FTP server security prevention and Data Backup (1)

In the age of network technology, SOHOSmall Office Home Office (SOHOSmall office) or remote Office Tele-Office (Tele-office) is a new way of working and living, which has been gradually accepted by some companies and individuals. With the help of the ubiquitous network, many people stay in their own space to work. This is a more free and environmentally friendly life. SOHO allows employees to avoid heavy traffic during commuting, on the other hand, it also reduces the company's expensive office rental expenses and gives employees more free space to stimulate their creativity, therefore, many large enterprise organizations have begun to allow and encourage employees to become "sohohs ". Sohoans upload or download files on the company's FTP server over the network, and communicate with colleagues, leaders, and business partners via QQ and Email, what security issues should I pay attention to when I use IE to search for various materials on the Internet? The company's FTP server serves as a bridge to communicate with employees. How can administrators ensure their security?

Today, we will focus on how to ensure the security of FTP uploading.

The company's FTP server, as an employee uploads and downloads files, must be connected to the Internet and must have a public IP address to facilitate normal access. It is this fixed IP address that makes it easy for hackers to wander around the network all day long. They are always looking for attack targets, even if such attacks and damages are of no benefit to them, however, these people are still happy to show off how many machines they attack as a standard to show off their hacker skills. What types of attacks may the FTP server face?

1. Possible FTP server attacks

Although Windows operating system servers are easy to operate and easy to configure, Microsoft operating system vulnerabilities are emerging. If Windows is used as the operating system, administrators will never be idle, keep an eye on whether Microsoft has released any new patches, released any new vulnerabilities, and installed patches in the shortest time to detect vulnerabilities. There are also a lot of hacker tools for Windows on the Internet, people with a little knowledge about computers can operate on these servers. To ensure the security of these servers, administrators are no longer willing to use Windows systems, but Unix servers. Unix operating systems are much more complex than Windows operating systems. They can at least block those who only use Windows systems, and their security is much higher. It is relatively difficult to attack unix servers, but this does not mean that there is no attack. For such servers, they may be attacked by the following two types.

1. DoS Attacks

DoSDenial of Service, denial of Service) is a network attack that uses a reasonable Service request to occupy too much Service resources, so that legal users cannot receive Service responses. A Typical DoS attack is resource depletion and resource overload. Therefore, when a reasonable request to a resource exceeds the resource's payment capability, legal visitors cannot enjoy reasonable services.

When a DoS attack occurs, a large number of service requests are sent to the service daemon process of the same server, which will overload the service. These requests are sent in various ways, and many of them are intentional. In the time-sharing mechanism, the computer needs to process these requests in the flood, so busy that many new requests will be discarded if it cannot process conventional tasks. If the target is a TCP-based service, these requests will be resent, further increasing the network burden.

Generally, there are the following types of attacks:

1) message stream

Message flow occurs when a user sends a large number of data packets to the target host in the network. Message flow slows down the processing speed of the target host and makes it difficult to process tasks normally. These requests are constantly routed to the target host in the form of a file service request, a login request, or a response request, increasing the processor load of the target host and consuming a large amount of resources to respond to these requests. In extreme cases, a message stream can cause the target host to crash due to no memory space for buffering or other errors.

2) "Sticky" Attacks

In Unix systems, TCP connections establish a connection through three handshakes. If the attacker sends multiple connection requests and initially establishes a connection, but does not complete the subsequent connection steps, the receiver will keep many of these semi-connections, occupying a lot of resources. Generally, these connection requests use a forged source address, and the system cannot track the connection. The system only waits for the connection to be released due to timeout.

3) SYN-Flooding Attack

Attackers use disguised addresses to send as many requests as possible to the target computer to occupy the resources of the target computer. When the target computer receives such a request, it uses system resources to provide services for the new connection, and then replies with a positive SYN-ACK. Since the SYN-ACK is returned to a disguised address, there is no response, so the target computer will continue to try to send SYN-ACK. Some systems have default replies and time-out periods. Resources occupied are released only when replies are received or times out. After each resend, the wait time doubles, eventually, system resources are exhausted and services cannot be provided for new connections. Although hackers who launch such attacks cannot gain any access to the system, they can slow the server's access to other services or even accept other services.

2. Weak Password Vulnerability attacks

Because Unix operating systems have very few vulnerabilities and are not easy to exploit, many hackers have to make up their minds on accounts and passwords to intrude into the system. The user's ID is easily obtained through some existing scanners, so the password becomes the first and only defensive line. However, for convenience, some administrators use easy-to-guess passwords for some accounts on some servers, and even some accounts do not have passwords at all, which is undoubtedly a false cover for hackers. In addition, many systems have built-in or default accounts and do not change passwords. These give hackers a lot of opportunities. attackers usually look for these accounts. The attacker can access the target computer as long as he or she can determine an account name and password.