Basics of Dedicated server administration:

First of all, lets go through a list of general recommendations for all operating systems. The list is by no means comprehensive, but they are probably the most basic list of tasks & preventive maintenance tips that you will have to follow to keep your server up & running in top condition.

Set up authentication & account management before connecting to the network

• All accounts should have strong passwords.
• Administrative or root accounts should have even stronger passwords or passphrases.
• Only use the administrator or root account when absolutely necessary.
• Assign a unique administrative account and password to each individual to better distinguish activities between multiple administrators.
• Use different passwords for administrator or root and general user accounts.
• Force new users to change their passwords when they first login.
• Regularly review the access list or log for users, especially of root and groups. Look for unexpected rights or changes.
• Limit the use of the same password across dissimilar systems (use of the same password on a less secure system may endanger a more secure system).
• Disable or delete old or unused accounts that belong to people who no longer need access.
• Be sure to have a plan and process for securing administrator and root passwords that allows appropriate access to the server in case of illness, turnover, or unforeseen circumstances.

Install and patch the operating system before connecting to the network

• Run software that is current. The operating system and other software should be vendor supported for security patches.
• When installing software, make sure to only install software that is needed, making sure to install the latest versions of all software including all recommended and security patches that are available.
• Download patches to another Server and put on CD or obtain patches for Windows from the Microsoft website by ordering a CD version [If available].

Run minimum number of services

• Each server should only have the minimal number of services needed for its role.
• Make sure to configure all installed software, disable all unused features and be sure to limit the availability of any features that are enabled.
• Disable Telnet and FTP. Use SSH instead,

Install filters or firewall

• Install and configure a packet filtering utility such as TCP wrappers or a software or hardware firewall to protect individual services.
• The rules should reflect the acceptable use and security policies that have been defined for the Server.
• Operating system filters that deny or permit certain traffic should be used if available (e.g., most Unix and recent Windows versions).
• Periodically review the filters.

Set up and review logs

• Configure all services so that they log all connections and authentication information. Forward all of these logs to another secure computer if possible.
• Someone should be assigned the responsibility to periodically review and as appropriate follow up on possible security violations identified in the system logs.

Install security related software

• Install security related software on each Dedicated Server, as appropriate to the level of security needed.
• Install anti-virus or other virus filtering software with daily updating for the latest virus definitions.
• Install VPN encrypted tunnel if unable to install SSH or when clear text is a security risk.

Maintain backups and operational continuity

• Run back-ups regularly and periodically store off-site.
• Test the restore capability periodically.
• Use a “secure deletion” program to erase data from hard disks and media after done using and prior to transfer or disposal of hardware storing “not public” data.

Bookmark To: