| |
Based on windows server operating system to do as well as people's share in the Chinese market, the level of understanding of the operating system, I talk about some personal views on the personal network server security maintenance windows here.
Malicious network behavior of the network server includes two aspects: First, malicious attacks, such as denial of service attacks, network viruses, etc., these acts designed to consume server resources, affect the normal operation of the server, and even paralysis of the server where the network; in addition one is malicious intrusions, such behavior is sensitive information disclosure will lead to the server, the intruder can do whatever they want even more, wanton destruction of the server. Therefore, we must ensure the security of the network server can be said is to minimize both the affected web server behavior.
Based on windows server operating system to do as well as people's share in the Chinese market, the level of understanding of the operating system, I talk about some personal views on the personal network server security maintenance windows here.
How to avoid web server by malicious online attacks:
(A) build up your hardware security defense system
Choose a good security system model. A comprehensive security model should include the following essential components: firewalls, intrusion detection systems, routing systems.
Firewall security systems play a role in security, we can largely ensure that unauthorized access and data traffic from network attacks, such as denial of service attacks; intrusion detection system is playing the role of a monitor, monitor your server entrance very intelligently filter out those with access to the invasion and attack properties.
(Ii) selection of English Operating Systems
You know, windows, after all, what the United States Microsoft, and Microsoft has always been something to known for many Bug and Patch, the Chinese version of the Bug is far more than the English version, and the Chinese version of the patch has always been a night out than the English version that is, if your server is to upload the Chinese version of windows system, then Microsoft released vulnerabilities you need to wait some time to lay the patch, perhaps hackers, viruses can use this time to invade your system.
How to prevent being hacked web server:
First, as a hacker admirer, I would say, the world is no absolute security system. We can only try to avoid being invaded, the maximum extent to reduce casualties.
(A) using the NTFS file system format
As we all know, we usually use the file system is FAT or FAT32, NTFS is a Microsoft Windows NT family of operating system kernel support, a special for the network and disk quotas, file encryption and other security features designed to manage the disk format. NTFS file system, you can set access permissions individually for any one disk partition. Put your own sensitive information and service information in separate partitions. So even if a hacker get your service through some method of file where the disk partition access, you also need to find ways to break the system security settings to further access to sensitive information stored on another disk.
(Ii) to do system backup
As the saying goes, "be prepared for", although the system who do not want to suddenly be destroyed, but not afraid of ten thousand, afraid of the event, make server backup system, in case of destruction when you can recover in time.
(C) Close unnecessary services, and only the open ports
Close unnecessary open service, good local management and group management. There are many default Windows system service is in fact no need to open, or even dangerous, for example: the default shared remote registry access (Remote Registry Service), a lot of sensitive information is written in the system registry, such as pcanywhere encryption password.
Close unnecessary ports. Seemingly unnecessary ports, hackers can indeed to disclose sensitive information on many operating systems, such as windows 2000 server open the IIS services by default tell each other your operating system is windows 2000.69 port tell hacking your operating system will It may be linux or unix system, because 69 is under these operating systems to use the default port tftp service. Further access to the port, you can also return some information on the server version of its software, these invasion of hackers have provided great help. In addition, open ports more likely to be hacking into the server portal.
In short, do TCP / IP port filtering not only help prevent hacking, but also to prevent the virus also has some help.
(Iv) a software firewall, antivirus software
Although we already have a defense system hardware, but "guard" a few more is not a bad thing.
(V) to open your event log
Although the open log services, though said to prevent hackers and has no direct role, but the hacker through his record whereabouts, we can analyze the intruder in the system in the end we did what the hands and feet to our system, which in the end caused the damage and hidden hackers in the end to stay in our system, what kind of back door, our server in the end there is what security vulnerabilities and so on. If you are a master, you can also set the honeypot and wait for hackers to invade, invasion, when he caught him. |
|
|
|