51
By vigilantly adhering to security policies and practices, you
can minimize the threat to system integrity and data privacy.
Mac OS X Server is built on a robust UNIX foundation that contains many security
features in its core architecture. State-of-the-art, standards-based technologies protect
your server, network, and data. These technologies include a built-in rewall with
stateful packet analysis, strong encryption and authentication services, data security
architectures, and support for access control lists (ACLs).
Use this chapter to stimulate your thinking. It doesn’t present a rigorous planning
outline, nor does it provide the details you need to determine whether to implement
a particular security policy and assess its resource requirements. Instead, view this
chapter as an opportunity to plan and institute the security policies necessary for your
environment.
About Physical Security
The physical security of a server is an often overlooked aspect of computer security.
Anyone with physical access to a computer (for example, to open the case, or plug in
a keyboard, and so forth) has almost full control over the computer and the data on it.
For example, someone with physical access to a computer can:
Restart the computer from another external disc, bypassing any existing login Â
mechanism.
Remove hard disks and use forensic data recovery techniques to retrieve data. Â
Install hardware-based key-loggers on the local administration keyboard. Â
In your own organization and environment, you must decide which precautions are
necessary, eective, and cost-eective to protect the value of your data and network.
For example, in an organization where oor-to-ceiling barriers might be needed to
protect a server room, securing the air ducts leading to the room might also need
to be considered. Other organizations might only need a locked server rack or an
rmware password.
4
Enhancing Security
