Don't forget to close the backdoor when the network door is opened.

Author: Builder.com

The Internet brings your business to the world, but when you use the Internet, how do you prevent adverse effects from external sources?

Wayne Weisse, sales director of Network Associates high-tech solutions, believes that Network servers are "very easy to target because they are built on the Network ". However, they are very important to a company's business, not just for brand effect considerations. For example, Denial of service attacks can cause a sharp decrease in the efficiency of using network resources. By using common hacking tools, you can fully describe webpages; by illegally increasing user permissions, attackers can use network servers as the stepping stone for launching attacks, and then attack internal network systems. These threats will have a huge impact on a company.

"However, even so, there are a lot of places we can satisfy with using the network," said Chris Thomas, Senior Consultant at the Data Protection Group of the Computer Society. The average user will not take the network as the target of the attack, but the bad guys are always looking for opportunities: once they get your IP address, they can find you, because "in the online world, the only one that represents you is your IP address." This is good news for beginners. Through this article, we mainly study how to ensure the security of your network servers.

Structure Problems

Head of security affairs in Australia (Dimension Data into alias security practice) Neil megael believes that "most of the attacks have a lot to do with how you design WEB applications and security Management ".

In general, servers with weak path management are prone to worms, and servers with poor security management and structure design are vulnerable to hacker attacks, he said. "With the continuous development of hacking techniques, you may not make any sense at present, although it was useful before 9-12 months ago." Therefore, we need constant innovation.

The typical three-tier structure design is a good idea. The inverted proxy server design makes the data flow on the WEB blurred to the outside, and important data is not easily detected. Campbell encouraged innovative designs to protect sensitive data. For example, it is necessary to store information such as a customer's credit card (such important data must not be stored on a WEB server, we can consider dividing the information into different parts and storing them in different databases. At the same time, different databases use different encryption methods. "In this way, a separate security threat will not cause the entire system to crash," he said.

It is a good idea to isolate different application services, as Bill Mania, System Manager of Hostway, one of the five largest host companies in the world, thinks.

He suggested that the WEB server should be a WEB server instead of other functions. If other application services are loaded on the application, an "inappropriate exchange" error occurs, it will affect other applications.

Andrew Gordon, the Trend Micro Structure manager, promotes this idea to the application of scripts. He warned that any script should not run on the WEB server host, but on the corresponding back-end database server. He also stressed that, these database servers cannot be the same as WEB servers.

The more types of routes or network connections, the higher the risk of attacks. Gordon believes that "It is equivalent to installing a front door and a backdoor ".

Network servers may have various services running on other systems. Therefore, it is important to back up path information. Senior Technical Consultant at the RSA Laboratory Security Department (known for studying encryption algorithms) believes that backing up path information is convenient for controlling customers' access to different servers.

Speaking of how to provide services to hosts, Patrick Cusack (CTO of Hothouse Interactive) believes that "when you provide backend services to hosts on the customer's internal network, do not neglect the security issues here ". For network servers, it is not common to connect to other systems for data input and transaction processing. He said this method is dangerous. "Do not imagine that their network hosts will install a firewall ". For example, worms and other viruses may intrude into the network connected in this way. He warned us, "Sometimes this happens very often," so it is best not to use this method.
 
What type of platform is selected?

The advantages and disadvantages of different operating systems and network service systems have always been the focus of debate. Here we will study this issue in detail.

"They all have disadvantages," Cusack said. Because Microsoft is the most popular operating system, most of the criticism we hear is directed at it, but "this is unfair-just because it is the largest supplier," he said, "The same Linux system has logging vulnerabilities ". Moreover, he also said that the amount of work required to ensure the security of a Linux system is huge.

If we choose one of the customers who are strictly trained to configure the Linux system, "it will also take a lot of work ." To meet the requirements of the standard operating system environment, more than six hundred patches need to be installed. Therefore, it takes four days to build a server from the original unupgraded system, he said. The Solaris system is also very similar, but we will be more efficient when dealing with security issues, he is confident that most of our staff responsible for the Solaris operating system have this ability, however, this is not the case for other operating platforms. Therefore, his advice is to "try to use the operating system you are familiar with," instead of worrying too much about it as a system.

Ian Gillott, an administrator of the Santos Reform and Innovation group, admitted that most Microsoft servers are not installed by Microsoft experts, but as long as enterprises are willing to pay, their servers will be well installed. He said that Santos's technicians have the same level of technology for Microsoft's operating systems and Solaris systems.

Gordon believes that Unix and Linux are the safest operating platforms. Because their vulnerabilities are least known to most people, and the system can carry a higher load. However, the Windows system is in a different situation. It has to patch frequently-occurring vulnerabilities and continuously suffer attacks caused by these vulnerabilities. Therefore, Gordon recommends installing anti-virus software on Windows servers, while emphasizing the need to focus on border protection (Perimeter security ).

Robert Pregnell, senior regional product manager at Symantec, believes that IIS is not inherently more vulnerable than other Web service software, but because it is released along with Microsoft's operating system, therefore, it is very likely that the installation is not properly configured without installation knowledge. As a result, your IIS configuration tends to be the same, and the system vulnerabilities that people know are added, making it vulnerable to attacks.