Five Keys to Hardening Host Security

From a practical perspective, IT security issues revolve around three basic facts: First, IT systems cannot identify users as absolutely reliable. Second, the authorized user may be exploited; third, if the hacker gains access to the host, the host may be compromised. The latter, which is the security of the host, is an extremely important line of defense.

On the other hand, high-value targets such as hosts often attract high-level hackers; on the other hand, the more important the data stored on the host, the more security users put into it, the so-called " The magic is one foot high and the road is one foot high.

In the past few years, some criminal organizations in the real world have been actively recruiting hackers to engage in criminal activities targeting certain purposes, such as the recent hackers attempting to steal about 200 million pounds from the British branch of Sumitomo Bank. This type of criminal activity combines physical access and hacking with IT systems, which means that simply setting up a reliable firewall between the host and the Internet is not enough to protect your data.

Nowadays, it is entirely possible for a hacker to put a hacking tool into the network through a firewall to launch an internal attack. Since many hacking tools are available for free on the Internet, plus USB storage devices are readily available, as long as the idle USB port can actually access public places (such as the reception), it is possible to use any PC on the network to launch an attack. To do this, you should start thinking about hardening the host to prevent attacks that are launched directly from within the network.

Disconnecting the network

One of the most obvious ways to enhance the security of the host is to disconnect the host from the part that does not need to be connected. If a hacker can't touch the host, there is no way to break into it.

Shut down ports

The second way to improve host security is to actually use the built-in security features of the host. For example, the default configuration of the Windows server allows any user to have full access to any file in any directory. It is very easy to modify this configuration, but very few network administrators modify it. If a user does not have ownership of a file, they should not have access to the file automatically. If you change the configuration, even if a hacker breaks into an account, he may not be able to access all the files on that host.

In addition, the fewer ports that are opened to the outside, the fewer hackers use to compromise system security. Entering the Windows MMC Manager disables unwanted services, and the fewer processes running on the host, the less potential hackers can exploit and the fewer security vulnerabilities.

Restricting Access

Another measure you can take is to cut off the connection between host authentication and application management. Having the right to manage the host does not mean that you have the right to manage other functions, such as the database engine or other applications running on the host. This may be inconvenient for users who need global administrative rights, but it makes it more difficult to break into the database because the hacker must break two user identities and passwords. Similarly, you can delegate other administrative tasks to a specific group of users, but do not grant global management rights to the host (or network). For example, you can allow users to manage printers, but not all administrative rights to the host that controls the printer. You can also ban employees who do not require overtime to log in to the host after work. In fact, most of these features are built into most operating systems. You don't need to invest any money. All you need to do is learn and use these features.

Enhanced Protection

Depending on the host operating system and the operating network environment, you can require token or biometric authentication for administrators to access any host, you You can also restrict administrators to only access a subnet in a secure zone. In this way, if an administrator wants to add a new user, it must be added in a specific security zone through a PC on a specific subnet. It must also provide a username, password, biometric identification, and token code.

Changing the operating system

However, if you need a higher level of security, you may have to use specialized technology. Don't just use Windows as the server's operating system. Windows is a very popular server operating system, but every hacker knows that in terms of potential rewards, taking the time to look for security vulnerabilities in the Windows operating system is far greater than breaking into a version of Unix at the same time. Even if you can't afford a source code license for a particular Unix version of your choice, Unix has one advantage over Windows: you can rebuild the kernel to include only those parts of the host that you really need. In contrast, Windows has a lot of code in this kernel, you can't delete it, and you can't close it all.

Furthermore, people have 20 years of experience in the security configuration of Unix. In addition, Unix comes with programmers to write a variety of tools required for small system applications, such as to remove unauthorized processes (usually found on Unix-based firewalls), or to modify the system verification process to view the allowed users. Whether you physically entered the company building before logging in to the host.

So these features all need to simplify the code, and Unix is ​​very suitable for this work. However, the incumbents of ordinary companies may not have the corresponding skills and experience to carry out this work. In many cases, they need to be outsourced to achieve security reinforcement of the host. Unfortunately, you have to weigh the risks of outsourcing.