How to deal with malicious attacks on the web?

The malicious network behavior of the network server includes two aspects: first, malicious attacks, such as denial of service attacks, network viruses, etc., which are designed to consume server resources, affect the normal operation of the server, or even the network paralysis of the server; the other is malicious intrusion, This behavior will cause the server sensitive information leakage, the intruder is able to do whatever, wanton destruction of the server. So we want to ensure that the security of the network server can be said to minimize the network server is affected by these two behaviors.

The current article is mainly based on Windows to do operating system servers. Here are just a few personal comments about maintaining the security of a Windows network server.

Users to access a Web site, first to the DNS server domain name resolution to an IP, and then access to an IP server. So theoretically it should be a three-tier defense system. One layer is the DNS domain name server, the second layer is CDN node server, and the third layer is the Web server. In general, DNS is provided by the domain name provider, but the resolution occurs frequently, the domain name provider's approach is often directly shielding the domain name method to solve, but the site operators are most afraid of this should be the case. Control is not in their own hands, but resigned. So this link is best to find a security with the DNS domain name server provider, such as resources such as small domain name provider is absolutely not selectable, million network for small or medium traffic can still, but the large flow of still have to find a suitable home.

(a) Build your hardware Security defense system

Choose a good security system model. A complete security model should include the following necessary components: firewalls, intrusion detection systems, routing systems, and so on.

The firewall plays a security role in the security system, can guarantee to a large extent from the network of illegal access and data traffic attacks, such as denial of service attacks, intrusion detection system is to play a role in the monitor, monitor your server access, very smart to filter out those with intrusion and attack nature of the visit.

(ii) Use of the English operating system

To know that Windows after all American Microsoft stuff that and Microsoft's things have always been known as bugs and Patch, the Chinese version of the bug far more than the English version, and the Chinese version of the patch has always been more than the English version of the night, that is, if your server is installed in the Chinese version of the Windows system, After Microsoft leaks, you'll need to wait a while to patch it up, and maybe hackers and viruses will use this time to invade your system.

　　How to prevent a network server from being hacked:

First of all, as a hacker admirer, I would like to say that there is no absolute security system in the world. We can only try to avoid being invaded, and to the greatest extent to reduce casualties.

(i) using the NTFS file system format

As we all know, the file system we usually use is fat or FAT32,NTFS, which is supported by the Microsoft Windows NT kernel's series of operating systems, and a disk format designed specifically for network and disk quotas, file encryption, and other management security features. In the NTFS file system, you can set access permissions for any single disk partition. Place your own sensitive information and service information on separate partitions. This way, even if hackers gain access to the disk partitions where your service files are located, you need to find ways to break the security settings of the system to further access sensitive information that is stored on other disks.

(b) Do a good job of system backup

As the saying goes, "preparedness", although no one wants the system suddenly destroyed, but not afraid of 10,000, just in case, make a good server system backup, in case of damage can also be timely recovery.

(iii) Closure of unnecessary services, opening only the port

Shut down those services that are not necessary and do local management and group management. Windows system has many default services that are not necessarily open, or even dangerous, such as: The default shared Remote registry access (Registry service), the system a lot of sensitive information is written in the registration table, such as pcanywhere encryption password.

Close those unnecessary ports. Some seemingly unnecessary ports can disclose sensitive information about many operating systems to hackers, such as the IIS services that Windows Server defaults on to tell each other that your operating system is Windows 2000. Port 69 tells the hacker that your operating system is most likely a Linux or Unix system, because 69 is the port used by the default TFTP service under these operating systems. Further access to the port can also return some information about the software and its version on the server, which provides a great help for hacking. In addition, open ports are more likely to become hackers into the server portal.

In short, do a good job of TCP/IP port filtering not only helps prevent hackers, but also to prevent the virus has some help.

(iv) Software firewalls, anti-virus software

Although we already have a hardware defense system, but a few more "bodyguards" is not a bad thing.

(v) Open your event log

Although opening the log service does not directly affect the hacker's intrusion, but by recording the whereabouts of the hackers, we can analyze what the intruders have done on our system, what damage and hidden problems the system has caused, and what kind of backdoor the hacker has left on our system. What security vulnerabilities are there in our servers, and so on. If you are a master, you can also set up a secret tank, waiting for hackers to invade, in his invasion when he caught him.