Best IT Documents.com Blog


Sample – Application Maintenance and Project Support Methodology

Posted in Application,Projects (400),Security (1500) by Guest on the June 30th, 2013

“Managed Service Provider” provides maintenance services for its clients Application Systems that cover a wide range of technologies and businesses, and are typically critical to a client’s business. Our consultants take a proactive approach to Application System maintenance, by focusing on long-term functionality, stability and preventive maintenance to avoid problems that typically arise from incomplete or short-term solutions. This approach, coupled with our quality processes, allows our clients to continually reduce recurring maintenance costs. While we perform most of the Application System maintenance work using secure and redundant communication links to our client’s systems, we also maintain a team at the client’s facility to coordinate certain key interface and support functions. 

We believe that a matured support plan would lay the foundation for an effective application maintenance and development support framework for our clients. 

Project Initiation Phase

  • To define the scope of work for onsite/ offshore
  • To translate client’s objectives into detailed SLAs, procedures and guidelines
  • To develop connectivity and infrastructure plan 

Knowledge Transfer Phase

  • To understand client’s business and technical environment
  • To understand systems to be maintained and supported
  • To draw up detailed plan for maintenance and support

Knowledge Acquisition 

Activity Description
Business Overview
  • Team will get to know the Top level functionality
  • Main Processes will be discussed during this phase
Technical Overview  
  • Team will get an understanding on Technical Architecture
  • Development Environment will be discussed
Understand
  • Team will understand the History of maintenance and problem logs
  • Standards, Testing and Acceptance procedures will be looked upon
Analyze existing system metrics  Team will analyze the existing metrics. Following are some of the metrics which will be analyzed during this phase:

  • Number of programs
  • Program performance
  • Present and planned support base
Planning  Once the above phases are completed, the team will plan for the following:

  • Maintenance Plan
  • Finalize Team
  • Structure (Onsite/Offshore/Offsite)
  • Fine tune team size
Connectivity  After the teams are finalized and the plans are made, following activity takes part:

  • Finalize Connectivity requirements
  • Establish connectivity from Offshore/Offsite
Finalize Service Levels  Service levels are discussed based on the historical data and the commitment from “Managed Service Provider”:

  • Quality metrics
  • Productivity metrics
  • Maintenance metrics
 Interaction with external teams  Once the service levels are finalized, the team will have interactions with the following team:

  • Operations council
  • Database Administrators
  • Change Control Board
  • Third Party Vendors

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Sample – Application Maintenance and Project Support Methodology

Welcome to Bestitdocuments.com Weblog

Posted in O S (375) by Guest on the June 27th, 2013

Why did we build this site, why did I we start this blog?

Because in our years of IT experience we found that consulting companies think they have all the answers. The truth is they don’t even know all of the questions for most organizations.

You found us because you were looking for information in an effort to fast track your projects or simplify your job. Since 2007 we have tried to provide the best most relevant information we can on the subjects below.

We focus on, among other things on:

IT Architecture,

Business – Strategies,

Change – Management,

Data-Center Procurement,

IT Services, Help-Desk,

Application – Assessments,

Data – Overview,

Data Demographic Assessments,

Identity and Access Management (IAM) – Role Based Access Controls (RBAC),

Roles – and – Responsibilities,

Assessments,

Audit-Reports,

Firewall,

IDS – Services,

Incident – Response,

SIM / SEM,

IT Methodology,

Networking,

OS Security,

Project Management,

RFI, Risk – Management,

RMD – Policy – Procedure,

Testing, Web – Services

See our supportive technology templates at:

http://www.bestitdocuments.com/Services.html for remediating of these technology solutions. 

Always verify the accuracy, completeness of the information on this site before you use it.

 

Comments Off on Welcome to Bestitdocuments.com Weblog

Comparison between Mindmap and Microsoft Visio

Posted in Visio Samples - Stencils (457) by Guest on the June 25th, 2013

Hands down Microsoft Visio…..

Many more features to Visio just all around a better product. In addition we have tried to contact Mindmand for support and partnerships and they don’t even bother to respond.

Not that Microsoft responds to our inquiries either but at least the products work far better.

We are going to post the remainder of the Mindmap files we have and stop building document solutions for Mindmap.

http://www.bestitdocuments.com/Services.html

 

Comments Off on Comparison between Mindmap and Microsoft Visio

Enabling – Oracle Audit Configuration for Security Audit Trails

Posted in Application,Security (1500) by Guest on the June 22nd, 2013

Make sure you have enough disk space to support the storage of the event logs and make sure you have a process or strategy for log rotation / retention.

The purpose of this document is to define the specific Oracle parameters required to capture the desired Oracle database events to the SYS.AUD$ table on test database residing on host “Host-Name”. 

The audit parameters specified below are recommended in general to enable auditing. 

  • Modification of users accounts on Oracle (create and delete accounts)
  • Access granted and denied for Oracle database and its tables
  • Configuration changes on the Oracle database objects
  • Users accessing database directly rather than through an application 

Oracle User Permissions

When the Oracle Recorder was installed on “Host-Name”, an Oracle user account was specified.  This is the account that the Oracle Recorder uses to access the records in the SYS.AUD$ table.  The account must have the required permissions to access this table. 

The following command is used to set the required Oracle UserID permissions: 

  • ROLE CONNECT
  • Sys Priv: SELECT ANY TABLE
    • (and for Oracle 9.x – 11g SELECT ANY  DICTIONARY)
  • Obj Priv: SELECT FROM SYS.AUD$ 

Activate Oracle Audit Trail

To activate audit trail, enter the following command in the Initialization Parameter File, $ORACLE_HOME/dbs/init”Database-Name”.ora, and restart the Oracle instance: 

audit_trail = DB 

To restart the Oracle instance, enter: 

SVRMGR> shutdown abort;

SVRMGR> startup;  

Configure Oracle to Audit Connections

In order generate the Oracle audit events to identify users connecting to the database directly rather than through an authorized application, it is necessary to audit for successful or unsuccessful connections and disconnections. 

To set audit for events of successful or unsuccessful connections and disconnections, enter: 

SVRMGR>AUDIT SESSION; 

Configure Oracle to Audit Database Object Access and Modification

In order to generate Oracle audit events for database objects, enter the following command to set the relevant audit parameters. 

SVRMGR> AUDIT ALTER, GRANT, INSERT, UPDATE, DELETE ON DEFAULT; 

These Oracle audit parameters will generate the events to support the following test cases: 

  • Access granted and denied for Oracle database and its tables
  • Configuration changes on the Oracle database objects
  • Modification of users accounts on Oracle (create and delete accounts) 

http://www.bestitdocuments.com/Data_center.html

 

Comments Off on Enabling – Oracle Audit Configuration for Security Audit Trails

Sample Visio – Simple IT Infrastructure

Posted in Visio Samples - Stencils (457) by Guest on the June 18th, 2013
Comments Off on Sample Visio – Simple IT Infrastructure

Network Security Scan Types and Considerations

Network Scan Types and Scope
This network scanning recommendations defines network scan types, identifies reasons for scanning, identifies times when network scanning is allowed, who should approve network scanning, and specifies who should be notified when network scanning is done.

Network device location scan – This scan may use different means to determine IP addresses of active devices on the network. Methods:

ARP Scan – An ARP broadcast can be sent to network IP addresses asking what is are the responses

MAC address of the host with IP address x.x.x.x. If a response occurs, there is an active host at that address.

Internal full port scan – Checks to determine what services are running on each host. This may be done against selected hosts or all hosts including servers and workstations.

Methods:

Socket connect scan – Tries to complete a socket connection to a port on a host computer.

This scan allows the host computer to log the connection.

SYN scan – Sends a SYN packet to the host indicating that it wants to open a socket. But when the host responds it does not finishing establishing the connection.

FIN scan – Sends a FIN packet to a host port. If a service is not running, the port responds with a reset signal. If the port has a service running on it, the signal is ignored.

External full port scan – Checks to determine what services are running on each host. This test is done from outside the firewall and is directed toward any IP addresses owned by the organization being tested. It may use the socket connect scan method, the SYN scan method, or the FIN scan method.

Internal vulnerability scan – Tests the server to see if it is vulnerable to known flaws in the operating system, services, and applications that are running. This test may be directed toward one or more hosts including servers and workstations. This test goes beyond performing a full port scan. It attempts to get information about the operating system and services running on the host. It will attempt to determine the version of the services running on the host. and may even do a penetration test.

External vulnerability scan – Same as the internal vulnerability scan except it is done from outside the organization network and is directed toward any IP addresses owned by the organization being tested.

Internal Denial of service scan – This is a scan using packets which are intentionally designed to make a system crash or tie up resources. The scan is directed against ports but the data sent is usually misconfigured in some unusual way.

External denial of service scan – Similar to the internal denial of service scan except it is directed against IP addresses owned by the organization being tested.

Password Cracking – This test may send default passwords and brute force password guessing against accounts on specified systems. This is really not like a network scan but is covered in this recommendation since it could potentially disrupt service depending on the password policies of the organization. 

Many scanning services will offer some combinations of these types of scans. This recommendation covers all types of network and host scanning.

Network Scanning Reasons

Network scanning may be performed for several reasons

To determine whether computer systems are vulnerable to attack and fix them.

To show companies you may interact with that our servers are reasonably secure.

To fulfill regulatory requirements.

Network scanning shall not be performed without written permission.

Network Scanning Disruptions
Network scanning can be very disruptive to both a network and hosts that are operating on a network. No network scanning shall be allowed without close adherence to this recommendation and the associated procedures. Network scanning can cause systems to crash and network devices to become unreliable which can become very disruptive to the business operations.

http://www.bestitdocuments.com/Networking.html

Comments Off on Network Security Scan Types and Considerations
Next Page »