160 likes | 285 Views
Discussion on best practices with Microsoft servers and some common sense tips. IT Professionals SIG Larry Copeland February 16, 2008. Larry Copeland – SIG Leader. Over 20 years experience with enterprise systems from Mainframes, minis, LANS, down to Pocket PCs.
E N D
Discussion on best practices with Microsoft servers and some common sense tips IT Professionals SIG Larry Copeland February 16, 2008
Larry Copeland – SIG Leader • Over 20 years experience with enterprise systems from Mainframes, minis, LANS, down to Pocket PCs. • Holder of two bachelor’s degrees (History and Comp Science) • Training in Apple, DELL/EMC, IBM, Novell, and Microsoft products • Currently employed full time by a local university that can’t be named due to security concerns. Job function is mostly system administration with some consulting and project management.
Larry Copeland – SIG Leader • Past employers include Litton Industries, Piggly Wiggly, Kraft Foods, Hunt Oil Company, CSSI (Now Buchanan Associates),Textron, EDS, Perot Systems, BancTec and 3 Texas universities. • Started IBM PC User’s Group at East Texas State University while a student • Have been in and out of the NTPCUG since the early 90s • Believer in the User Group Concept of users helping users
Secure the server physically • Lock access doors • Lock server case • Screen saver password • Keyboard lock • Fingerprint scan
Firewalls • Router – Cisco Pix • Software – Checkpoint • Server - ISA
Environmental Security • Air control • Control the hot spots • Temperature control • Control physical access • Video –funny accident in a server farm http://www.youtube.com/watch?v=3jnqieV0m_s
Check the power • UPS • Power conditioner • Diesel Power generators
When building many servers • Consider using a standard image • Makes it easy to restore • Microsoft Automated Deployment Service is one way to do this
Server names ( Microsoft code names) Some names to avoid: • Payroll Server • Customers • Inventory Accounts • Hard to spell names Some Cool names: • Animal names – cougar, lion, tiger, etc • Enterprise, Zorg, Xfiles, Captain Kirk
Administrator accounts • Using care on who gets server admin rights – harder to keep system under control • Local admin name – probably should be renamed
Firmware updates • Check with hardware vendor • Perc – Dell • Flash drivers for HBAs
Software patches • Test before installing • Push through automated process • Zen works • WSUS • SMS
Backups • Make sure they run • Test occasionally
Virus Protection • Making sure it is up to date • Make sure it is turned on • Read system notes
FTP • Use Care (Data is sent in clear text) • Can use a Secure FTP Document, document, document • Put in some Visio diagrams • Inventory hardware
Upcoming presentations • Certificate Discussion (New Horizons) Mar 15 • Enterprise Server Trends Apr 19 • IT Security (David Wood) May 17 • Server Automation June 21 • Network Applications July 19