7 tips for aspiring systems administrators who also like to sleep at night
Nobody likes to get a call in the middle of the night that the company web site is down, or worse, hacked. It’s one of the key reasons why businesses often choose managed hosting solutions, after all. Of course, not all web sites can be run by someone else and in many cases administrating your own servers in a colocation facility makes solid sense.
Even so, what about security and reliability? While web site performance matters, it doesn’t cause panic the way a hacked or broken site can. Your boss probably won’t fire you because the home page takes an extra second to load. Typically, you can upgrade hardware to readily speed up a server. It’s easy. Security and reliability, on the other hand, require more skill.
In this short post I want to merely touch upon best practices which can help aspiring systems administrators sleep at night as well. This list also provides less technically savvy managers and business owners an overview of what their IT staff should already be doing.
Standardize
Some things can’t be so easily fixed later and require forethought and planning. Standardize, document, and automate everything you can, including installations. Deploy a PXE system and standardize all of your servers with the same OS, kernel, and software versions as strictly as you can. Do everything the same and you’ll have far less to keep track of, spend less time managing updates, and experience fewer surprises.
Hardening
Lock down absolutely as much as you can: ports, software, software modules, everything. Restrictions here improve both reliability and security. UC Berkeley’s server hardening guide provides a good example: https://security.berkeley.edu/node/143
Monitoring
Automated monitoring, logging, and reporting can help you find a problem early on and potentially give you a chance to mitigate a problem before it gets serious. Even if you don’t catch it soon enough, logging can help you determine what went wrong so you can more quickly fix things. Icinga is an excellent open source monitoring and notification system.
Backups
Insurance is only appreciated once things have gone all-to-hell but then its more important than anything else. Automatically and regularly store encrypted copies of your data, both on site and off, because worst case scenarios really do happen and when it does you’ll be a hero if you have backups.
Security
Good security requires far more detail than what I can touch upon here. At a minimum, always choose software with a good track record for security, setup a firewall, and encrypt your data. I also strongly encourage using an Intrusion Detection System (IDS) and conducting penetration detection quarterly. NIST‘s Guide to General Server Security is a good place to start.
Redundancy
Within reason, always seek to minimize single points of failure. Things like power supplies and hard drives are known to fail so build resilient servers that can handle such things. Run redundant ethernet drops and power circuits too. Need even more redundancy? Build a High Availability server infrastructure and you’ll be adding scalability too.
Compliancy
Typically, systems administrators don’t care for compliancy audits and certifications. It can seem like jumping through hoops that don’t always seem applicable to their environments. Ultimately, though, audits such as PCI, HIPAA, SSAE 16, ISO 27001 are based on computer forensics from real world data breaches. Whether inconvenient or not, having outside experts review your policies and procedures and test your environment makes a lot of sense. It can also help you get customers who require compliancy audits.
Here at XMission, we’ve been administrating servers and running our data center for years. Contact us toll free by phone (1-877-964-7746) or email (sales@xmission.com) today and find out how we can help you.
XMission initiates legal fight against spammers Netflix Ultra HD 4K now available to XMission subscribers!
Comments are currently closed.
These 7 tips are very important and with security and reliability being at the very top! Thank you for sharing.