline or suddenly becomes very busy, it could be because of a breach. Next, you need to identify security vulnerabilities. Your company may use software that's outdated, but so customized, they can't get rid of it. Find out what ports they listen on and what databases they use, along with the versions of files that make it work. Then, find ways to mitigate the risk by hiring a programmer, lock down unused ports, or look to replace it altogether. Do the same for hardware you may not be able to replace right away as well. Monitor traffic using intrusion prevention and detection devices, and services. These will tell you if any unusual traffic is happening and if they fit a particular attack pattern. When these are found, you can have a script auto run to block the traffic or you can manually go in and mitigate the issue. Have good antivirus that is up to date and works with your applications. Some AV programs cause applications to have issues so make sure everything is compatible. Many companies are adding a second AV as well. Make sure these don't try to fight each other causing a kernel panic in your operating system. Run updates on a regular basis, but not just for Windows computers, do it for all operating systems and applications. You may need System Center Configuration Manager to do this or use Endpoint Manage Cloud Service from Microsoft. Any vulnerability could be the way you're compromised. Encrypt all data that leaves your office with products like BitLocker. If not, then all client data that has been lost by a missing laptop will have to be reported to the client and that could be a difficult discussion. Encrypt all data streams within the organization to prevent man-in-the-middle attacks. This can include VPNs, DNS security, SMB 3.11, and others. Use certificates to ensure data streams are protected as needed. Prepare a network recovery plan. Make sure backups are not on the active directory domain and have some available that are in the cloud or offline in case of a ransomware encryption attack. Recovery needs to happen as quickly and completely as possible after a breach. Once you've set up security the way you believe it should be done, it's important to have a security audit done of your network. This will not only give you peace of mind but will allow the company to obtain cyber insurance to protect the company's assets in case of attack.

Contents