Establishing Minimum Server Security
- Physical Security Concepts
- Server Location and Physical Access
- Network Topology
- BIOS and Console Passwords
- Media and Boot Security
- Anti-Theft Devices
- Summary
Before you even install Apache, you'll face several critical security issuesno matter what operating system you use. These issues are physical threats to your hardware and your host, generally. In this short chapter, we'll race through the following issues:
Physical security concepts
Server location and access
Network topology
BIOS and console passwords
Media and boot security
Biometric access controls
Anti-theft devices
Physical Security Concepts
Your Apache system will face many threats, but of these, physical threats loom largest. This is because when someone has physical access, they can damage portions of your system and information infrastructure that remote attackers cannot reach.
The usual suspects:
Malicious local users
Disgruntled employees
Vandals or thieves
When administrators contemplate physical security, they typically think in purely catastrophic terms, mulling accidents, disasters, and theft. This is sensible, because all three are legitimate threats. However, catastrophes are worst-case scenarios from which a system cannot recover. Many less-than-catastrophic physical security breaches pose dangers not so obvious, and new administrators often overlook them.
Indeed, many physical security breaches leave no evidence trail. To appreciate this, think now of the machines you use in the normal course of business. These are likely located in your office or home. Each day, you boot these machines or login assuming that in your absence, they sat quiet and undisturbed. What if they didn't?
What if, while you grabbed lunch, someone logged in and perused your files? Would you know it? This unpleasant scenario provokes suspicion, and rightly so. You, like most users, no doubt store sensitive data on your system. You'd hardly want others rifling through it. Let's run through a few pointers on how to prevent this.