Security Best Practices
Server administrators must make sure that adequate security measures are implemented to protect a server from attacks. A compromised server risks the resources and data on the server and risks the resources and data on other connected systems. The compromised system can then be used as a base to launch attacks on other systems within or outside your network.
Securing servers requires an assessment of the cost of implementing security with the likelihood of a successful attack and the impact of that attack. It is not possible to eliminate all security risks but it is possible to minimize risks to efficiently deal with them.
Best practices for server system administration include the following: ÂÂ Update your systems with critical security patches and updates.
ÂÂ Check for updates regularly.
ÂÂ Install antivirus tools, use them regularly, and update virus definition files and software regularly.
Although viruses are less prevalent on the Mac platform than on Windows, viruses still pose a risk.
ÂÂ Restrict physical access to the server.
Because local access generally allows an intruder to bypass most system security, secure the server room, server racks, and network junctures. Use security locks. Locking your systems is a prudent thing to do.
ÂÂ Make sure there is adequate protection against physical damage to servers and ensure that the climate control functions in the server room.
ÂÂ Take additional precautions to secure servers.
For example, enable firmware passwords, encrypt passwords where possible, and secure backup media.
ÂÂ Secure logical access to the server.
For example, remove or disable unnecessary accounts. Accounts for outside parties should be disabled when not in use.
ÂÂ Configure SACLs as needed.
Use SACLs to specify who can access services.
ÂÂ Configure ACLs as needed.
Use ACLs to control who can access share points and their contents.
ÂÂ Protect any account with root or system administrator privileges by following recommended password practices using strong passwords.
For more information about passwords, see “Password Guidelines” on page 77 .
76
