Let's discuss the various security policies:
- The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
- Any service or application not being used should be disabled, wherever possible.
- Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local FileSystem Security.
- The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
- Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.
- Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.
- Access to the server should be in a controlled environment.