Securing a server on the domain

Tags:
Security
Servers
We have a 2003 server in our accouting department. It is currently on a mini network in their office. They want to move the server down to the server room and put it on the domain. How can I secure this server so that the accounting department, domain admin and our backups software only have access to this server?
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

If the accounting server is added to an existing domain, then domain administrators and other privileged accounts will have access to the server. The use of ACLs to control access to data will not prevent them from accessing the data simply by giving access to themselves and others. This does not mean that accounting or any other form of sensitive information cannot be added to a domain; it does imply, however, that administrators should be trustworthy and if they are not, then perhaps the real question is whether they should be working for the company to begin with.

You can also request that the server be added into a new domain within the existing forest/tree and use IPSec filtering to restrict the computers that can communicate with the server and any required encryption.

In either case, delegation of control can be granted to members of the accounting group and I would also highly recommend enabling auditing and alerting on the resources contained on the server.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Wrobinson
    Something that I forgot to mention in my previous post is the possibility of using the encrypting file system (EFS) which is native to Microsoft Windows or similar tencryption echnology to preserve the confidentiality of data on the accounting server. This way, even if access to the data is obtained it is not in a readable format.
    5,625 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: