The rise of e-commerce has enabled many SMEs to have their own servers. Internally used to establish a local area network, improve office efficiency; establish a website externally, more widely publicize corporate products and images, and strive for more customers. However, as the core product of the network, server technology is relatively complicated, especially in the era of virus-raging networks, security issues are more prominent. I have been managing the server in the company and checking its security for some time. I have accumulated some experience in the actual work and hope to share it with you.
a, enhance overall network security
many network management often existence of such errors in the maintenance of network security, as long as the stand-alone server patched, installed a protective wall, the operating system upgrade on a regular basis You can rest easy. In fact, many hackers and viruses do not directly attack the server, but attack the entire network by invading other computers as a springboard. At present, many networks are managed by domain. Once a hacker or virus successfully invades a computer with a trust relationship with the server, it will become very simple to attack the server from this computer. Therefore, it is necessary to verify the security of the entire network.
first is security management, from a management point of view, the use of textual material specification of rules and regulations, various behavioral constraints for computer networks, such as prohibiting employees casually downloading illegal procedure prohibit outside network administrator Personnel enter the central computer room, improve the network administrator's duty system and so on.
followed by security technology, from a technical point of view, using a variety of software and hardware, a variety of techniques and methods to manage the entire computer network, security, anti-virus software and firewalls to secure a two-pronged network.
both are indispensable, imagine if the only security technology support without any constraint on the rules and regulations, even if just started doing security is in place, but the staff free to download illegal software, just turn off the antivirus software The protection of the entire network, the entire network security is in vain. And only strict regulations without technology as support, viruses and hackers will easily invade through network vulnerabilities. Therefore, both security management and security technologies complement each other. Network administrators must grasp both aspects and must be hard.
Second, to strengthen the local file server security level format
current server is windows2000 used above, so to strengthen the security level on the need to use user permissions feature windows2000server provided according to each user The characteristics of the server are specifically used to create special access rights to the access server, thereby avoiding the security risks caused by the use of unified access server permissions.
order to secure the server first to make an issue of native file format, is about to convert FAT format to a higher safety factor NTFS file format. After all, for hackers, the data stored in the FAT format disk partition is easier to access than the data stored in the NTFS format disk partition, and it is more vulnerable to damage. In addition, all security software and encryption software are also for NTFS format. Said, the protection of the FAT format is very weak. In addition
best use specialized network testing software for the operation of the entire network 7 * 24 hours of continuous monitoring, with particular attention to the "illegal invasion" and report both "working on the server" The company I work with uses IISLOCK to monitor the normal operation of the web server and MRTG to detect traffic across the network.
Third, back up data regularly
data protection is a very important issue, maybe the server's system did not crash but the data loss occurs inside the store, the loss will be caused by this situation Larger, especially for database servers, may store precious data for several years. How can we effectively protect data? Backup is the only option. In the past, for data backup, it was taken to create a backup folder in another area on the server or even to create a backup area. However, this backup method has a very big drawback, that is, once the server's hard disk has problems, all the partition data will be lost, so the backup is not guaranteed. According to the theory of "Don't put all the eggs in the same basket" we should use separate specialized equipment to store these precious data.
server B using the data stored in the server A, B while preserving the file server by server A, this method is very popular in the cross backup period. Another effective way is to use tape to store precious data, but such an investment will be larger.
At present, the backup method adopted by the company where the author is used is saved by the network storage device NAS, and the separate NAS device is connected to the network, and the precious data is periodically written to the NAS hard disk through the tool, due to The NAS device itself uses the RAID method for data redundancy, so the data is best guaranteed.
data backup but also there is a huge security hole, because good data backup is also likely to be theft, it should be effective when the backup password protection for backup media, if necessary, require the use of these data encryption software Encryption, so that even if the data is stolen, there will be no data leakage.