How Should new users cope with server security maintenance?

ServerWe have already introduced three kinds of security maintenance skills in our previous articles. Today, we will continue to share with you several other effective skills.

Tip 1: Consider workstation security issues

It seems strange to talk about workstation security in an article about server security. However, the workstation is a port to the server. Enhanced workstation security can improve the security of the entire network. For beginners, I suggest using Windows 2000. Windows 2000 on All workstations is a very safe operating system. If you do not want to do this, at least use Windows NT. You can lock the workstation, making it difficult or impossible for some people without security access to obtain network configuration information.

Another technique is to control which user can access which workstation. For example, an employee named Bob already knows that he is a troublemaker. Obviously, you don't want Bob to be able to open his friend's computer at lunch or drop off his laptop and then hack the entire system. Therefore, you should use the workgroup user management program to modify Bob's account so that he can only log on from his own computer and at the specified time. Bob is far from likely to attack the network on his own computer because he knows that someone else can trace him out.

Tip 2: Give the workstation and server a reasonable division of labor

Another technique is to define the functions of a workstation as a dumb terminal, or I don't have a better word to describe it, a "smart" dumb terminal. In general, it means that no data and applications reside on independent workstations. When you use a computer as a dumb terminal, the server is configured to run the Windows NT Terminal Service Program, and all applications run physically on the server. Everything sent to the workstation is just an updated screen display. This means that there is only one minimal Windows version on the workstation and one client for the Microsoft Terminal Service Program. Using this method may be the safest network design solution.

Using a "smart" dumb terminal means that the program and data reside on the server but run on the workstation. All installed on the workstation are copies of Windows and icons pointing to applications residing on the server. When you click an icon to run a program, it uses local resources instead of consuming server resources. This is much less pressure on the server than running a complete dumb terminal program.

Microsoft hired a team of programmers to check security vulnerabilities and fix them. Sometimes these patches are bundled into a large software package and released as a service pack. There are usually two different patch versions: a 40-bit version that anyone can use and a 128-bit version that can only be used in the United States and Canada. The 128-bit version uses the 128-bit encryption algorithm, which is much safer than the 40-bit version. If you are still using a 40-bit service package and live in the United States or Canada, I strongly recommend that you download the 128-bit version.

Sometimes the release of a service package may take several months-obviously, when a large security vulnerability is discovered, you don't want to wait until it is fixed. Fortunately, you don't have to wait. Microsoft regularly releases important patches on its FTP site. These hot patches are security patches published after the last service package was released. I suggest you check hotspot patches frequently. Remember to use these patches in a logical order. If you use them in wrong order, the results may lead to version Errors for some files, and Windows may also stop working.

Tip 3: Use a strong security policy

To improve security, another task you can do is to develop a good and strong security policy. Make sure everyone knows it and knows it is enforced. Such a policy needs to include severe punishments for employees who download unauthorized software on the company's machines.

If you use Windows 2000 Server, you may specify special user permissions to use your Server without the need to hand over administrator control. A good practice is to authorize the human resources department to delete and disable an account. In this way, the human resources department can delete or disable the user account of an employee who leaves the company before the employee is dismissed. In this way, dissatisfied employees will not have the opportunity to disrupt the company's system. At the same time, with special user permissions, you can grant such permissions to delete and disable accounts and restrict the permissions for creating users or changing permissions for these activities.

Try TechProGuild for free! If you think this article is useful, you can refer to TechRepublic's TechProGuild registration resource. IT provides in-depth technical articles covering some IT topics, including Windows server and client platforms, Linux, FAQs, difficulties in digital network projects, and NetWare. with a TechProGuild account, you can also read the full text of popular IT industry books online. Click here to register for a 30-day free TechProGuild trial.

Tip 4: check firewall settings

Our last tip is to carefully check your firewall settings. Your Firewall is an important part of the network because it isolates your company's computers from the confusing people on the Internet who may damage them.

The first thing you need to do is to ensure that the firewall does not open any necessary IP addresses to the outside world. You always need to make at least one IP address visible to the outside world. This IP address is used for all Internet communications. If you still have a DNS registered Web server or email server, their IP addresses may also be visible to the outside world through the firewall. However, the IP addresses of workstations and other servers must be hidden.

You can also view the port list to verify that you have disabled all ports that are not commonly used. For example, TCP/IP port 80 is used for HTTP Communication, so you may not want to block this port. However, you may never use port 81, so it should be disabled. You can find the usage list of each port on the Internet.

Server Security is a big problem. You do not want critical data to be stolen by viruses, hackers, or people who may use it. You should pay attention to the next security review in a total of seven tips added in the previous article.