The National Institute of Standards and Technology (NIST) recently finalized a publication that provides an excellent overview of server security. The “Guide to General Server Security” (SP800-123) is intended to “assist organizations in installing, configuring, and maintaining secure servers.” Topics include:
- Server vulnerabilities and threats
- Basic server security steps
- Server security principles
- Server security planning
- Securing the server operating system
- Securely installing the server software (for example, web server software)
- Maintaining the server security over time
- Remotely administering the server
This document does not provide detailed step-by-step instructions, nor does it cover topics unique to a specific operating system. Rather, it’s a general overview that helps make sure all the bases are covered when setting up a server. System administrators, both new and old, are encouraged to read this publication and update their current procedures to ensure that their server environments and the data stored on them are properly secured.
NIST has published many excellent documents on IT security in their “Special Publications 800 series” that have formed the basis of many security policies and procedures at the federal and state level, and at K-State. All are available for download at no cost.