Chapter 10. Security

10. Security

Planning and implementing security is a necessary part of every system administrator's job. Several aspects are involved, among them physical security, password security, firewalls, encryption, virtual private networks, software updates, and log files. Physical security is much the same as it has been since the lock and key were invented, and password security entails using better methods of storing and using passwords. Everything else relates to being connected to a network, because when it comes down to it, a server that isn't connected to a network isn't a server. And while connecting your server to the Internet allows you to provide services reaching the world over, it simultaneously gives miscreants all over the world access to your server. This brings us to two basic security tenets of running a server: Don't turn on services you don't need and don't serve a wider population than you must.

Apple has been very security-conscious with Mac OS X Server. The out-of-the-box configuration has almost no services turned on by default, allowing you to configure your security first and then turn on the services that you need. You'll need some basic services such as SSH over the local subnet to configure your server and remote access to server tools and directory changes. With Mac OS X Server 10.4, Apple provides comprehensive tools to make managing and monitoring the security of your server easier. The underlying services in Mac OS X Server, including Apache, Samba, OpenLDAP, Postfix, and Jabber, are robust, secure, and actively maintained by the open source community and Apple. This combination of tools and services will help you keep your server running securely.