Best practices for implementing security measures

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Best practices for implementing security measures

Limit the ability of users to access your out-of-band infrastructure.

  • When used incorrectly or maliciously, Emergency Management Services and out-of-band management hardware can be made to disrupt the use of a server. To prevent this problem, limit physical access to the server. This will also keep unwanted users from accessing Emergency Management Services through a serial port. To provide this level of physical security, be sure to protect sensitive areas such as racks, computer labs, server farms, and data centers by locking them.

  • Use a terminal concentrator with security features. If you access your servers out-of-band through a terminal concentrator, choose one that provides security when you connect through the network.

  • Select service processors with well-designed security implementations. Service processors can provide improved access mechanisms, such as network interfaces. With these improvements, however, come the added security risks of network access. You must ensure that any service processor you enable provides a secure access mechanism.

  • Consider setting up a separate network dedicated exclusively to management traffic, including that of Emergency Management Services. A separate network for management traffic adds an additional layer of security. Only known, secure management workstations should be granted access to this network and its out-of-band server connections. The management network must not allow any connections to the Internet, and it must authenticate only trusted users.

    For more information, see Remotely administered servers, Service processors, and Terminal concentrators.