Server Security Policies
Local area networks (LANs) have become the repository of mission-critical information at many major organizations, the information processing backbone at most large organizations, and the sole implementation avenue for IP efforts in smaller concerns. LANs are a key part of critical information processing, and servers are the heart of LANs. The need for proper server security is (or at least certainly should be) obvious. Security policies are a prerequisite to proper security. They provide direction; they treat all areas necessary for proper security; and, possibly most important because it’s so rarely recognized, they provide a means for consistency. Without direction, completeness, and consistency, security can always be trivially breached. Servers are parts of networks, networks are parts of information processing structures, and information processing structures are parts of organizational operations. While this chapter deals with server security policies, all other security areas must be dealt with in an organization’s full security policies statement.