Hello everyone,
I have a need to make a new server highly secure....so far this is what my plan is and would be great to get your thoughts and specially ideas on how to make it even more secure:
NO DATA TRAFFIC from the Internet blocked by our company hardware Firewall
Firewall will be configured so that NO DATA TRAFFIC from the server can go outside our local network (Internet).
Access to remote users: Even if a user has remote access to local network (thru VPN), they will still be denied access to the server
I want the server to always be updated offline with the latest service packs/hotfixes/security fixes to ensure security and performance
Local access to the server will be allowed only from SPECIFIC AUTHORIZED computers and users. Would it be more secure to not even join this server to our domain and create a local user accounts on the server for people that will be authorized to access it?
The server will be hardened
The server will have Anti-Virus protection running in the background at all times
File Auditing enabled to see what users who have access to the server are doing with files
DLP enabled to track emailing of files from that server to unauthorized recipients
Email encryption enabled on user's computers
Main concerned is to protect the files that wil be store on the server
Would you create a new VLAN just for the server/users to make it more secure?
Main concern is un-authorized access to server files
Thank you!
