 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 3: Infrastructure Security (Domain 3.0; 20%) 9 3.1 Devices |
|
3.1.12 Servers
(Page 3 of 3)
Physical Security for Servers
Physically, servers are often kept in more secure physical environments than workstations, because their higher value (in terms of their function, data, or hardware itself), need for closer monitoring, or need for being located centrally for ease of performing tasks like backups which can require physical access to the machine if the backup is not performed over the net. This means that the systems aren’t out in the middle of the office, where any user can access the keyboard of a server that a systems administrator didn’t log out of, or boot it with a floppy disk or CD-ROM that would let them access the server’s contents without a proper password.
Another consideration related to server hardware is uptime, or the amount of time the server is performing its job vs. the amount of time it’s down for maintenance, repair, or due to software or hardware glitches (called “downtime”). If a workstation goes down, one user is usually inconvenienced. If a server goes down, potentially hundreds (or more) of users can be inconvenienced by an inability to get their work done, resulting in missed deadlines, idle employees and time spent finding workarounds to the situation.
Another potential result of excessive downtime is that millions of dollars of revenue can be lost, as EBay found out when a 22-hour outage over June 10 and 11, 1999, cost them an estimated $3 million to $5 million in listing fees refunded to sellers and caused a drop of nearly 30% in their stock price.304 Since the stakes are high, there is often tremendous incentive to do whatever it takes, to increase uptime.
Some common measures to increase uptime include:
- Connecting servers to UPS equipment … or
even diesel generators.
- Purchasing “high availability” servers
that support redundant hardware, such as RAID arrays, multiple network
cards, power supplies and fans, and hot swappable components that can
be replaced without shutting the system down.
- Clustering servers so that if one goes down, the others can take over the workload
|
Uptime AnswersSpecific security measures for different types of servers will be discussed in more detail in later sections.
__________________
304. Breymer, Lynn, "Just what I didn't need - a little downtime", http://home.techies.com/Common/Career/199907/Main/Verge070199_m.jsp
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.