Yesterday, I was assisting a new client who was moving into a new office space. In the corner of the room was a system labeled as the department server. My heart sank in IT disbelief. The “server” sat there with at least three glaring issues.
- The administrative password was clearly written on a sticky note on top of the server.
- The server was plugged directly into the wall, without a surge protector.
- An aging, out of warranty, computer was being used as a file server.
These glaring issues constitute a breach of all three of the basic principles of information system security; Confidentiality, Integrity, and Availability.
- Confidentiality & Integrity: To prevent unauthorized personnel from making configuration changes and data modifications or from gaining access to confidential information, active servers should never have passwords written on them.
- Availability: Plugging electronics into an unprotected outlet is unsafe. In the event of a spike, it is possible that components can be permanently damaged. Furthermore, accidents do happen and it is possible for a cable to be accidentally unplugged or knocked out of a power socket. To remediate this hazard, use a quality surge protector with a cable that can be positioned flush to the wall. The optimal solution would be a combination surge suppression and battery backup system that kicks-in in the event of a power failure. Should the battery become diminished, the battery backup system can send a signal to the operating system to gracefully power down, preventing the system from crashing. Without proper electrical power protection, damage to a server can translate into significant downtime, potentially causing monetary loss due to replacement costs, technical service, and lost productivity.
- Availability: Servers should always be upgraded and replaced as their components age and as their warranties expire. Older systems are likely to experience hardware failure. In the event of a problem, warranties and service guarantees ensure that there are appropriate hardware components and technical support staff available to maintain the server and facilitate any repairs or recovery necessary to keep your organization running smoothly.
If your organization has any of these issues, please remedy them immediately. Should you require assistance or a technical consultation, visit http://Layer9.it.