How can enterprise Servers be used more securely? Individuals are summed up in the following points.
First, enhance the overall security of the network
Many network management often in the maintenance of cyber security there is such a misunderstanding, that as long as the server to make a good patch, the installation of protective wall, the operating system regularly upgrade can sleep without worry. In fact, many hackers and viruses do not directly attack the server, but by invading other computers as a springboard to attack the entire network. At present, many networks are managed by domain, and once a hacker or virus successfully invades a computer that has a trusting relationship with the server, attacking the server from this computer will become very simple. So the security of the whole network should be considered from the fundamental.
The first is the security management, from the management point of view, the use of rules and regulations and other textual material norms, constraints on the behavior of computer networks, such as prohibiting employees to download illegal procedures, prohibit network administrators outside the center room, improve the network administrator's duty system and so on.
Next is the security technology, from the technical point of view, using a variety of software and hardware, a variety of techniques and methods to manage the entire computer network, anti-virus software and firewalls to secure the network.
These two aspects are indispensable, imagine if only the security technology support and in the rules and regulations do not have any constraints, even if just start safe to do in place, but employees feel free to download illegal software, casually off the protection of anti-virus software, the entire network security is a fake. But with strict regulations and no technical support, viruses and hackers can easily hack through network vulnerabilities. Therefore, security management and security technology are mutually reinforcing, network administrators have to grasp both of these aspects, the strength must be hard.
Second, strengthen the server local file format security level
The server is currently using Windows 2000 or later, so at the level of security, you need to take advantage of the user Rights feature provided by Windows Server, and individually set the special usage rights of the access server for each user's characteristics. This avoids the security implications of using Unified Access server permissions.
In order to ensure the security of the server first to make a fuss in the local file format, the FAT format will be converted to a higher safety factor NTFS file format. After all, for hackers, the data stored in the FAT format partition is more accessible and more vulnerable than data stored in NTFS-formatted disk partitions, and all security software and encryption software are currently in NTFS format, and the fat format is very weak.
It is also best to use specialized network inspection software to monitor the operation of the entire network, in particular the "illegal intrusion" and "operation of the server" Two aspects of the report, The author of the company used Iislock to monitor the normal operation of the Web server and MRTG to detect the entire network traffic.
Third, regular backup data
Data protection is a very important problem, perhaps the server's system does not crash but the data stored in the loss, this situation caused by the loss will be greater, especially for the database server may be stored for several years of valuable data. How can you effectively protect your data? Backup is the only option. Previous backups of the data were taken to create a backup folder on the server, or even to create a backup area. However, the backup method has a very big disadvantage, that is, once the server's hard disk problems, all partitions of data will be lost, so backup is not guaranteed. According to the "Don't put all the eggs in the same basket" theory we should use separate specialized equipment to preserve these precious data.
This method of cross-backup is very popular over a period of time when you use B server to save data for a server while saving B server files with a server. There is also an effective way to use tape to preserve precious data, but this investment will be relatively large.
In the case of the backup method used, the backup method is saved through the NAS, the individual NAS devices are connected to the network, and the precious data is written to the NAS's hard disk periodically by the tool, because the NAS device uses the RAID method to make the data redundant. So the data gets the best guarantee.
However, data backup also has a huge security vulnerability, because the backup of good data can also be stolen, so when the backup media should be effective password protection, if necessary, also need to use encryption software to encrypt the data, so that even if the data is stolen there is no data leakage problem.
How to protect Enterprise Server security