12.1. General Server Security Guidelines
There are two goals in the security process of any server: Allow authorized users to access the information they need, while preventing unauthorized users from gaining information they should not have. These goals seem to be almost polar opposites; an administrator has to let a user access his or her files, at the same time an attacker has to be prevented from accessing them. Considering that an attacker may be another employee who does have legitimate access to the server, it is easy to understand why server administrators are sometimes grumpy.
12.1.1. Server Construction
The first place to start with server security is the server itself. Remember, redundancy, scalability, and availability are critical ...