Network security in Enterprises: Understanding server security maintenance

Server Security Maintenance Tips 1: Start from basics

When we talk about network server security, the best advice I can give you is not to be a layman. When a hacker starts to launch an attack on your network, the hacker first checks whether there are common security vulnerabilities before considering more difficult means to break through the security system. Therefore, for example, when the data on your server is stored in a FAT disk partition, even if you install all the security software in the world, it will not be of much help to you.

For this reason, you need to start from the basics. You need to convert all the disk partitions on the server that contain sensitive data into NTFS format. Similarly, you also need to update all anti-virus software in a timely manner. I suggest you run anti-virus software on both the server and desktop. These software should also be configured to automatically download the latest virus database files every day. You should also know that you can install anti-virus software for the Exchange Server. The software scans all incoming emails to find infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

Another good way to protect the network is to set the time for users to access the network based on their stay in the company. A temporary employee who usually works during the day should not be allowed to access the network at, unless the employee's supervisor tells you that it is necessary for a special project.

Finally, remember that you need a password when accessing anything on the network. Strong passwords consisting of uppercase and lowercase letters, numbers, and special characters must be forced. There is a good tool for this task in the Windows NT Server resource package. You should also frequently invalidate and update expired passwords and require the user's password to be no less than eight characters long. If you have already done all the work but are still worried about password security, you can try to download some hacking tools from the Internet and find out how secure these passwords are.

Server Security Maintenance Tip 2: Protect your backup

Every good network administrator knows to back up network servers every day and keep tape records away from the site for protection against unexpected disasters. However, the security issue is far more than just backup. Most people do not realize that your backup is actually a huge security vulnerability.

To understand why, imagine that most of the backup work started at around or. The entire backup process usually ends in the middle of the night, depending on how much data you have to back up. Now, imagine that your backup work has ended at four o'clock in the morning. However, nothing can prevent some people from stealing the data recorded on your tape and restoring them on a server in their own home or in your competitor's office.

However, you can prevent such incidents. First, you can use a password to protect your tape. If your backup program supports encryption, you can also encrypt the data. Second, you can set the time for the backup program to work in the morning. In this way, even if someone tried to steal the tape in the middle of the night before, they would not be able to use it. If thieves still play the tape out and take it away, the data on the tape will be worthless.

Server Security Maintenance Tip 3: call back for RAS

One of the coolest features of Windows NT is remote access to the server's RAS. Unfortunately, a RAS server is an open door for a hacker attempting to access your system. What hackers need is a phone number. Sometimes they need a little patience and then they can access a host through RAS. However, you can take some measures to ensure the security of the RAS server.

The technology you want to use depends largely on how your remote users use RAS. if a remote user calls a host from a home location or from a similar location, I suggest you use the call back function, which allows the remote user to log on and disconnect from the host. The RAS server then calls a pre-defined phone number to connect the user again. Because this number is pre-set, hackers have no chance to set the server call back number.

Another option is to restrict all remote users to access a single server. You can place the data normally accessed by users on a special sharing point of the RAS server. You can restrict the access of remote users to one server instead of the entire network. In this way, even if hackers access the host through destructive means, they will be isolated on a single machine, where the damage they cause is minimized.

Server Security Maintenance Tip 3: unexpected protocols used on the RAS server

Everyone I know uses the TCP/IP protocol as the RAS protocol. Considering the nature and typical use of the TCP/IP protocol, this seems like a reasonable choice. However, RAS also supports IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can really confuse some unwary hackers.

Server security maintenance is an important part. You should understand these maintenance skills. After all, it is very effective to solve our network security problems.