Seven newcomers Raiders Battle server security maintenance

Are there any vital data on your computer, and don't want them to fall into the hands of the wicked? Of course, they have this possibility. Moreover, in recent years, servers have been at greater risk than before. More and more viruses,

Are there vital data on your computer, and don't want them to fall into the hands of the wicked? Of course, they have this possibility. Moreover, in recent years, servers have been at greater risk than before. More and more viruses, hackers, and commercial spies have made the server their goal. Obviously, the security of the server cannot be ignored.

It is impossible to tell all the computer security issues in just one article. After all, there are countless books on this topic. All I have to do next is to tell you seven tips for maintaining your server's security.

Skills for: to basics

I know this sounds like nonsense, but when we talk about secure network server, I The best advice I can give you is not to be a layman. When hackers start attacking your network, they first check for general security vulnerabilities before considering the more difficult means of breaking through the security system. So, for example, when the data on your server is in a FAT disk partition, it won't help you even if you install all the security software in the world.

For this reason, you need to start from the basics. You need to convert all disk partitions on the server that contain sensitive data to NTFS format. Again, you will need to keep all your anti-virus software up to date. I recommend that you run anti-virus software on both the server and the desktop. The software should also be configured to automatically download the latest virus database files every day. You should also know that you can install anti-virus software for Exchange Server. This software scans all incoming emails for infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

Another good way to protect your network is to limit the amount of time users spend accessing the network based on the time they spend in the company. A temporary employee who normally works during the day should not be allowed to access the network at 3 am unless the employee's supervisor tells you that it is for a special project.

Finally, remember that when users access to everything on the entire network will require a password. You must force everyone to use high-intensity passwords consisting of uppercase and lowercase letters, numbers, and special characters. There is a good tool for this task in the Windows NT Server Resource Kit. You should also often invalidate some expired passwords and update them to require the user's password to be at least eight characters. If you have done all of this work but are still concerned about the security of your password, you can try to download some hacking tools from the Internet and find out how safe these passwords are.

Tip 2: Protect your backups

Every good network administrator knows to back up the network server every day and keep the tape records away from the scene to protect against accidents. disaster. However, the security issue is much more than just a backup. Most people don't realize that your backup is actually a huge security hole.

To understand why this is the case, most of the backup work starts at around 10:00 or 11:00. The entire backup process usually ends in the middle of the night, depending on how much data you have to back up. Now, imagine that time is up to four in the morning and your backup job is over. However, nothing prevents someone from stealing data from your tape records and restoring them to a server in your home or in your competitor's office.

However, you can stop this from happening. First, you can protect your tape with a password and if your backup program supports encryption, you can also encrypt it. Second, you can set the backup program to work in the morning when you go to work. In this case, even if someone wants to sneak in and steal the tape the night before, they will not be able to succeed because the tape is being used. If the thief still ejects the tape and takes it away, the data on the tape is worthless.

Skills III: Use the RAS callback function

One of the coolest features is the Windows NT server for remote access (RAS) support. Unfortunately, a RAS server is an open door for a hacker trying to get into your system. All the hackers need is just a phone number, and sometimes it takes a little patience to get into a host via RAS. But you can take some measures to ensure the security of the RAS server.

The technology you use will depend to a large extent on how your remote users use RAS. If remote users often call the host from home or similar, non-changing places, I suggest you use The callback feature, which allows remote users to log in and disconnect afterwards. The RAS server then dials a pre-defined phone number to connect the user again. Because this number is pre-set, the hacker has no chance to set the number that the server will call back.

Another option is to restrict access to a single server for all remote users. You can place the data that the user usually accesses on a special share point on the RAS server. You can then restrict access to remote users to a single server, not the entire network. In this way, even if hackers enter the host through destruction, they are also isolated on a single machine, where the damage they cause is reduced to a minimum.

Last but not least, the trick is to use an unexpected protocol on your RAS server. Everyone I know uses the TCP/IP protocol as the RAS protocol. Given the nature and typical use of the TCP/IP protocol itself, this seems like a reasonable choice. However, RAS also supports the IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can really confuse some unsuspecting hackers.

Tip 4: Consider workstation security issues

It seems strange to talk about workstation security in an article about server security. However, the workstation is a port to the server. Strengthening the security of workstations can increase the security of the entire network. For beginners, I recommend using Windows 2000 on all workstations. Windows 2000 is a very secure operating system. If you don't want to do this, then at least use Windows NT. You can lock the workstation, making it difficult or impossible for someone without secure access to get network configuration information.

Another technique is to control what people can access which workstations. For example, there is an employee called Bob, and you already know that he is a troublemaker. Obviously, you don't want Bob to open his friend's computer at lunch or to drop his own notebook and hack the entire system. Therefore, you should also use the Workgroup User Manager to modify Bob's account so that he can only log in from his own computer (and within the time you specify). Bob is far less likely to attack the network from his own computer because he knows that others can catch him up.

Tip 5: Make a reasonable division of workstations and servers

Another technique is to limit the functionality of the workstation to a dumb terminal, or, I have no better words. Described, a "smart" & dumb terminal. In general, it means that no data and applications reside on separate workstations. When you use your computer as a dumb terminal, the server is configured to run Windows NT Terminal Services, and all applications are physically running on the server. Everything sent to the workstation is nothing more than an updated screen display. This means that there is only one minimal version of Windows and one client for Microsoft Terminal Services on the workstation. Using this method is perhaps the safest network design.

using a & ldquo; smart & rdquo; dumb terminal that is a program and data reside on the workstation but running on the server. All installed on the workstation is a copy of Windows and some icons pointing to applications residing on the server. When you click on an icon to run the program, the program will run using the local resources instead of consuming the server's resources. This puts less stress on the server than if you run a full dumb terminal program.