For every server on a secure network, there are a list of items that must be documented and reviewed on a regular basis to keep a private network secure. This list of information about every server should be created as servers are added to the network and updated regularly. Image alternative text

  1. Server name
  2. Server location
  3. The function or purpose of the server.
  4. Hardware components of the system including the make and model of each part of the system.
  5. List of software running on the server including operating system, programs, and services running on the server.
  6. Configuration information about how the server is configured including:
  7. Event logging settings
  8. A comprehensive list of services that are running.
  9. Configuration of any security lockdown tool or setting
  10. Account settings
  11. Configuration and settings of software running on the server.
  12. Types of data stored on the server.
  13. The owners of the data stored on the server.
  14. The sensitivity of data stored on the server.
  15. Data on the server that should be backed up along with its location.
  16. Users or groups with access to data stored on the server.
  17. Administrators on the server with a list of rights of each administrator.
  18. The authentication process and protocols used for authentication for users of data on the server.
  19. The authentication process and protocols used for authentication for administrators on the server.
  20. Data encryption requirements.
  21. Authentication encryption requirements.
  22. List of users accessing data from remote locations and type of media they access data through such as internet or private network.
  23. List of administrators administrating the server from remote locations and type of media they access the server through such as internet or private network.
  24. Intrusion detection and prevention method used on the server.
  25. Latest patch to operating system and each service running.
  26. Groups or individuals with physical access to the area the server is in and the type of access, such as key or card access.
  27. Emergency recovery disk and date of last update.
  28. Disaster recovery plan and location of backup data.