Let's discuss the various security policies:

1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
2. Any service or application not being used should be disabled, wherever possible.
3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local FileSystem Security.
4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
5. Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.
6. Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.
7. Access to the server should be in a controlled environment.