What exactly should be implemented to keep the KServer safe? Obviously a hardware firewall and regular backups are in check however what else should be done?
We have a split frontend/backend running on VM's.
For isolation, we only forward 443 and 5721 to the frontend from the outside world. The frontend talks to the SQL, and the SQL only has 1433 open and only accepts traffic on that port from the frontend.
For backups, we use Data Protection Manager to take hourly snapshots of both, but that's probably a bit overkill.
If you really want to go crazy, you could put it behind Threat Management Gateway...
Nothing is overkill and that's definitely secure. Is there anything else that could be done? I'm just making a list of everything and I'm going to implement what I can.