How can enterprises improve Intranet server security?

Informatization has become more and more widely used for enterprises. The convenience and speed of Informatization Office have improved the competitiveness of enterprises. However, although the Server Edition information system provides a good platform for collaboration among employees, it also has a negative impact, such as security risks. For this type of content, I will provide you with five suggestions to improve the security of Intranet servers.

Suggestions for improving Intranet server security 1: use virtualization technology to avoid interference between multiple applications

An enterprise may have multiple information applications. Such as Office Automation System and expense reimbursement system. However, for ease of management and project cost saving, we usually deploy multiple applications on one server. However, in this case, some security risks may occur. For example, if the OA automation system is attacked by viruses, Trojans, and other such attacks, it may be affected to other information management systems such as reimbursement of expenses on the same server. Therefore, there is a balance between security and cost.

I suggest that you use virtualization technology to avoid interference between multiple applications. For example, you can use the virtual CPU technology. Divide several independent spaces on the server CPU for multiple information systems. At this time, even if the office automation system is attacked by viruses, leading to overload of CPU load, it will not affect other information management systems on the same server. This is mainly because virtualization technology limits the resources that an application can use. Each application can only use server resources within a specific range. In this way, applications on the same server can be provided with a relatively independent environment to ensure that they do not interfere with each other.

Improve Intranet Server Security Recommendation 2: Use the NTFS file system to provide file-level security

Microsoft operating systems are widely used on internal servers of enterprises. In Windows, the Supported file formats include FAT32 and NTFS. We recommend that you use the NTFS file system. As compared with the FAT32 file system, the NTFS file system provides additional security performance. For example, the NTFS file system provides a disk quota mechanism. This function can be used to limit the disk quota of each application on the server to prevent the disk space occupied by an application from affecting the running of other applications.

Another example is that the NTFS file system can separately set access permissions for any disk partition. In this case, the user can separate the sensitive information and server information to prevent different disk partitions. If there is a file server, the administrator can set different permissions for different users through the NTFS file system. For example, users in other departments cannot view or read files of their own departments, but cannot modify or delete files. This maximizes the security of enterprise files.

You can also restrict the permissions of operating system files and application data files. For example, some enterprises have OA system administrators and operating system administrators. IT personnel work in different ways. In this case, you need to set different permissions for them. To prevent their work from inadvertently affecting the configurations of other systems. The NTFS system can also ensure the independence of each system.

Improve Intranet Server Security Recommendation 3: Disable unused services and ports

By default, many ports are opened after the server operating system is deployed. Such as port 21 and port 80. However, in practice, these ports are not needed at all. If these ports are opened, it seems that the door of the house is not closed, which may cause a large security risk. To improve server security, you need to disable unnecessary ports and servers.

In either Windows or Linux, many services and ports are not needed. If you want to deploy a file server in a Windows operating system, port 21 is useless. Security personnel need to pay attention to these unnecessary ports. Do not consider the default port opened by the system as a security risk. This is a very serious misunderstanding. The seemingly useless ports can provide attackers with a lot of sensitive information. Such as the operating system type and deployed application. Here is a simple example. If attackers know that the server has opened port 69, they can determine that the server is likely to use a similar operating system such as Linux. This is mainly because this port is used by the TFTP service by default. This service is not enabled in Windows by default, and will be installed and started in Linux. Understanding the operating system information is the first step to attack the server. This inconspicuous port information provides attackers with information about the operating system.

There are many similar cases. For example, Telent services are often not used. The administrator needs to evaluate the ports and services enabled by the system before the Jiang server is put into the production environment. It is best to disable unnecessary ports and services. You can enable it when necessary.

Suggestions for improving Intranet server security 4: Back up data

The sky is unpredictable. Even if the server's security system is designed best, vulnerabilities are inevitable. The author believes that it is very important to improve server security and back up relevant data. Although this trick is relatively old, it is very practical. Even if the server is stolen or the hard disk is physically damaged, you only need to carefully back up the server.

I have three suggestions for data backup.

First, data backup includes three parts. The first content is information at the operating system level, such as configuration information and system policies. The second content is application configuration information, such as database optimization. The third content is the data file of the application. Only the third content needs to be backed up every day. You can use the differential backup policy. The other two items require instant backup after changes. There is no need to back up data every day.

Second, remote backup is required if conditions permit. If you back up data on a local hard disk, the data cannot be recovered when the disk is physically damaged or stolen. For this reason, remote backup is required if the server data is allowed. Generally, data is first backed up to a local hard disk. Then copy the data to a place other than the server. This is like a double insurance policy for the server.

The third is to back up different applications separately. For example, there are email servers and database servers on one server. During the backup, is the data of the two systems backed up at the same time, or is the data backed up separately for different applications? The latter is recommended here. If the mail is lost and the data on the database server is not damaged, you only need to restore the data on the mail system, instead of the data on the database server. It is also relatively simple to achieve this requirement. For example, you can use the backup function provided by the application to back up data. Or, virtualization technology is used to store data of multiple applications within a fixed range. Then backup and recovery are performed separately.

Improvement of Intranet Server Security Recommendation 5: guard against internal user damages

Most enterprises have blind spots when designing internal server security. They focus too much on external security and ignore the threats of internal users. In fact, based on my experience, many security threats are caused by unintentional internal users. Here is a simple example. You can copy a file from your home host or your hotel computer to the file server through a USB flash drive or other devices. This file may be infected with viruses. At this time, this file is directly copied from within the enterprise to the file server, so it has not been detected by the firewall. When other users open this file, the virus can spread in the internal network of the enterprise.

Therefore, when designing internal server security, you need to pay attention to the security threats that internal users pose to the server. Disable these mobile devices if appropriate. Or, you can force a task to disinfect the newly added files. Do not allow viruses and Trojans.