On-Going Support Activities
After the initial server configuration and deployment, it is still essential to conduct periodic maintenance of the Member Server in order to verify its reliable and secure operations. Several areas of concern are addressed below.
After the initial server configuration and deployment, it is still essential to conduct periodic maintenance of the Member Server in order to verify its reliable and secure operations. Several areas of concern are addressed below.
User Privacy/Confidentiality
Administrators carry advanced computer privileges. With these privileges, comes the responsibility to ensure privacy in accordance with the University Computer Code of Ethics and the University Privacy Policy.
Restrict Administrator Privileges
Since Administrator access is critical to the security of the Member Server, it is important to protect this access. Several suggestions for protecting the Administrator Account:
- Use Strong Passwords as recommended by the Computer Services Guidelines.
- Change your passwords regularly.
- Do NOT share passwords with multiple users.
- Limit the number of people with Administrator Access.
- Run as a non-privileged user for daily procedures. Elevate procedures with the “Run As” option when necessary.
Keep the Patches Current.
Most security compromises are caused by administrators failing to apply security patches. As mentioned above, there are a number of good tools and resources for ensuring the security of the Member Server. It is essential that security is an on-going activity and patches should be updated weekly or more frequently when critical vulnerabilities are announced.
Review Event Logs
A good administrative practice is to become familiar with the logs by checking them routinely. The security logs can provide insights into potential vulnerabilities. The Application and System logs can point out configuration or hardware issues. Check your Event Logs as part of an on-going routine. The event logs can be viewed using the event viewer tool via:
Start Menu->Run…->eventvwr.msc
Disk Defragmenting
The nature of hard disk storage often leads to data fragmentation because files are frequently being created and removed from the storage device. Windows 2000 has a built in defragmenting tool that can reduce the file fragmentation and increase disk performance. It is important to defragment your Server Disks periodically.
Trouble-shooting
Windows 2000 and Active Directory is a powerful environment and can lead to complicated trouble-shooting issues. This section attempts to provide some suggestions, and tools that can help trouble-shoot these issues.
Resource Kit
The Microsoft Windows 2000 Resource Kit contains a number of utilities that are very important for computer management in a Windows environment. Some of the Resource Kit tools are available for free download, but most are bundled with the purchased manuals as available via Amazon.com
Vulnerability Scanners
After the server has been configured, it should be tested for vulnerabilities with a Network and Vulnerability Scanner. The Retina scanner is a robust, but pricey tool. Foundstone’s SuperScan is a free scanning tool. Gibson Research produces the ShieldsUp utility. Microsoft has produced the MBSA tool that assesses weaknesses and helps guide administrators in securing their systems.
.
0 comments:
Post a Comment