Build server-side security protection

Another year of the Spring Festival, network security has once again become a hot spot in the market. In fact, as companies become more dependent on information systems, how to build a secure and stable system has become the pursuit of all CIOs.

As the first portal for virus protection, server-side protection is essential. As a core network platform, server protection is typically much higher in terms of reliability and performance than simple protection on the client side. Not only that, but servers for different applications have many different aspects of protection.

From the perspective of the protection steps, the server is the same as the client. The first is to reduce the attack surface: remove unwanted services and applications from the server to minimize their attack surface; second is the application security update: regular upgrade maintenance, so that all server computers are running the latest security updates And perform other tests as needed to ensure that new updates do not negatively impact mission-critical servers; third is to enable host-based firewalls: such as Windows Server 2003 includes a host-based firewall that users can use to reduce servers The attack surface and the removal of unwanted services and applications; the last is to use the vulnerability scanner to test: such as using the MBSA tool on Windows Server 2003 to help identify possible vulnerabilities in the server configuration, as much as possible to help ensure a strong configuration.

From an application perspective, general server antivirus scanning is an integration level, and most antivirus applications have remote management capabilities that minimize the need for physical access to the server console. When applying this type of program, most CIOs should consider the server CPU usage during the scan, the stability and sustainable upgrade of the application and the interoperability and compatibility with other programs in the system. For special application servers, such as Web servers, database servers, mail servers, collaboration servers, etc., when installing a protection solution, you need to pay special attention to its special application requirements.

Take the most widely used Web server as an example. As a platform for website construction, it is often attacked by malware or hackers, so the level of protection security should be improved accordingly. In addition to the commonly used anti-virus software, network administrators can also supplement it with many professional tools, such as the IIS Lockdown Tool available on Microsoft's official website. This tool is used to adjust the web server so that it can only be provided. The services that the role requires, thus reducing the attack surface of the malware on the server. UrlScan is another security tool that limits the types of HTTP requests that IIS will handle. By blocking specific HTTP requests, UrlScan can help prevent potentially harmful requests from reaching the server.

For mail servers, anti-virus must start from two aspects: on the one hand, it is to prevent attacks from external malware such as the Internet. The other is to prevent attacks from viruses inside the system, such as client mailboxes. Externally, with the increasing complexity of email attachments (pictures, audio and video files, PPT, etc.), the general standard file scanning anti-virus solution obviously cannot prevent the email server from delivering malware as an attachment to the client. And if you use the drive mapping to scan, it will undoubtedly destroy some of the mail content, so it is not feasible. There are two options currently used on the market, the SMTP gateway scanner and the integrated server scanner. The former can be scanned via Simple Mail Transfer Protocol (SMTP)-based mail, which combines with a specific email server product to complete the scanning task.

There is no end to network security, not only because "antivirus" always runs after "viruses", so that external attacks continue, and because of the increasing complexity of information systems, internal attacks are constantly escalating. . Obviously, this is related to the fact that even after many companies have issued rules and regulations such as unified rules for online access, the importance of safety for employees within the company is far from reaching the corresponding standards. As mentioned above, building server-side security is only the first step in protection, and later, there is still a lot of work to be done.