Fundraising/techops/procedures/servers-server policy

From Wikitech

Fundraising Server Policy

Maintainer: Fundraising Tech Operations

Created: 2023-07-21

Review Required by: 2024-07-25


This policy applies to servers in the Fundraising environment, which are installed, secured, and maintained by FR Tech Ops.

Server Role and Function

A server should handle one primary function.

If multiple primary functions exist on the same server, one of the following must apply:

  • Primary functions differing security levels are isolated from each other.
  • Primary functions with differing security levels are secured to the level required by the function with the highest security need.

Server Operating System

Fundraising servers are required to run an industry standard operating system meeting the Infrastructure Foundations Operating System Upgrade Policy.

Additional Software

Only necessary software should be installed on any server.

Stock software packages provided and maintained by the OS vendor are preferred.

Non-stock vendor software packages may be used if the version available directly from the vendor is better suited for the application in our environment.

Locally-built packages may be used if no suitable off-the-shelf vendor package is available.

Custom software may be used if it is better suited for the application in our environment.

Software Updates

Operating system and other software updates and patches should be applied as soon as possible after they become available.

Security mitigations and patches must be applied within timeframes specified by WMF (draft) Security Policy - Vulnerability Matrix.

Services and Protocols

Only necessary services, protocols, daemons, and functions may be enabled, with all unnecessary functionality removed or disabled.

No insecure protocols may be enabled unless a business justification is documented, and additional security features must be documented and implemented to reduce risk.

Users and Administrative Access

Only necessary accounts may be enabled on servers, extraneous accounts must be removed or disabled.

Vendor default passwords must be removed or changed.

All non-console administrative access must be encrypted using strong cryptography and must employ multi-factor authentication.

Security Services

A host firewall must be enabled and configured appropriately for the server role.

Host intrusion detection must be enabled and configured appropriately for the server role for security-sensitive roles.

Servers in the PCI Cardholder Data Environment must employ an up-to-date industry standard virus scanner.

Audit logging must be enabled per WMF Security Logging and Alerting Policy, with off-host logging to Fundraising central logger service and audit log collectors.

Servers must be configured to remain synchronized to network time.

Secure Decommissioning

Server disks and other storage media must be securely erased or destroyed before leaving the secure datacenter environment.