Security best practices, 76 security best practices – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 76

Security Best Practices

Server administrators must make sure that adequate security measures are
implemented to protect a server from attacks. A compromised server risks the
resources and data on the server and risks the resources and data on other connected
systems. The compromised system can then be used as a base to launch attacks on
other systems within or outside your network.

Securing servers requires an assessment of the cost of implementing security with
the likelihood of a successful attack and the impact of that attack. It is not possible
to eliminate all security risks but it is possible to minimize risks to efficiently deal
with them.

Best practices for server system administration include the following:

Update your systems with critical security patches and updates.

Check for updates regularly.

Install antivirus tools, use them regularly, and update virus definition files and

software regularly.
Although viruses are less prevalent on the Mac platform than on Windows, viruses
still pose a risk.
Restrict physical access to the server.

Because local access generally allows an intruder to bypass most system security,
secure the server room, server racks, and network junctures. Use security locks.
Locking your systems is a prudent thing to do.
Make sure there is adequate protection against physical damage to servers and

ensure that the climate control functions in the server room.
Take additional precautions to secure servers.

For example, enable firmware passwords, encrypt passwords where possible,
and secure backup media.
Secure logical access to the server.

For example, remove or disable unnecessary accounts. Accounts for outside parties
should be disabled when not in use.
Configure SACLs as needed.

Use SACLs to specify who can access services.
Configure ACLs as needed.

Use ACLs to control who can access share points and their contents.
Protect any account with root or system administrator privileges by following

recommended password practices using strong passwords.
For more information about passwords, see “Password Guidelines” on page 77 .

Chapter 4

Enhancing Security