Howto::High Risk

Introduction

Virginia Tech considers your machine high risk if you store any of the following information on the machine:

• Student records (grades with names)
• Social security numbers
• Credit or debit card numbers
• Financial account numbers
• Medical information
• Passport or visa numbers
• Driver's license numbers
• Export controlled information

Required minimum standards

If your machine is considered high risk, then VT requires the machine to meet a minimum security standard. This standard is constantly evolving. The department offers some services to help meet this standard, such as backup services, monitoring services, and help connecting to VT's central logging service. See the minimum standards for the most up to date information: https://it.vt.edu/content/dam/it_vt_edu/policies/Minimum-Security-Standards.pdf

Backups

The department offers a daily backup solution. Contact Techstaff to get a backup created and help setting up the back up. If the backup is going to include high risk data, then please make sure you tell us! The default backup solution does not support encryption and does not meet the high risk standard.

Monitoring

We recommend using a product called Wazuh to monitor your machine. Wazuh

Central Logging

Sending the machine logs to a central service is required for high risk machines. Virginia Tech offers a central logging service. Contact Techstaff to get help setting this up. Here are some brief instructions to get started in Linux:

• Install the "journalbeat" Some instructions are available here: https://www.elastic.co/guide/en/beats/journalbeat/current/journalbeat-installation-configuration.html
• Copy the VT incommon TLS chain file to the machine somewhere. https://people.cs.vt.edu/carnold/incommon_tls_chain.pem
• Configure journalbeat. To get access to the logs, we will need to request that a new index is created for you. If you don't need access to the logs you can use the index vt_cos-cs which gives Techstaff only access.
• Sample journalbeat configuration:

###################### Journalbeat Configuration Example #########################
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/journalbeat/index.html

journalbeat.inputs:
- paths: []
  fields:
    index: "vt_cos-cs"
    tier: "prod"
    service_id: "edu.vt.cs"
    group: "laa.cs.techstaff"
    name: "my-hostname"
    type: "journalbeat"

output.logstash.hosts:  
  - "log-1.it.vt.edu:5045"
  - "log-2.it.vt.edu:5045"
  - "log-3.it.vt.edu:5045"

output.logstash.ssl.certificate_authorities: ["/etc/journalbeat/certs/incommon_tls_chain.pem"]
processors:
  - add_host_metadata:
      netinfo.enabled: true
      cace.ttl: 5m
  - add_locale:           
      format: offset
logging.level: info
logging.selectors: ["*"]
logging.to_files: false