Hey all.
I work for a small manufacturing firm; I am the only person in the IT department.
As of yet, we are simply in the exploratory stage.
We are entertaining the idea of placing bids for government contract work.
One of the requirements for doing so is a separate, secure server for all data pertinent to any jobs we undertake.
I am looking for information on setting up a server to meet these needs.
Specifically, what would/might the government require as proof of a secure system, e.g. hardware, software specifications.
Currently we have a simple windows server system, Symantec AV, Watchguard Firebox - nothing spectacular. I am looking to what would be needed above and beyond this to meet these needs, or any connections/links/sources one would use to investigate ths.
Any insights would be appreciated. Thanks.
If its for the govt and they are serious about securing their system, check and see what is an acceptable OS to use. Solaris is certified, then look up DISA STIG, thats a script I run on our servers every month to check how secure our setup is and to fix any CAT 1,2,3 issues.
Like the dude above said, you should have specs from the govt on what they are looking for, what software has been "blessed" to use on their network assuming the server will be installed on their network etc.
