If you think of your servers as your network command center, it's easy to understand why it is mission critical to keep servers safe from unwanted access. Once your servers are compromised, your entire network is at risk. While some unwanted access to servers is merely annoying, others can cause serious damage. To protect your organization, protect your servers.
If you're a small government organization, you might not have more than a server or two. But no matter how few or how many servers you are running, your network relies on them. Servers serve the applications, Web pages, and e-mail messages your team needs to do their jobs. Servers store valuable and/or confidential information resources. They provide a means for your stakeholders and citizens to communicate with you—perhaps even procure and provide goods or services.
So if your servers are down, you lose productivity. And you jeopardize important relationships you’ve fostered with key stakeholders, including public citizens, your employees, other government offices, and private sector contractors and suppliers. Basic steps you can take
Many of the procedures already discussed can help protect your servers, too. So if you haven't taken care of the following, make these steps a priority:
- Step 1: Protect your desktops and laptops
- Step 2: Keep your data safe
- Step 3: Use the Internet safely
- Step 4: Protect your network
Even with security-enhancement measures addressed, there is more you can do to protect your servers.
1. Keep your servers in a safe place. Public organizations must make sure that their servers are not at risk to physical calamities. Locate these computers in a secure, well-ventilated room, not in a hallway or under a desk where someone might inadvertently kick or spill coffee on them—or mischievously tinker with them. Your server room should have no windows and a single door you can lock. Server cases should also be locked to prevent tampering with internal components. Know what employees have keys to the server room. You should also keep a record of the serial numbers of your servers and mark them with your organization’s information, so they can be identified and recovered if stolen.
2. Practice least privilege. With Microsoft Windows 2000 Server, Windows Server 2003, and Windows Small Business Server 2003, it is possible to assign users different permission levels. Rather than giving all users Administrator access (which is not a best practice for maintaining a security-enhanced environment for PCs or servers), you should use your servers to manage client PCs. Windows servers can be configured to give individual users access to specific programs only, and to define what user privileges are allowed on the server. This helps to ensure users can't make changes in areas that are critical to the server or client PC operation. It also prevents users from installing software that might introduce a virus or otherwise compromise the integrity of your network.
3. Understand your security options. Today's servers are more security enhanced than ever. But the powerful security settings you find in Microsoft Windows server products are only good if they are used appropriately and monitored aggressively. If your team doesn't have an IT specialist and/or expertise in security issues, consider contracting with an outside consultant to work with you to appropriately protect your servers.
4. Run the Security Configuration Wizard (SCW) found with Windows Server 2003 Service Pack 1. SCW provides guided at-risk surface reduction for your servers and is highly recommended for creating security policies for servers based on their roles. You can learn more about SCW by doing a search on Microsoft.com. | |
