Server-Level Security

In the previous chapter, we discussed how to build a secure network infrastructure. In this chapter, we will discuss how to build and ensure security for servers inside a secure network.

Server/computer security is a critical part of the infrastructure for running business smoothly. Information security has evolved over the years due to an increasing dependency on public networks not to disclose personal, financial, and other restricted information. Consequently, it becomes important to maintain data confidentiality, integrity and availability. This chapter focuses on securing data and implementing various policies to secure a server infrastructure.

We will cover the following topics in this chapter:

• Classification of data
• Physical security
• Disk encryption
• Hardening server security
• Authentication NTLM versus Kerberos
• Password policies
• Server-level permissions
• Server antivirus and malware protection
• Local security policies