12.6 Summary

Server security is important because servers are the last line of defense against an attacker. While router and firewall security breaches are on the rise, servers are still the number-one target of attackers , and all servers should be configured to be as secure as possible.

The best way to ensure server security is to limit who has access to the server, limit which interface the server can be accessed on, and enforce a strong password policy. If these steps are combined with regular software patch updates, most servers will be relatively secure.

Public servers, such as web and mail servers, are a different story and these servers have special security considerations. These servers have to allow access to anyone , but they can be configured to restrict direct access, except through the required ports, and they can be made to be more secure.

Web and mail server services can also be outsourced to one of many companies that provide this type of service. If an organization does not have the inhouse expertise to manage these servers in a secure manner, outsourcing may be a viable option.

Because servers may provide an attacker access to proprietary company data, it is important to take server security very seriously and monitor the server farm closely for break-ins and attempted break-ins. The sooner an attack is stopped , the less damage the attacker will do.