So in addition to enabling encryption on your server, you should take extra
security precautions. For example, put the server machine into a secure room, and
don't allow individuals you don't trust to upload programs to your server.
The following sections describe the most important things you can do to make your
server more secure:
•
Limit Physical Access
•
Limit Administration Access
•
Choosing Solid Passwords
•
Changing Passwords or PINs
•
Limiting Other Applications on the Server
•
Preventing Clients from Caching SSL Files
•
Limiting Ports
•
Knowing Your Server's Limits
•
Making Additional Changes to Protect Servers
Limit Physical Access
This simple security measure is often forgotten. Keep the server machine in a
locked room that only authorized people can enter. This prevents anyone from
hacking the server machine itself.
Also, protect your machine's administrative (root) password, if you have one.
Limit Administration Access
If you use remote configuration, be sure to set access control to allow
administration from only a few users and computers. If you want your
Administration Server to provide end-user access to the LDAP server or local
directory information, consider maintaining two Administration Servers and using
cluster management, so that the SSL-enabled Administration Server acts as the
master server, and the other Administration Server is available for end-users'
access.
For more information regarding clusters, see "About Clusters," on page 137.
Considering Additional Security Issues
Chapter 5
Securing Your Enterprise Server
129