1. Ensure that all servers use the latest system and install security patches. The Computer Emergency Response Coordination Center found that almost all systems under DDoS attacks were not patched in time.
2. Ensure that the Administrator checks all hosts, not only key hosts. This is to ensure that the Administrator knows what each host system is running? Who is using the host? Who can access the host? Otherwise, it is difficult to find out If hackers infringe the system.
3. Ensure that unused services such as FTP or NFS are deleted from the corresponding directory or file database on the server. Daemon such as Wu-Ftpd have some known vulnerabilities. Hackers can gain access to privileged systems through root attacks and access other systems-or even firewall-protected systems.
4. Ensure that all services running on Unix have TCP encapsulation programs and restrict access to the host.
5. Disable intranet connection to the PSTN system through Modem. Otherwise, hackers can discover unprotected hosts through telephone lines and immediately access extremely confidential data.
6. Prohibit the use of network access programs such as Telnet, Ftp, Rsh, Rlogin and Rcp, and replace them with PKI-based access programs such as SSH. SSH does not send passwords in plain text format on the Internet, while Telnet and Rlogin are the opposite. Hackers can find these passwords and access important servers on the network immediately. In addition, the. rhost and hosts. equiv files should be deleted on Unix. Because you do not need to guess the password, these files will provide logon access!
7. Restrict sharing of network files outside the firewall. This gives hackers the opportunity to intercept system files and replace them with a Trojan horse. The file transfer function will be paralyzed.
8. Make sure you have the latest network topology. This figure details TCP/IP addresses, hosts, routers, and other network devices. It also includes network boundaries, DMZ, and internal confidentiality of the network.
9. Run the port ing program or port scanning program on the firewall. Most events are caused by improper firewall configuration, which leads to a high success rate of DoS/DDoS attacks. Therefore, you must carefully check Privileged Ports and non-privileged ports.
10. Check logs of all network devices and host/server systems. As long as a log vulnerability or time changes, it is almost certain that the related host security is under threat.
11. Use the devices provided by the DDoS device provider.
Unfortunately, no network can be protected from DDoS attacks, but the measures mentioned above can prevent them.