Sommaire: Support de cours Securing Network Servers

Preface
Securing Network Servers
1. Develop a computer deployment plan that includes security issues.
2. Include explicit security requirements when selecting servers.
3. Keep operating systems and applications software up to date.
4. Offer only essential network services and operating system services on the server host machine.
5. Configure computers for user authentication.
6. Configure computer operating systems with appropriate object, device, and file access controls.
7. Identify and enable system and network loggin mechanisms.
8. Configure computers for file backups.
9. Protect computers from viruses and similar  programmed threats.
10. Configure computers for secure remote  administration.
11. Allow only appropriate physical access to  computers.

Extrait du support de cours Securing Network Servers

Preface
This document is one of a series of publications of the Software Engineering Institute at Carnegie Mellon University called security improvement modules. They are intended to provide practical guidance to help organizations improve the security of their networked computer systems.
Module structure
Each module addresses an important but relatively narrowly defined problem in network  and system security. The first section of the module describes the problem and outlines a  set of security improvement practicesto help solve it. Each practice is a recommended  way of performing common tasks related to the secure operation of networked computer  systems.
The remaining sections of the module are detailed descriptions of the practices. Each  includes a rationale for the recommended actions and a description of how to perform  them.
Intended audience
The practices are primarily written for system and network administrators whose day-to-day activities include installation, configuration, and maintenance of the computers and  networks. Occasionally, practices are written to assist the managers responsible for network and system administration.
Revised versions
Network and system technologies continue to evolve rapidly, leading to new security  problems and solutions. Modules and practices need to be revised occasionally, so to  permit more timely publication of new versions, we also publish them on the World Wide  Web. At the end of each section of this document is the URL of its Web version.
Acknowledgments
Updates to this report and the effort to produce it were sponsored by the US Air Force Computer Resources Support Improvement Program (CRSIP) in collaboration with the Air Force Information Warfare Center (AFIWC). The original version (February 1999) of this report and the effort to produce it were sponsored by the U.S. Land Information Warfare Activity (LIWA).
Securing Network Servers
The development of computer networks has resulted in an important class of computers:
network servers. The primary purpose of these machines is to provide services, including both computational and data services, to other computers on the network.
Because of their service role, it is common for servers to store many of an organization’s most valuable and confidential information resources. They also are often deployed to provide a centralized capability for an entire organization, such as communication (electronic mail) or user authentication. Security breaches on a network server can result in the disclosure of critical information or the loss of a capability that can affect the entire organization. Therefore, securing network servers should be a significant part of your network and information security strategy.
Many security problems can be avoided if servers and networks are appropriately configured. Default hardware and software configurations are typically set by vendors to emphasize features and functions more than security. Since vendors are not aware of your security needs, you must configure new servers to reflect your security requirements and reconfigure them as your requirements change.
A note on terminology
The term “server”is used in this module to mean the combination of the hardware,operating system, network service, application software, and network connection. When it  is necessary to be more specific, we explicitly mention one of these five components.
Although this module focuses on securing network servers, many of the practices are also applicable to securing workstations or other computers on your network. To make it easier for these practices to appear in other modules, we use the word “computer”to mean workstations, servers, or other computers. At times, we differentiate between guidance for workstations and guidance for network servers.
Who should read these  practices
These practices are applicable to your organization if
• you operate or plan to operate a networked system of workstations that depend on servers for information or computation services
• you operate or plan to operate a public network server (such as a public Web site) connected to an external network (such as the Internet)
We assume that you have the following security requirements for information resources stored on these servers:
• Some or all of the information is sensitive or proprietary. Access must be limited to authorized and properly authenticated users (inside or outside of your organization).
• The integrity of this information is critical. It must not be compromised; that is, not modified by unauthorized users or processes operating on their behalf.
• That information must be readily accessible by authorized users whenever they need it in the course of their work.

………

Si le lien ne fonctionne pas correctement, veuillez nous contacter (mentionner le lien dans votre message)
Support de cours Securing Network Servers (609 KO) (Cours PDF)