Anti-DDoS attack 11 strokes

1. Make sure all servers have the latest system and security patches. The Computer Emergency Response Coordination Center found that almost every DDoS-attacked system was not patched in time.

2. Make sure that the administrator checks all hosts, not just the critical hosts. This is to make sure that the administrator knows what each host system is running on? Who is using the mainframe? Who can access the host? Otherwise, even if hackers violate the system, it is difficult to identify.

3. Ensure that unused services such as FTP or NFS are removed from the appropriate directory or file database of the server. There are known vulnerabilities in daemons such as WU-FTPD, which enable hackers to gain access to privileged systems through root attacks and access to other systems-even those protected by firewalls.

4. Make sure that all services running on UNIX have TCP encapsulation programs that restrict access to the host.

5. The intranet is forbidden to connect to the PSTN system through modem. Otherwise, hackers can find unprotected hosts over telephone lines and instantly access extremely confidential data.

6. Disable network access programs such as Telnet, FTP, Rsh, Rlogin, and RCP to be replaced by PKI-based access programs such as SSH. SSH does not send passwords online in clear text, while Telnet and rlogin are the opposite, and hackers can search for these passwords to instantly access important servers on the network. In addition, the. Rhost and hosts.equiv files should be deleted on Unix because these files provide logon access without guessing the password!

7. Limited to network file sharing outside the firewall. This gives the hacker the opportunity to intercept the system file and replace it with a Trojan horse, which is no different from the file transfer function.

8. Make sure you have an up-to-date network topology on hand. This map should detail the TCP/IP address, host, router, and other network devices, and should include the network boundary, Demilitarized Zone (DMZ), and the internal confidentiality of the network.

9. Run the port mapper or port scanner on the firewall. Most events are caused by improper firewall configuration, so the Dos/ddos attack success rate is very high, so you must carefully check the privileged port and the unprivileged port.

10. Check logs for all network devices and host/server systems. As long as the log appears to be vulnerable or changes in time, it is almost certain that the associated host security is under threat.

11. Use the device of a DDoS device provider.

Unfortunately, no network can be protected from DDoS attacks at the moment, but if the above measures are taken, they can have a certain preventive effect.