Physically securing the server

  • Article

All networks are vulnerable to on-site attacks, which may include: booting the server from the floppy disk and reformatting the hard disk; opening the computer case and replacing the BIOS chips; removing the hard disk from the server and reading information from it; or replacing keyboards with those that can help monitor everything you type, including passwords. Physically securing the server can help restrict these on-site attacks.

It is recommended that you follow these guidelines to help physically secure the server:

  • Limit user access to the computer running Windows Small Business Server 2003, preferably by only issuing keys to users who need physical access to the server. The server should be bolted down or secured to a rack.
  • Lock the CPU case and ensure that the key is protected. Make a backup key and keep it in a safety deposit box (outside the office).
  • Ensure that the password is not written near the computer (or under the keyboard, for example).
  • Limit the number of people who have access to the server location.
  • Store backup tape drives and tapes in a secure place.
  • Provide secure off-site storage for backup tapes.
  • Protect the server with uninterrupted power sources (UPS). UPS equipment protects the server from temporary power loss that can cause server failure or file corruption.
  • Ensure that all volumes use the NTFS file system.