Being a System Administrator for your own PC

So you want to be your own system administrator?
Following are some recommended minimum requirements.  Note that this list is not intended to be complete, nor is it intended to be official policy; it is merely an indication of the kinds of things we expect you to do if you are to be considered the system administrator of your system.  It is hoped that by elucidating these tasks and duties that you will better see the value of hiring someone (perhaps even CUSG?) to handle the system administration for you.

Per EECS Dept policy, you are required to:

  1. Have your machine properly registered in the department LDAP Ports Database.
  2. Have your email address listed as "Point of Contact" in the department LDAP Ports Database.

    3. You need to be reachable at any time in case of breach of security; you'll need to hand off said responsiblity to someone else when you'll be unavailable.
  3. Keep your system upgraded to one of the current OS versions supported by IDSG.
  4. Make sure appropriate security customizations are done, as recommended by IDSG.
  5. Keep your system up-to-date with respect to OS and software patches.

    6. Out-of-date software can be ripe with security holes.
  6. Enable strong user password authentication, and disable clear-text password authentication.
  7. Abide by the department computer account policies.
  8. Keep up-to-date anti-virus software on Windows machines.

    9. Anti-virus software should be configured to auto-update virus definition tables regularly, since new viruses come out continually.
  9. Subscribe to eecs-sysadmins@eecs mailing list.

Per EECS Dept policy, it is strongly recommended that you also:

  1. Run only the necessary system and networking services required.

    2. Every service that runs on your machine is a potential security hole.  It is unacceptable risk to duplicate services available elsewhere.

You really should also:

  1. Subscribe to the micronet mailing list [micronet-list@uclink.berkeley.edu].
  2. Subscribe to appropriate SANS mailing lists, such as SANS Security Alert Consensus weekly bulletin, SANS Windows Security Digest monthly bulletin, SANS Newsbites weekly bulletin ...
  3. Subscribe to the unisog@sans.org mailing list.
  4. Attend any IDSG-hosted meetings for sysadmins, relevant to your OS.

You probably should also:

  1. Subscribe to the ucb-security@uclink.berkeley.edu mailing list.
  2. Join other sysadmins at our weekly Informal Sysadmin Lunch.