Novell ZENworks Endpoint Security Management 3.5 사용자 설명서
ZENworks® ESM 3.5
Administrator’s Manual
18
Securing Server Access
Physical Access Control
Physical access to the Management Server should be controlled to prevent access by unauthorized
parties. Measures taken should be appropriate to the risks involved. There are multiple available
standards and guidelines available, including NIST recommendations, HIPAA requirements, ISO/
IEC 17799, and less formal collections of recommendations such as CISSP or SANS guidelines.
Even when a given regulatory frameworks is not applicable, it may still act as a valuable resource
and planning guide.
parties. Measures taken should be appropriate to the risks involved. There are multiple available
standards and guidelines available, including NIST recommendations, HIPAA requirements, ISO/
IEC 17799, and less formal collections of recommendations such as CISSP or SANS guidelines.
Even when a given regulatory frameworks is not applicable, it may still act as a valuable resource
and planning guide.
Disaster Recovery and Business Continuity: Disaster Recovery and Business Continuity
mechanisms to protect the Management Server should be put in place to protect the server if an
organizational risk assessment identifies a need for such steps. The mechanisms best used will
depend on the specifics of the organization and its desired risk profile, and cannot be described in
advance. There are multiple available standards and guidelines available, including NIST
recommendations, HIPAA requirements, ISO/IEC 17799, and less formal collections of
recommendations such as CISSP or SANS guidelines.
mechanisms to protect the Management Server should be put in place to protect the server if an
organizational risk assessment identifies a need for such steps. The mechanisms best used will
depend on the specifics of the organization and its desired risk profile, and cannot be described in
advance. There are multiple available standards and guidelines available, including NIST
recommendations, HIPAA requirements, ISO/IEC 17799, and less formal collections of
recommendations such as CISSP or SANS guidelines.
Network Access Control
The Management Server can be further protected from unauthorized access by restricting network
access to it. This may take the form of some or all of the following:
access to it. This may take the form of some or all of the following:
•
restricting incoming connection attempts to those IP addresses from which a valid
access attempt might be expected;
access attempt might be expected;
•
restricting incoming connection attempts to those ports and protocols from which a
valid access attempt might be expected;
valid access attempt might be expected;
•
restricting outgoing connection attempts to those IP addresses to which a valid access
attempt might be expected; and/or
attempt might be expected; and/or
•
restricting outgoing connection attempts to those ports and protocols to which a valid
access attempt might be expected.
access attempt might be expected.
Such measures can be imposed through the use of standard firewall technology.
High Availability
High Availability mechanisms for the Management Server should be put in place if an
organizational risk assessment identifies a need for such steps. There are multiple alternative
mechanisms for building high availability solutions, ranging from the general (DNS round-
robining, layer 3 switches, etc.) to the vendor specific (the Microsoft web site has multiple
resources on high availability web services). Those implementing and maintaining an ESM
solution should determine which class of high availability solution is most appropriate for their
context. It should be kept in mind that the Management Server has been architected to function in
non-high-availability situations, and does not require High Availability to provide its services.
organizational risk assessment identifies a need for such steps. There are multiple alternative
mechanisms for building high availability solutions, ranging from the general (DNS round-
robining, layer 3 switches, etc.) to the vendor specific (the Microsoft web site has multiple
resources on high availability web services). Those implementing and maintaining an ESM
solution should determine which class of high availability solution is most appropriate for their
context. It should be kept in mind that the Management Server has been architected to function in
non-high-availability situations, and does not require High Availability to provide its services.