Windows system >> Computer software Tutorial >> Server technology  >> Web server

Tips for maintaining Windows web server security

  
        

The malicious network behavior of the network server includes two aspects: one is malicious attack behavior, such as denial of service attack, network virus, etc. These actions are designed to consume server resources, affect the normal operation of the server, and even the network where the server is located. The other is a malicious intrusion, which will lead to the disclosure of sensitive information on the server, and the intruder can do whatever he wants and vandalize the server. Therefore, we must ensure that the security of the network server is to minimize the impact of the network server on these two behaviors.

How to avoid malicious attacks

(1) Build your hardware security defense system

Choose a good security system model. A comprehensive security model should include the following necessary components: firewall, intrusion detection system, routing system, and so on.

The firewall plays a security role in the security system, which can largely guarantee illegal access from the network and data traffic attacks, such as denial of service attacks; the intrusion detection system plays the role of a monitor. Monitor your server portals and intelligently filter out those that are intrusive and offensive.

(2) Use English operating system

You must know that Windows is something of Microsoft in the United States, and Microsoft's things have always been known for bugs and patches. The Chinese version of Bug is far away. Far more than the English version, and the Chinese version of the patch has always been later than the English version, that is, if your server is loaded with the Chinese version of the windows system, you still need to wait a while after the Microsoft vulnerability is announced. Patched, maybe hackers, viruses use this time to invade your system.

How to prevent hacking

First of all, there is no absolutely secure system in the world. We can only avoid being invaded as much as possible to minimize the number of casualties.

(1) Using NTFS file system format

As we all know, the file system we usually use is FAT or FAT32. NTFS is supported by a series of operating systems of Microsoft Windows NT kernel. A disk format designed for management security features such as network and disk quotas, file encryption, and more. In the NTFS file system you can set individual access permissions for any disk partition. Put your own sensitive information and service information on separate disk partitions. In this way, even if the hacker gains access to the disk partition where your service file is located by some means, you need to find ways to break through the security settings of the system to further access sensitive information stored on other disks.

(2) Do a good job of system backup

As the saying goes, "I am prepared", although no one wants the system to be suddenly destroyed, but not afraid of 10,000, I am afraid, in case A good server system backup can be restored in time if it is damaged.

(3) Turn off unnecessary services, only open the port that is open

Close those services that are not necessary, and do local management and group management. Windows system has a lot of default services, it is not necessary to open, it can even be said to be dangerous, such as: the default shared remote registry access (Remote Registry Service), the system a lot of sensitive information is written in the registry, such as Encrypted passwords for pcanywhere.

Close those unnecessary ports. Some seemingly unnecessary ports can indeed disclose sensitive information of many operating systems to hackers. For example, the IIS service that Windows 2000 server opens by default tells the other party that your operating system is Windows 2000. The port 69 tells the hacker that your operating system is extremely It may be a linux or Unix system, because 69 is the port used by the default tftp service under these operating systems. Further access to the port can also return some information about the software and its version on the server, which is a great help for hackers. In addition, open ports are more likely to be the gateway for hackers to enter the server.

In short, doing a good job of TCP/IP port filtering not only helps prevent hackers, but also helps prevent viruses.

4) Software firewall, anti-virus software

Although we already have a hardware defense system, but "something" is not a bad thing.

(5) Open your event log

Although opening the log service does not directly affect the hacker's invasion, but by recording the hacker's whereabouts, we can analyze the intruder. What have been done on our system, what damages and hidden dangers have been caused to our system, what kind of backdoors hackers have left on our systems, and what security vulnerabilities exist in our servers. If you are a master, you can also set up a canister, wait for the hacker to invade, and catch him when he invades.

Web server
Windows system
The IIS server sets the individual user permissions for each site

. First explain why this is the case. Mainly for the security of the server, even if there is a prob
Web server management series: 9, create a password reset disk

The Internet era needs to record too many passwords, accidentally may forget, if the server password
Windows 2003 Vps security settings problem tutorial

        gtedit, select file to export, take a file name, export can, if If the registry fails to be

How to manage IIS7.5

for web server This article introduces simple web site construction and single iis multi-domain na
Modify the AD user password with the password modification function of IIS6.0

        Step 1: Create a virtual directory under the WSS site “IISADMPWD”point to %syste
Web Farm and Network Load Balancing Overview and Architecture Examples

         Web Farm and Network Load Balancing Overview After building multiple Web IIS Web servers i
  • DNS server
  • FTP server
  • Web server
  • Proxy server
  • Mail server
  • Server synthesis
  • About the server

    • BitTorrent (BT) detailed instructions

    How does CentOS use CD-ROM to add and remove programs

    Win10 update installation will be stuck at 44% what to do? Windows10 update installation card in 44% of the solution

    IIS server permissions under WINDOWS

    How to set up the Win7 taskbar to quickly locate no more layers to find files

    Streak tablet exits the US Dell targets windows8

    How to use the touch keyboard

    Genuine also flash back? Synchronization Assistant Flashback Repair Tips

    Win7 bottom right corner prompts this Windows copy is not a genuine problem of the three solutions

    Pre-installed Win7 easily add lock to partition

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved