Server Security

Servers are vital to a library's network, especially when providing access to key library services such as the catalog or circulation systems. This is doubly true whenever a server is accessible over the Internet, because it becomes accessible to people outside the library as well as those within. Unfortunately, the important role servers play in a network also exposes them to greater risk.

Servers must be protected at many different levels. First of all, the network itself must be protected by a firewall from unwarranted intrusion. Second, the operating system of the server must be hardened, and the server applications themselves must be protected from vulnerabilities. Finally, authentication should be employed to ensure that only authorized, valid users can access the system.

In addition, you should:

  • Install Anti-Virus Software - Nearly all the major vendors of anti-virus software have products that are appropriate for use on servers. Be sure to keep anti-virus virus definition files up-to-date.
  • Provide Physical Security for the Server - It is important to place servers in a secure location, such as in a locked room with environmental controls. To further protect a server, place it in a lockable cage or ensure that its case is always locked. When it is not in use, lock (password protect) the server console as well.
  • Review Server Logs Periodically - The first thing an intruder will do is wipe out signs of their activity in the log files. To ensure you will always have access to log files, use a log file monitor utility which monitors log files for signs of intrusion or security violations.
  • Protect the File System - Restrict access to the directory structure using file or directory permissions.
  • Make Regular Backups - Servers are not only vulnerable to viruses and hackers; they are also vulnerable to disasters such as fire or flood. If a server is destroyed by a disaster, it is important that you have backups available of the data as well as installation software. Having a hard copy of server hardware specifications as well as installation information and passwords is also a good idea. To avoid the possibility of your backup media and documentation being destroyed by the same disaster, these items should be stored at an offsite location at least 5 miles distant from the server itself.
  • Implement Fault Tolerance - Fault tolerance is a redundancy solution that ensures up time. If one system (such as a hard drive or the computer itself) should fail, then there is a backup system that immediately takes over.
  • Install Intrusion Detection Software and/or Host Auditing Software - Host auditing and intrusion detection software monitors servers or computers for signs of intrusion. An example of a host auditing product for Windows and Unix servers is eTrust Audit. From a central console, it monitors servers throughout a network for signs of intrusion. Another product, Tripwire, monitors the integrity of files and directories of servers and notifies the administrator of changes.

Next: Email & Web Servers