Five application skills: novices to maintain server security

Today, the protection of important data is getting more and more attention, in recent years, the risk of server security is relatively increased. Whether it is more and more viruses, hackers, or the theft of business practices, the server is the main target for obtaining information. Obviously, the security of the server cannot be ignored.

Here are five tips for maintaining server security.

Tip 1: Start with Basics

When talking about the security of a web server, especially when a hacker attacks an Internet, it first checks for general security vulnerabilities. A more difficult means of breaking through the security system will be considered. Therefore, when the data on the server exists in a FAT disk partition, even if the security software is installed, it will not help the data protection. Therefore, all disk partitions on the server that contain sensitive data are converted to NTFS format, and all anti-virus software needs to be updated in time.
Limiting access to the network

Another good way to protect your network is to limit the time they spend accessing the network based on the time the user stays in the company. For example, a temporary employee who normally works during the day should not be allowed to access the network at 3 am unless the employee's supervisor tells you that it is for a particular project. The main thing is to remember that users need a password when they access anything on the entire network. You must force everyone to use high-intensity passwords consisting of uppercase and lowercase letters, numbers, and special characters.

Tip 2: Protect Your Backups

Every good network administrator backs up the web server every day and keeps records away from the site to protect against accidents. However, the security issue is much more than just a backup. Most people don't realize that your backup is actually a huge security hole.

However, human factors are difficult to control. How can it prevent some people from stealing data from your tape records and recovering them from a server is an important test of security?

While protecting backups effectively, the tape is protected by a password and if the backup program supports encryption, it can be encrypted. Second, change the time when the backup program finishes working. In this case, even if someone wants to steal the tape, it will be meaningless to forcibly take it away because the tape is being used.

Page 2: Setting up a firewall to make security policies

Tip 3: Using callback for RAS

One of the Windows NT system features on the server is remote access ( RAS) support. And a RAS server is also a quick tool for a hacker trying to enter the system. How remote users use RAS is the key. If the remote user often calls the host from a fixed place, using the callback function can ensure that the remote user can disconnect after logging in. The RAS server then dials a predefined phone number to turn the user back on.

Another option is to restrict access to a single server for all remote users. Place the data that the user normally accesses on a special share point on the RAS server. Remote users can be restricted to one server instead of the entire network. In this way, even if hackers enter the host through destruction, they will be isolated on a single machine, where the damage they cause is reduced to a minimum.

Finally, there is another trick to take advantage of protocol changes on your RAS server. Considering the nature and typical use of the TCP/IP protocol itself, RAS also supports the IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can be very good.

Tip 4: Use a Strong Security Policy

To improve security, the job you can do is to develop a good, strong security policy. Make sure everyone knows it and knows it is enforced. Such a policy needs to include severe penalties for an employee who downloads unauthorized software on a company machine.

If you use Windows 2000 Server, specify the user's special usage rights to use your server without having to hand over the administrator's control. A good use is to authorize Human Resources to delete and disable an account. In this way, the Human Resources Department can delete or disable his user account before an employee who is about to leave is fired. At the same time, with special user rights, you can grant this permission to delete and disable accounts and restrict the creation of users or changes to permissions and other activities.

Tip 5: Check firewall settings

The last tip involves carefully checking the firewall settings. Firewalls are an important part of the network because it isolates your company's computers from those on the Internet that might damage them.

First, make sure the firewall does not open up any necessary IP addresses to the outside world. At least one IP address should be used externally for all Internet communications. If you have a DNS-registered web server or email server, their IP addresses may also be visible to the outside world through a firewall.

Secondly, you can check the port list to verify that you have closed all the ports that are not commonly used. For example, TCP/IP port 80 is used for HTTP communication, but perhaps port 81 will never be used so it should be turned off.