Server-Level Security - Additional Security Mechanisms
(Page 6 of 7 )
In an insecure world, a server is only as secure as the software that runs on it. Windows Server 2003 is the most secure Windows yet, and includes many built-in mechanisms to keep a server secure. Additional security considerations such as antivirus options and backup should be taken into account, however, as they directly affect the overall security of the operating system itself.
Antivirus Precautions Viruses may be one of the most dangerous threats faced by servers. Many viruses are written to specifically exploit key vulnerabilities that are present in server infrastructure. Others infect files that may be held on a server, spreading the infection to clients who download files. Consequently, it is extremely important to consider the use of an enterprise antivirus solution on all file servers in a network. All the major antivirus manufacturers include robust file-level scanners, and file servers should consider using them.
An aggressive plan should be in place to keep antivirus patterns and engines up to date. Because virus outbreaks can wreak havoc worldwide in a matter of hours, rather than days, it is wise to have servers check for updates daily.
Note - It is not necessary or wise to enable an always-on antivirus scanner on non-file servers. These types of scanners continually scan all open files that are in use and are best used only on file servers or workstations. Although including periodic scans of system components on other servers is not a bad idea, the fact that utility servers or domain controllers do not physically store user data keeps them relatively free from the effect of file-level viruses. In addition, the processor utilization of these always-on virus scanners can affect the performance of these servers.
Deploying Backup Security Although the need for a backup strategy may seem obvious to most people, it is often surprising to find out how inadequately prepared many organizations are in regard to their backups. All too often, a company will discover that it is very easy to back up a server but often more difficult to restore. In addition to disaster recovery issues, the issue of backup security is often neglected.
File server backups require that an authenticated user account with the proper privileges copy data to a storage mechanism. This requirement ensures that not just anyone can back up an environment and run off with the tape. Keeping this point in mind, the tapes that contain server backups should be protected with the same caution given to the server itself. All too often, a big pile of server backup tapes is left out on unsecured desks, and there is often no mechanism in place to account for how many tapes are in which location. Implementing a strict tape retention and verification procedure is subsequently a must.
Next: Using Software Update Services >>
More MS SQL Server Articles
More By Sams Publishing
|
 This article is excerpted from chapter 12 of MS Windows Server 2003 Unleashed 2nd edition, written by Rand Morimoto (Sams, 2004; ISBN: 0672326671). Check it out at your favorite bookstore. Buy this book now.
|
|
