DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Default server documentation

hello community,
i don't know if this is the right section for this thread. if it's not please accept my ap.
a few weeks ago i have received the task to document the server i maintain. the office i work for develops a document management system for germany.
my boss wants to document the project and present it to some organization that people trust in germany. that organization will give us a license to prove that our system is "ok" from technical/security stand point.
i have never done this sort of documentation so my question is how should i approach this task? what are the main points to take in consideration when doing such a thing?
thank you

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #2   (View Single Post)  
Old 8th May 2008
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 437
Post

I've had to do some security documentation for some of our servers so that they would be allowed to operate on the enterprises network. But, they proved a questionire to fill out.

The main things the want covered are:

- what process are running on the servers.
- who has access to the servers (remotely and physically)
- are there different user roles with different levels of priviledges
and describe them.
- are there logs? are the logs reviewed and how often?
- my servers are in a healthcare/insurance environment so they want
to know information on what can of data it contains and is there a
possiblilty that someone could steal people personal information. And
in the US we have to follow HIPAA guidelines.
- And of course desribe the security procedures and such.

HTH.
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick
Reply With Quote
  #3   (View Single Post)  
Old 8th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Default

I had to do a similar task here. However, my approach had to be focused on security rather than performance or availability.

If you want to do something more generic, you could explain why your machine is performant, secure and scalable.

If you want to do something more security-centric, you could talk about how you deal with security on a daily basis and how security layers are deployed on the machine (firewall, file permissions, defense-in-depth approach, use of secure protocols only, etc.).
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2008
DrJ DrJ is offline
ISO Quartermaster
 
Join Date: Apr 2008
Location: Gold Country, CA
Posts: 507
Default

Quote:
Originally Posted by mtx View Post
... my boss wants to document the project and present it to some organization that people trust in germany. that organization will give us a license to prove that our system is "ok" from technical/security stand point.
I give you my two bits from the view of someone who spends most of his time writing and reviewing the writing of others, though not in the computer field. The cardinal rule of all writing is to write to your audience, and give them what they want or expect. In your case, that is the German company who will issue you the license (or not). If I were in your place, I would try to talk with a person in that company for guidance on what they are looking for, or perhaps some people whose companies have submitted this sort of documentation for review. Then you can fit the details of what is required technically to the story you want to tell.

You don't mention where you are located, but if you are not in Germany, be aware that business in Germany is more formal than it is in the US. You can't just pick up the telephone to identify the right people. Your boss, if he is the company representative, would have to talk to his counterpart in Germany, who would introduce him to a proper contact in the review company; they would decide who in their organizations would talk (or email) with his chosen party (namely, you). Language should be no issue.

Once it is clear what the goal of the review is, and how it is conducted, you should be in a much better position to write the document. It seems that this is none too clear at the moment.
Reply With Quote
  #5   (View Single Post)  
Old 8th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Default

thank you all for advice.
Quote:
You don't mention where you are located,
I am from Romania.
My boss is the german guy who first opened the company in Romania. Now that i have some guidelines i can ask him to talk to the organization who gives the license so that they would contact us (me) through email (phone) and ask for guidance.
Quote:
be aware that business in Germany is more formal than it is in the US
Honestly i don't know how's business in US but you are 100 % right about Germany. Been there after New Years Eve with work and i've noticed that.
Thank you all once again. At least now i see some "light" in this task.

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #6   (View Single Post)  
Old 8th May 2008
DrJ DrJ is offline
ISO Quartermaster
 
Join Date: Apr 2008
Location: Gold Country, CA
Posts: 507
Default

Business in the US is much less formal. Here I could talk directly to the licensing company for advice. You would never to that in Germany: everything goes up the managerial chain, horizontally to the other firm "at the appropriate level", and then back down. Fortunately communication between the rungs of the management ladder usually is pretty rapid.

I should note that in the past I have worked for a German company, but a very large one which may be more formal than many. But I would not count on it.

Whether talking with the other company is the best route to follow or not you will have to decide. But you should have clearly in mind what it is that is expected before you start writing. That a license is issued implies that there are certain expectations that must be fulfilled. (The Germans love licenses too, btw.)

On a tangent, there was a recent article that certain senior people were arrested because they held out the title of "Doktor." Legally they could not do so because those Ph.D. degrees were conferred by US institutions, like Stanford or MIT or CalTech. Instead, their business cards had to state that they held a Ph.D. from this or that university, and the location of the University. But they could not refer to themselves with the honorific "Doktor."
Reply With Quote
  #7   (View Single Post)  
Old 8th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Default

Quote:
Originally Posted by DrJ View Post
On a tangent, there was a recent article that certain senior people were arrested because they held out the title of "Doktor." Legally they could not do so because those Ph.D. degrees were conferred by US institutions, like Stanford or MIT or CalTech. Instead, their business cards had to state that they held a Ph.D. from this or that university, and the location of the University. But they could not refer to themselves with the honorific "Doktor."
This is so ... german. I don't mean to offend anyone just that german people are very focused on quality of things and the well kown "ordnung und disziplin" fact. The thing i love is their punctuality. I think i've gone off topic.
Anyway DrJ thank you very much for you guidance. I'll write back how it works in a while.

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #8   (View Single Post)  
Old 8th May 2008
DrJ DrJ is offline
ISO Quartermaster
 
Join Date: Apr 2008
Location: Gold Country, CA
Posts: 507
Default

No offense -- I'm German too! Well, at least I was born to German parents, and it is my native language.

Thinking about your situation more, I really think you ought to talk with your boss first. He really is your "customer", unless you have been given the responsibility of getting the license by yourself. So ask him what he wants, and what the licensing requirements might be. He either knows and will tell you, or he won't know. If the latter, he may find out, or want you to do so. That is when you ask to talk to the other company, which he can arrange.

But it is fine to ask for clarification for a task you were given. He wants you to do it well, so if you have questions, please ask him.
Reply With Quote
Reply

Tags
document server

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sun Java System Web Server - Active Server Pages (yes ASP) hopla FreeBSD General 0 26th September 2008 08:22 AM


All times are GMT. The time now is 08:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick