Windows system >> Computer software Tutorial >> Server technology  >> About the server

Some ways to secure your web server

  
                              

This article is a summary of some of my experiences on the security of server network security. It is some basic common sense. It is suitable for entry-level server management personnel to read. I hope that I will not laugh in front of the experienced technicians. .
First, we can analyze that the malicious network behavior of the network server includes two aspects: one is malicious attack behavior, such as denial of service attack, network virus, etc. These actions are designed to consume server resources and affect the server. Normal operation, even the network of the server is located; the other is malicious intrusion behavior, this behavior will lead to the leakage of sensitive information of the server, the intruder can do whatever he wants, want to destroy the server. Therefore, we must ensure that the security of the network server is to minimize the impact of the network server on these two behaviors.
Based on the share of windows as the operating system server in the Chinese market and the understanding of the operating system of the Chinese people, I am here to talk about some personal opinions on the maintenance of windows network server security.
How to avoid web servers from malicious attacks on the Internet.
(1) Build your hardware security defense system
Choose a good security system model. A comprehensive security model should include the following necessary components: firewall, intrusion detection system, routing system, and so on.
The firewall plays a security role in the security system, which can largely guarantee illegal access from the network and data traffic attacks, such as denial of service attacks; the intrusion detection system plays the role of a monitor, monitoring you Server portals, very intelligently filter out those with intrusive and offensive nature.
(B) choose English operating system
To know, Windows is after all Microsoft's things, and Microsoft's things have always been known for Bug and Patch, the Chinese version of the Bug is far more than the English version The Chinese version of the patch has always been later than the English version, that is, if your server is loaded with the Chinese version of the windows system, after the Microsoft vulnerability is announced, you still need to wait a while to patch, maybe hackers The virus used this time to invade your system. How to prevent web servers from being hacked:
First of all, as a hacker admirer, I would like to say that there is no absolutely secure system in the world. We can only avoid being invaded as much as possible to minimize the number of casualties.
(1) Adopt NTFS file system format
As we all know, the file system we usually use is FAT or FAT32, NTFS is supported by the series of operating systems of Microsoft Windows NT kernel, one for network and disk quotas, A disk format designed for management security features such as file encryption. In the NTFS file system you can set individual access permissions for any disk partition. Put your own sensitive information and service information on separate disk partitions. In this way, even if the hacker gains access to the disk partition where your service file is located by some means, you need to find ways to break through the security settings of the system to further access sensitive information stored on other disks.
(B) do a good job of system backup
As the saying goes, "have preparedness", although no one wants the system to be suddenly destroyed, but not afraid of 10,000, just in case, make a backup of the server system, in case of It can also be restored in time when it is destroyed.
(3) Close unnecessary services, only open the port opened
Close those services that are not open, do local management and group management. Windows system has a lot of default services, it is not necessary to open, it can even be said to be dangerous, such as: the default shared remote registry access (Remote Registry Service), the system a lot of sensitive information is written in the registry, such as Encrypted passwords for pcanywhere.
Close those unnecessary ports. Some seemingly unnecessary ports can indeed disclose sensitive information of many operating systems to hackers. For example, the IIS service that Windows 2000 server opens by default tells the other party that your operating system is Windows 2000. The port 69 tells the hacker that your operating system is extremely It may be a linux or Unix system, because 69 is the port used by the default tftp service under these operating systems. Further access to the port can also return some information about the software and its version on the server, which is a great help for hackers. In addition, open ports are more likely to be the gateway for hackers to enter the server.
In short, doing a good job of TCP /IP port filtering will not only help prevent hackers, but also help prevent viruses.
(4) Software firewall, anti-virus software
Although we already have a hardware defense system, but a few "bodyguards" is not a bad thing.
(5) Open your event log
Although opening the log service does not directly affect the hacker's invasion, but by recording the hacker's whereabouts, we can analyze the intruder on our system. What kind of hands and feet have been done, what damages and hidden dangers have been caused to our system, what kind of backdoors hackers have left on our systems, and what security vulnerabilities exist in our servers. If you are a master, you can also set up a canister, wait for the hacker to invade, and catch him when he invades.

About the server
Windows system
Actual combat no data x225 server system installation (Figure)

                  Recently, an enterprise database server has failed many times: the client PC runs

What can I do if the remote desktop prompt "Remote computer has ended the connection"?

                   Recently, some netizens reported that when Windows XP comes with the “Remote Desk
Modify the remote desktop terminal port and log in to the

Remote Desktop Terminal Services default port as “3389” To prevent malicious connections
Entry-level rack service assembly Baotong DIY service

                  Server DIY is popular among people for its high cost performance, low energy consu
What does raid mean, what is the raid card?

What does raid mean? Raid is the abbreviation of English Redundant Array of Independent Disks. In Ch
Remote maintenance of Win2003

using the Web interface When installing network devices, such as network cards, we seem to inevitab
  • DNS server
  • FTP server
  • Web server
  • Proxy server
  • Mail server
  • Server synthesis
  • About the server

    • Win8.1 built-in Microsoft Pinyin input method has added cloud candidate function

    What should I do if I activate the error 0xc004c003 and 0xC004E016 after upgrading Windows 10?

    Win10 Mobile Anniversary Update 14393.5 mobile phone screenshot leaked: model is Lumia532

    Win7 system command prompt input instruction invalid problem solution

    How to get back XP forgotten password

    Windows 8 System Tips for Conserving Battery Power

    Windows7 audio service is not running solution

    Win8 replacement win7 system need to pay attention to what?

    How to set the photo display mode of Win10 photo tile

    How to turn off Windows 8.1 application auto update

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved