Скачать в pdf «Network+»

Mail Servers Provide each person with their own e-mail mailbox, and attach an individual network account to each mailbox. If several people need to access a mailbox, do not give all of them the password to a single network account. Assign privileges to each person’s network account. You can then track activity to a single person, even with a generic address such as

DMZ Use a demilitarized zone for all publicly viewable servers, including web servers, FTP servers, and e-mail relay servers. Do not put them outside the firewall. Servers outside the firewall defeat the purpose of the firewall.

Mail Relay Use a mail-relay server for e-mail. E-mail traffic should not go straight to your production servers. That would enable a hacker to directly access your server as well. Use a relay server in a DMZ.

Patches Make sure that the latest security updates are installed after being properly tested on a non-production computer.

Backups Store backup tape cartridges securely, not on a shelf or table within reach of someone working at the server. Lock tapes in a waterproof, fireproof safe, and keep at least some of your backups offsite.

Modems Do not allow desktop modems for any reason. They allow users to get to the Internet without your knowledge. Restrict modem access to approved server-based modem pools.

Guards In some cases, security guards are necessary. Guards should not patrol the same station all the time. As people become familiar with an environment and situation, they tend to become less observant about that environment. Thus, it makes sense to rotate guards to keep their concentration at the highest possible levels. Guards should receive sufficient

Скачать в pdf «Network+»