Server security protection measures

Specific measures for server security protection:

1. Start with the foundation and provide basic protection.

First, convert all the disk partitions on the server that contain sensitive data to the NTFS format. Second, whether it is Windows or Linux, any operating system has vulnerabilities, and patch the vulnerabilities in time to prevent them from being exploited by deliberate attacks. This is one of the most important guarantees for server security. Update all anti-virus software in a timely manner and run anti-virus software on servers and desktops. These software should also be configured to automatically download the latest virus database files every day. You can install anti-virus software for the Exchange Server. The software scans the emails of All streaming people to find infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

2. Set the firewall and disable unnecessary services and ports.

Firewall is an important part of network security because it isolates company computers from programs on the Internet that may damage them.

First, make sure that the firewall is not open to the outside world more than any necessary IP addresses. At least one IP address must be used for Internet communication. If there are also DNS registered Web servers or email servers, their IP addresses may need to be visible to the outside world through the firewall. Second, when the server operating system is installed, some unnecessary services will be started, which will not only occupy system resources, but also increase the security risks of the system. Services that are not used for a period of time can be completely closed; for servers that are used during the period, do not need services, such as Telnet. In addition, you must disable the TCP port that is not necessary. For example, TCP/IP port 80 is used for HTTP Communication, so most people may not want to block this port. However, port 81 is usually not used, so it should be disabled. We can find the UU table for each port on Intemet. We can clearly close some ports that are not commonly used.

3. SQL SERVER security protection.

First, you must use the Windows Authentication mode. Whenever possible, you should require the Windows Authentication Mode for connection to the SQL Server. It protects SQL Server from most Intemet tools by limiting connections to Microsoft Windows users and domain user accounts, and the Server will also benefit from the Windows security enhancement mechanism, for example, stronger authentication protocols and forced passwords are complex tokens and expiration times. In addition, creden delegate the ability to bridge creden between multiple servers can only be used in Windows Authentication mode. On the client, password is no longer required for Windows Authentication mode. Password Storage is one of the major vulnerabilities in applications that use standard SQL Server to log on. Next, assign a strong sa password. The sa account should have a strong password, even on Servers configured to require Windows authentication. This will ensure that no blank or fragile sa will appear when the server is reconfigured as a hybrid authentication.

4. Back up data and protect backup tapes.

Back up the server on a regular basis. To prevent unknown system faults or users' improper operations, you must back up the system safely. In addition to backing up the entire system every month, you should also back up the modified data in a timely manner. At the same time, the modified important system files should be stored on different servers, so that the system is often prone to hard disk errors when the system crashes), and the system can be restored to normal in a timely manner. Generally, backup starts at about or later, and the end time is also midnight. The duration of the entire backup process depends on the amount of data to be backed up. However, if someone steals the backed up tape late at night, this time will be the best time. To avoid such a human event, we can encrypt the data by encrypting the tape and the backup program. Second, you can set the backup program to be completed within the working time of the second day. In this way, the loss caused by manual theft of backup tapes can be avoided. Because the tape is forcibly taken away from the backup, the data on the tape is of no value.