Best Practices for Enhanced Server Performance and Security
A framework of best practices, recommendations, and other preparatory tasks can enable your Security Manager server to run faster and more reliably.
Caution |
We do not make any assurances that completing the tasks in this checklist improves the performance of every server. Nonetheless, if you choose not to complete these tasks, Security Manager might not operate as designed. |
You can use this checklist to track your progress while you complete the recommended tasks.
Task |
|||
1. Find and organize the installer applications for any recommended updates, patches, service packs, hot fixes, and security software to install on the server. |
|||
2. Upgrade the server BIOS if an upgrade is available. |
|||
3. Cisco recommends that you do not install any other product on the Security Manager Server. If you plan to install Security Manager on a server that you have used for any other purpose, first back up all important server data, then use a boot CD or DVD to wipe all data from the server. We do not support installation or coexistence on one server of Security Manager 4.24 and any release of Common Services earlier than 4.2.2. Nor do we support coexistence with any third-party software or other Cisco software, unless we state explicitly otherwise in this guide or at http://www.cisco.com/go/csmanager . |
|||
4. Security Manager can have multiple network interface cards but teaming multiple NICs for load balancing is not recommended. |
|||
5. Perform a clean installation of only the baseline server OS, without any manufacturer customizations for server management. |
|||
6. Install any required OS service packs and OS patches on the target server. To check which service packs or updates are required for the version of Windows that you use, select Start > Run, then enter wupdmgr.
|
|||
7. Install any recommended updates for drivers and firmware on the target server. |
|||
8. Scan the system for malware. To secure the target server and its OS, scan the system for viruses, Trojan horses, spyware, key-loggers, and other malware, then mitigate all related problems that you find. |
|||
9. Resolve security product conflicts. Study and work to resolve any known incompatibilities or limitations among your security tools, such as popup blockers, antivirus scanners, and similar products from other companies. When you understand the conflicts and interactions among those products, decide which of them to install, uninstall, or disable temporarily, and consider whether you must follow a sequence. |
|||
10. “Harden” user accounts. To protect the target server against brute force attacks, disable the guest user account, rename the administrator user account, and remove as many other user accounts as is practical in your administrative environment. |
|||
11. Use a strong password for the administrator user account and any other user accounts that remain. A strong password has at least eight characters and contains numbers, letters (both uppercase and lowercase), and symbols.
|
|||
12. Remove unused, unneeded, and incompatible applications. For example:
|
|||
13. Disable unused and unneeded services. At a minimum, Windows requires the following services to run: DNS Client, Event Log, Plug & Play, Protected Storage, and Security Accounts Manager. Check your software and server hardware documentation to learn if your particular server requires any other services. |
|||
14. Disable all network protocols except TCP and UDP. Any protocol can be used to gain access to your server. Limiting the network protocols limits the access points to your server. |
|||
15. Avoid creating network shares. If you must create a network share, secure the shared resources with strong passwords.
|
|||
|