Best IT Blog

Sample – Credit Union IT Systems Compliance and Legal Issues

Posted in Business (600) by Guest on the July 15th, 2010

1.0 Overview
This policy defines the basic elements required for the <Company Name> Information Systems Compliance and Legal Issues Monitoring.

2.0 Purpose
To evaluate whether management practices relative to IT have been designed to properly address regulatory compliance and other legal issues.

3.0 Scope
The scope of this policy includes all personnel, including external vendors, who have access to or are responsible for defining, planning or designing the requirements for the production systems for any and all systems located at the <Company Name> facility.

4.0 Policy

4.1 Management will ensure that all procedures are sufficient to ensure compliance with applicable laws and regulations such as Fair Credit Reporting Act (FCRA), Electronic Funds Transfer Act (EFTA), Truth In Savings Act (TISA), and Truth in Lending Act (TILA).

Management should have a process in place to ensure that procedures are updated as necessary to reflect changes in, or requirements to comply with, regulations.

4.2 Management will implement procedures to ensure that user transactions subject to the Bank Secrecy Act are flagged and reviewed for compliance and necessary reporting.

Similar to above, management should have a process in place to ensure that the system flags individual/aggregate transactions subject to the Bank Secrecy Act reporting requirements.

4.3 When new IT relationships are established, management will ensure that the service agreements and/or disclosures provided to users are commensurate with IT services offered.

4.4 Management will routinely monitor to ensure agreements and disclosures are updated and distributed as necessary.

4.5 There will be a policy in place that adequately addresses the collection and use of personal information as it relates to user privacy.

4.6 All comprehensive privacy disclosures will be provided to all on-line users.

4.7 The [Corporate] will monitor and enforce compliance with the privacy disclosures included on the website.

4.8 Policies and procedures will be put in place describing the methods to use to validate transactions, e-mails, and other contractual obligations relating to IT.

Methods used to authenticate users might include unique passwords or PINs known only to the user.

4.9 Warning banners will be put in place to clearly state that unauthorized access or use is not permitted and may constitute a crime punishable by law.

4.10 Policies and procedures will require the periodic review of contracts, partnerships, and affiliations by legal counsel.

4.11 For multi-state/multinational considerations, legal counsel will review the [Corporate]’s IT policies, procedures, and practices to ensure compliance with the regulations applicable to the states/countries in which users reside.

4.12 The [Corporate] will proactively review the adequacy of its bond coverage as IT services are modified (new, revised or terminated services, etc.).

Management should determine whether existing bond coverage will adequately cover IT activities, or if coverage is necessary and available through other resources. 

4.13 Legal counsel will be consulted for significant matters such as IT contracts, partnerships, and affiliations.

The [Corporate] may not have legal counsel on staff; however, certain matters, such as contractual arrangements, partnerships, and interpretation of legal matters may necessitate a review by a legal professional. This review should entail ensuring compliance with applicable laws and regulations.

4.14 Management will actively monitor applicable laws and regulations and update related policies and procedures accordingly.

Many existing laws and regulations (refer to Letter No. 97-CU-5 and Regulatory Alert No. 98-RA-4) are impacted by IT. In addition, new laws and regulations (Gramm-Leach-Bliley Act, Child On-Line Privacy Act, and Digital Signatures Act) are being introduced as a result of this activity.  Management must have a process in place to ensure that policies and procedures are in compliance with any new, as well as, existing laws and regulations.

4.15 Appropriate procedures will be put in place to ensure that IT transactions are legally binding (e.g., verifiably performed by the appropriate party) and cannot be repudiated.

In some instances, IT is evolving more rapidly than the legal standards and remedies. As such, the [Corporate]’s procedures and practices for ensuring that IT transactions are legally binding (can not be repudiated) may need to be addressed by legal counsel.

4.16 The [Corporate]’s website will include an approved privacy statement.

Rules & Regulations Part 716 and 748 discuss the privacy issue. Among other reasons, a good privacy statement, meeting the needs and desires of the usership, may encourage users to sign up for and use the IT services.

5.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

6.0 Definitions

Term                                                    Definition

7.0 Revision History   

BestITDocuments, Inc. Disclaimer

These tools are provided to you at no charge and in as-is condition.  While BestITDocuments considers these tools to be potentially valuable aids in the development and review of security policies, BestITDocuments hereby disclaims any and all warranties whatsoever, express or implied, regarding these tools.  Specifically, BestITDocuments hereby expressly disclaims any and all implied warranties including, but not limited to, any implied warranties of merchantability, fitness for a particular purpose, good workmanship or other such similar warranty.

These tools are designed to be use by trained computer networking professionals who understand security principles, and are offered by BestITDocuments at no charge to be used at your discretion and at your own risk.  By downloading and using these tools, you agree to indemnify, defend and hold harmless BestITDocuments and its affiliates, subsidiaries, directors, officers, employees, agents, successors and assigns (“Related Parties”) from and against any claim, action, loss, damage, expense or liability, including without limitation, defense costs, reasonable attorneys’ fees, penalties and fines, asserted against or incurred by BestITDocuments or its Related Parties, directly or indirectly, by reason of, arising out of or resulting from your use of these tools.


Comments Off on Sample – Credit Union IT Systems Compliance and Legal Issues

Active Directory Sites

Posted in O S (375) by Guest on the July 12th, 2010

A site is a grouping of machines based on a subnet of TCP/IP addresses. An administrator determines what a site is. Sites may contain multiple subnets. There can be several domains in a site.

Active Directory replication to various sites is performed using Active Directory Sites and Services. (Make section explaining how to use this). Sites and subnets are not related to the structure of the domain. 

The following may be created:
· Sites – One or more IP subnets. Generally this refers to a physical site such as a portion of the organization in particular city or part of a city which is linked by leased lines or other media to other parts of the organization.
· Subnets – Subnets must be created in each site object before it is really active. A network address and subnet mask is used to define the subnet.

· Site links – It is a list of two or more connected sites. Whether the link will use RPC or SMTP for passing data must be determined before creating the link since it cannot be changed. Selection IP means selection RPC over IP. Site link information includes:

o Replication schedule – Specify the times the sites can replicate and how often they attempt replication.

o Link cost – High for a low bandwidth link. A high cost link gets lower priority. A lower priority link is normally used if there are more than one link to the same location. 

o Member sites – Lists sites that are connected using the site link.

Transport Mechanism – RPC or SMTP (Mail) is specified.

§ SMTP (Mail) – It cannon be used for replication inside the same site and is a form of asynchronous replication. 

§ RPC – Requires more bandwidth than SMTP.

Bridgehead server – A domain controller that is used to send replication information to one or more other sites across a site link.

· Site link bridges – Allows one site in a string of sites to replicate through one or two sites to a second or third site. These are only used for fine control of how replication will occur across WAN links. This is actually done automatically by AD, without fine control. To use this feature, automatic bridging of site links must be turned off. You must have three sites to create a site link bridge since it takes three sites and two site links to make a string of sites. 

· Global catalog servers – The global catalog is a searchable master index with data about all objects in a forest. The global catalog server maintains this catalog. It:

§ Helps Active Directory resources be located by users.

§ During logon, it provides group membership information.

There is one in each domain by default, and the first domain controller in the domain is originally the global catalog server. It is worthwhile to have a global catalog server on each side of a WAN connection if the domain is spread out across a WAN.                                                                                                                              

If several domain controllers are placed on the network, and later the network is broken into sites, appropriate servers must be manually moved to the appropriate site that they are on. If the domain controller is created after the site is created, the server is placed automatically in the correct site (based on IP address).


Comments Off on Active Directory Sites

Sample System Administration Guide

Posted in O S (375) by Guest on the July 11th, 2010

What should be in your System Administrator’s Guide that will help you deploy, support, and maintain applications in your organization.

It will also help you create a schedule of maintenance tasks to ensure that systems, servers, databases, and printers, are proactively monitored, audited and secured by your System Administrators.

You can use this System Administration Guide to:

  • Improve team efficiencies by monitoring administration tasks 
  • Reduce unplanned outages or unscheduled downtimes
  • Improve security processes 
  • Define procedures for starting and shutting down systems, monitoring performance, installing programs and operating system updates. 
  • Set up User and Group Accounts, user types and privileges, and setting user permissions and passwords. 
  • Schedule database maintenance, moving databases, setting user permissions, and database backup and restores. 
  • Setup local printers, print servers and print clients. 
  • Create security procedures, guidelines, passwords. 
  • Monitor software licenses purchased and installed. 
  • Establish backup procedures, schedules, running scheduled and unscheduled backups, and maintaining backup logs.

Comments Off on Sample System Administration Guide


Posted in Security (1500) by Guest on the July 10th, 2010

Based on obscure ARPANET access control system for terminal servers, later documented and extended by Cisco

Forwards username and password to TACACS server, returns authorization response


Adds support for multiple TACACS servers, logging, extended authorization

Can independently authorize access via PPP, SLIP, telnet and ssh


Separation of authentication, authorization, and accounting functions with extended functionality

Password information is encrypted using RADIUS-style encryption

Password forwarding allows use of one password for multiple protocols (PAP, CHAP, telnet and ssh)

Extensive accounting support (connect time, location, duration, protocol, bytes sent and received, connect status updates, etc)


Control over user attributes (assigned IP addresse(s), connection timeout, etc)

Comments Off on TACACS / XTACACS / TACACS+

Sample Visio – Unix Kernal Exec Layout

Posted in O S (375),Visio Samples - Stencils (457) by Guest on the July 9th, 2010

Free Sample Document download Unix Kernal visio Sample


Comments Off on Sample Visio – Unix Kernal Exec Layout

Sample Corporate Compliance Agreement

Posted in Business (600) by Guest on the July 5th, 2010

Agreement to Comply With Information Security Policies

A signed paper copy of this form must be submitted with all requests for

1) Authorization of a new user-ID,

2) Authorization of a change in privileges associated with an existing user-ID, or

3) Periodic reauthorization of an existing user-ID.  Modifications to the terms and conditions of this agreement will not be accepted by [Your Corporate-name] management.

User Printed Name: ______________________________________

User Department: _______________________________________

User Telephone Number: __________________________________

User’s Office Physical Address & Mail Stop: ______________________

I, the user, agree to take all reasonable precautions to assure that [Your Corporate-name] internal information, or information which has been entrusted to [Your Corporate-name] by third parties (such as customers), will not be disclosed to unauthorized persons.  At the end of my employment or contract with [Your Corporate-name], I agree to return to [Your Corporate-name] all information to which I have had access in order to do my job.  I understand that I am not authorized to use this information for my own purposes, nor am I at liberty to provide this information to third parties without the express written consent of the internal [Your Corporate-name] manager who is the designated information owner.

I have access to a copy of the [Your Corporate-name] Information Security Policies, I have read and understand these materials, and I understand how they impact my job.  As a condition of continued employment at [Your Corporate-name], I agree to abide by these information security policies.  I understand that non-compliance will be cause for disciplinary action up to and including system privilege revocation, dismissal from [Your Corporate-name], as well as criminal or civil penalties.

I agree to choose a difficult-to-guess password as described in the [Your Corporate-name] Information Security Policies document, I agree not to share this password with others, and I agree not to write the password down unless it has been transformed in an unrecognizable way. 

I also agree to promptly report all violations or suspected violations of information security policies to the Director of the Information Security Department (at xxx-xxx-xxxx).

User Signature & Date: ____________________________________

Comments Off on Sample Corporate Compliance Agreement

Active Directory Object Naming

Posted in O S (375) by Guest on the July 3rd, 2010

Active Directory Naming is based on Lightweight Directory Application Protocol (LDAP) (RFC 1777) and Domain Name System (DNS).

Distinguished Name

A Distinguished Name (DN) is used to uniquely name an Active Directory Object. All objects can be referenced using a Distinguished Name. A DN has three components:
   DC – Domain Component
   O – Organization
   OU – Organizational Unit

   CN – Common Name

The Distinguished name takes the form: 


Where “Organization” is the name of the organization, and “Dept” is the department name. 

A Relative Distinguished Name (RDN) is assigned by an administrator to an object. A Distinguished Name (DN) is a RDN with the location of the object in Active Directory.


A User Principal Name (UPN) (defined by RFC 822) is an RDN with a FQDN which is used for email and user logon. The UPN takes the form:

Where “Organization” is the name of the organization, and “Dept” is the department name.

Important LDAP RootDSE Object Attributes

Active Directory uses the Lightweight Directory Access Protocol (LDAP) naming method to name objects. The RootDSE search tree can be used to identify the forest root, domain, and various parts of the Active Directory schema. Important attributes of RootDSE:
   schemaNamingContext – Can be used to send a query to locate the schema.

   subSchemaSubEntry – Has the location of the subschema. The subschema contains classes and attributes in the Active Directory database.


Comments Off on Active Directory Object Naming