Server security protection measures

Server security protection measures

Today, we will explain some specific measures for server security protection through multiple backups. Let's take a look at them carefully.

 

　　1. Start with the foundation and provide basic protection.

 

First, convert all the disk partitions on the server that contain sensitive data to the NTFS format. Second, whether it is Windows or Linux, any operating system has vulnerabilities, and patch the vulnerabilities in time to prevent them from being exploited by deliberate attacks. This is one of the most important guarantees for server security. Update all anti-virus software in a timely manner and run anti-virus software on servers and desktops. These software should also be configured to automatically download the latest virus database files every day. You can install anti-virus software for the Exchange Server. The software scans the emails of All streaming people to find infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

 

　　2. Set the firewall and disable unnecessary services and ports.

 

Firewall is an important part of network security. It filters out insecure services to reduce risks. The firewall can also protect the network from route-based attacks, such as source route attacks in IP options and redirection paths in ICMP redirection.

 

 

 

First, make sure that the firewall is not open to the outside world more than any necessary IP addresses. At least one IP address must be used for Internet communication. If there are also DNS registered Web servers or email servers, their IP addresses may need to be visible to the outside world through the firewall. Second, when the server operating system is installed, some unnecessary services will be started, which will not only occupy system resources, but also increase the security risks of the system. Services that are not used for a period of time can be completely closed; for servers that are used during the period, do not need services, such as Telnet. In addition, you must disable the TCP port that is not necessary. For example, TCP/IP port 80 is used for HTTP Communication, so most people may not want to block this port. However, port 81 is usually not used, so it should be disabled. We can find the UU table for each port on Intemet. We can clearly close some ports that are not commonly used.

 

　3. SQL SERVER security protection.

 

First, you must use the Windows Authentication mode. Whenever possible, you should require the Windows Authentication Mode for connection to the SQL Server. It protects SQL Server from most Intemet tools by limiting connections to Microsoft Windows users and domain user accounts, and the Server will also benefit from the Windows security enhancement mechanism, for example, stronger authentication protocols and forced passwords are complex tokens and expiration times. In addition, creden delegate the ability to bridge creden between multiple servers can only be used in Windows Authentication mode. On the client, password is no longer required for Windows Authentication mode. Password Storage is one of the major vulnerabilities in applications that use standard SQL Server to log on. Next, assign a strong sa password. The sa account should have a strong password, even on Servers configured to require Windows authentication. This will ensure that no blank or fragile sa will appear when the server is reconfigured as a hybrid authentication.

 

4. Back up data and protect backup tapes.

 

 

 

Back up the server on a regular basis. To prevent unknown system faults or users' improper operations, you must back up the system safely. In addition to backing up the entire system every month, you should also back up the modified data in a timely manner. At the same time, you should store the modified important system files on different servers so that the system can be restored to normal in time when the system crashes (usually hard disk errors. Generally, backup starts at about or later, and the end time is also midnight. The duration of the entire backup process depends on the amount of data to be backed up. However, if someone steals the backed up tape late at night, this time will be the best time. To avoid such a human event, we can encrypt the data by encrypting the tape and the backup program. Second, you can set the backup program to be completed within the working time of the second day. In this way, the loss caused by manual theft of backup tapes can be avoided. Because the tape is forcibly taken away from the backup, the data on the tape is of no value.

 

Data is so important that security measures are essential. Data protection should be implemented for servers, systems, files, and databases. We recommend that you use multiple backups for data backup. There are three backup modes available for multiple backups: hosting, plug-ins, and clients. For Linux, unix, and windows systems, users can select multiple backup clients for backup. The client adopts the advanced backup mode and supports backup within the firewall and TB-level data backup, specifies dozens of advanced functions such as file recovery. The file and database content can be managed or backed up by plug-ins, which is easy to understand. The backup time and frequency are even more intimate to users.