How to do win server security maintenance?

The continuous development of the network economy, the concept of e-commerce is also recognized by most people, hackers who have been stealing and destroying data on the network have also become very active. The network hacking behavior of hackers may cause heavy losses in the enterprise e-commerce system every year. And as your business continues to expand, even a small, unimaginable security negligence can easily expose your hard-working company to potential threats.

In recent years, servers have been at greater risk than before. More and more viruses, hackers with ill-conceived servers have their own goals. Obviously, the security of the server cannot be ignored. Here I talk about how companies maintain server security.

First, convert disk partitions to NTFS format

When hackers start attacking your network, they will first check for general security vulnerabilities before they consider the difficulty. A higher means of breaking through the security system. So, for example, when the data on your server is in a FAT disk partition, it won't help you even if you install all the security software in the world.

For this reason, you need to start from the basics. You need to convert all disk partitions on the server that contain sensitive data into NTFS format. Again, you need to keep all your anti-virus software up to date. I recommend that you run anti-virus software on both the server and the desktop. The software should also be configured to automatically download the latest virus database files every day. You should also know that you can install anti-virus software for Exchange Server. This software scans all incoming emails for infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

Another good way to protect your network is to limit the amount of time users spend accessing the network based on the time they spend in the company. Finally, remember that users need a password when they access anything on the entire network. You must force everyone to use high-intensity passwords consisting of uppercase and lowercase letters, numbers, and special characters. There is a good tool for this task in the Windows
NT Server Resource Kit. You should also often invalidate some expired passwords and update them to require the user's password to be at least eight characters. If you have done all of this work but are still concerned about the security of your password, you can try to download some hacking tools from the Internet and find out how safe these passwords are.

Second, enable Windows NT callback function

One of the coolest features of Windows NT is remote server access (RAS) support. Unfortunately, a RAS server is an open door for a hacker trying to get into your system. Everything a hacker needs is a phone number, and sometimes it takes a little patience to get into a host via RAS. But you can take some measures to ensure the security of the RAS server.

The technology you use will depend to a large extent on how your remote users use RAS. If the remote user often calls the host from home or a similarly unchanging location, I recommend that you use the callback feature, which allows the remote user to log in and disconnect afterwards. The RAS server then dials a pre-defined phone number to connect the user again. Because this number is pre-set, the hacker has no chance to set the number that the server will call back.

Another alternative is to restrict access to a single server for all remote users. You can place the data that the user usually accesses on a special share point on the RAS server. You can then restrict access to remote users to a single server, not the entire network. In this way, even if hackers enter the host through destruction, they will be isolated on a single machine, where the damage they cause is reduced to a minimum.

The last trick is to use an unexpected protocol on your RAS server. Everyone I know uses the TCP/IP protocol as the RAS protocol. Given the nature and typical use of the TCP/IP protocol itself, this seems like a reasonable choice. However, RAS also supports the IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can really confuse some unsuspecting hackers.

Three, build a secure workstation

Because the workstation is a flaw to the server, strengthening the security of the workstation can improve the security of the entire network. For beginners, I recommend using Windows 2000 on all workstations. Windows 2000 is a very secure operating system
. If you don't want to do this, then at least use Windows NT. You can lock workstations, making it difficult or impossible for people who don't have secure access to get network configuration information.

Another technology is to control which workstations people can access. For example, if you have an employee, you already know that he is a troublemaker, so you should use the Workgroup User Manager to also modify his account so that he can only log in from his own computer (and within the time you specify). . This way he is unlikely to attack the network from his own computer, because he knows that others can chase him.

Another technique is to limit the functionality of a workstation to a dumb terminal, which means that no data and applications reside on separate workstations. When you use your computer as a dumb terminal, the server is configured to run Windows NT Terminal Services, and all applications are physically running on the server. Everything sent to the workstation is nothing more than an updated screen display. This means that there is only one minimal version of Windows on the workstation and a client for Microsoft Terminal Services. Using this method is perhaps the safest network design. Using a "smart" dumb terminal means that the program and data reside on the server but run on the workstation. All installed on the workstation is a copy of Windows and some icons pointing to applications residing on the server. When you click on an icon to run the program, the program will run using the local resources instead of consuming the server's resources. This is much less stressful on the server than running a full dumb terminal program.

4. Download and install the latest security vulnerability remediation program

Microsoft has a team of programmers to check for security vulnerabilities and fix them. Sometimes these remediation programs are bundled into a large package and released as a service pack. There are usually two different versions of the remediation program: a 40-bit version that anyone can use and a 128-bit version that can only be used in the US and Canada. In general, the 128-bit version uses a 128-bit encryption algorithm, which is much safer than the 40-bit version. Sometimes the release of a service pack may have to wait for several months - obviously, when a big security hole is discovered, you don't want to wait until it is possible to fix it. Fortunately, you don't need to wait. Microsoft regularly publishes important remediation programs on its FTP site.

These hotspot remediation programs are security patches that have been published since the last service pack release. I recommend that you check the hotspot remediation program frequently. Remember that you must use these remediation procedures in a logical order. If you use them in the wrong order, the result may be a version error in some files and Windows may stop working.

5. Establish strict user rights

If you use Windows 2000 Server, you may be able to specify the user's special usage rights to use your server without having to hand over the administrator's control. right. A good use is to authorize Human Resources to delete and disable an account. In this way, the HR department can delete or disable his user account before a clerk knows that he will be fired. In this way, dissatisfied employees will not have the opportunity to disrupt the company's system. At the same time, with special user rights, you can grant this permission to delete and disable account permissions and restrict the creation of users or changes to permissions and other activities.

Six, install intrusion detection and alarm system

With the continuous development of the network economy, the concept of e-commerce has also been recognized by most people, and it has also brought about how to protect Corporate and customer transaction data are not stolen and other related issues.

Generally, information theft can be divided into two types: one is the so-called stealing of intelligent property; the other is the so-called industrial intelligence. And programmers can use the convenience of writing programs to reserve secret doors when developing application software. Under the undetected state, enterprises can unknowingly steal all important information of the company. . Therefore, simply speaking, if a company lacks proper vigilance, it will definitely bring huge economic and information resources losses to the company.

The response method is to install an illegal intrusion detection system, which can complement the function of the current firewall, so that the two can reach the monitoring network, perform immediate interception actions, and analyze the actions of filtering packets and content when the stealer invades. It can be effectively terminated immediately.

Intrusion Detection and Alarm Systems provide another line of defense for corporate defenses. These related protections can be used to make an appropriate and appropriate alert immediately in the event of an attack or misuse of information. This includes warning system administrators, immediately detecting the recorded attack behavior as evidence for future prosecutions, or simply terminating the hacker's network connection. All in all, the use of sophisticated security support decisions can help companies manage the vast amount of data generated by technology as they expand their organization.

Seven, regularly check the server's firewall

The last method is to carefully check your firewall settings regularly. Your firewall is an important part of the network because it isolates your company's computers from those on the Internet that could damage them.

The first thing you need to do is to make sure that the firewall does not open up any necessary IP addresses to the outside world. You always have to make at least one IP address visible to the outside world. This IP address is used for all Internet communications. If you have a DNS-registered web server or email server, their IP addresses may also be visible to the outside world through a firewall. However, the IP addresses of workstations and other servers must be hidden.

You can also check the 埠 list to verify that you have closed all port addresses that you don't use. For example, TCP/IP port 80 is used for HTTP communication, so you may not want to block this trick. However, you may never use 埠81 so it should be turned off. You can find a list of each use on the Internet.

Conclusion

E-commerce provides a more convenient online trading environment for all network users, using a large number of Web sites, providing valuable company information, mission-critical tasks Business applications and consumer-private information, server security issues are becoming a big issue, and you don't want critical information to be corrupted by viruses or hackers or by someone who might use it to deal with you. In order to be successful in this highly competitive and crisis-ridden environment, organizations must protect their assets while ensuring the security of their consumers' private information while users access their resources.

Business managers should choose solutions that address these issues and provide endpoint-to-endpoint security infrastructure for a variety of e-business environments. In addition, in the purchase of such products should also consider its integration and support, in addition to providing such intrusion monitoring and prevention products, it should also be able to integrate the firewall with computer virus prevention software, and can be regular Provides virus code and intrusion attack mode database updates, and provides complete information security protection for enterprise and e-commerce systems in the face of the ever-changing Internet technology.