Page 726 - StudyBook.pdf
P. 726
710 Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery
connect to the servers over a slow connection. Even if a fast connection is used
between sites, accessing data may be slower than if they had their own server at that
location. In such cases, a decentralized approach is useful. Placing a server at
external locations allows users to login faster and access specific data from the local
server.
Another advantage of decentralization is fault tolerance. If all servers are in one
room and that room is destroyed by fire or flood, everything is lost.When the
servers are spread out across different locations, it is less likely that a catastrophe will
befall all of them at the same time. If less serious problems occur, such as the link
between branch offices and the main facility where servers are located, users will
still be able to logon and access resources using the server at their branch office.
A problem with decentralized servers occurs when you have to perform certain
tasks necessary to the security and maintenance of the system. For example, data on
a server needs to be backed up, requiring tapes to be put in the backup’s tape drive.
In other cases, a server may freeze and need to be rebooted. If the server is far
enough away, this can leave users cut off from the network for great lengths of
time.To deal with these issues, terminal services or remote control programs can be
used to administer the server from across the network.Administrative authority can
also be delegated to certain individuals in remote locations, so they have the ability
to take care of such issues, and the necessary security clearance to physically access
the servers.The person can be a contact person, serving as the eyes and ears at that
location, informing the administrator of what is appearing on the server’s monitor
when they cannot see it themselves.When incidents arise, the administrator can tell
this person to remove connections to the server, reboot the machine, or other tasks
that would otherwise require the administrator’s physical presence.
Physical security is another issue to consider when deciding on centralized or
decentralized servers. Placing all servers in one location allows the administrator to
better manage security for those machines. One large server room with locks pre-
venting access to unauthorized persons is optimal. Unfortunately, the facilities avail-
able at different locations may not provide the physical space for a secure server
room. In such cases, servers should be locked in cabinets or closets.
In other situations, even closets may not be an option, leaving a less than secure
environment for the machine(s).While this issue was discussed previously in
Chapter 11, it is important to take such concerns into account when deciding
whether to use a centralized or decentralized approach.
Centralized versus decentralized security can also apply to the management of a
network.As mentioned above, some network OSes allow administrators to manage
users across the network through a single interface. By making changes from one
www.syngress.com
