Security and optimization of server rooms in Colleges and Universities

The school computer room is the hub of School Informatization. In order to ensure the normal operation of the computer room system, a series of preventive and optimization measures are required to address different security threats from various sources.

 Human threat

The computer room undertakes overload teaching tasks such as students' hands-on exercises in the classroom and after-school hands-on experiments. Due to the imperfect data center management system and the weak security awareness of students, some behaviors that damage the system intentionally or unintentionally occur during the computer process. If the hard disk is formatted or the system file is deleted, the operating system cannot be started. The process of the client program on the student end is forcibly terminated, which makes normal teaching impossible; use a USB flash drive that may contain viruses to quickly spread the virus.

Recently, the popular "robot dog" can bypass the traditional system protection card of the data center and directly write data to the hard disk. One important way to spread viruses such as "robot dogs" is to use mobile devices such as USB flash drives. The computer system in the IDC room should disable the "automatic playback" function and prohibit the use of removable devices. There are multiple ways to disable removable devices. you can disable the USB interface in the BIOS, but the USB mouse cannot be used. You can use system settings to hide unnecessary drive letters. Although the drive is automatically loaded after the USB flash drive is inserted, the USB flash drive can be blocked because it cannot be assigned to the drive letter.

To prevent students from intentionally ending the client process, you can use the modified Task Manager program to replace the original task manager of the system. You can only view the process but not end the process. To some extent, it can prevent students' malicious behaviors. Because the data center is a teaching place, the system should not be modified too much to avoid affecting normal computer operation functions.

 System threats

Windows operating systems and various applications also have security vulnerabilities. Hackers and virus programs often spread through security vulnerabilities, attack systems, and destroy data. Install the latest patches on the IDC system to prevent attackers from intruding into the computer system using these known security vulnerabilities. To facilitate patch updates for computers, you can install a local WSUS server to localize Patch Management and grasp patch updates for computer systems in real time.

In addition to patch updates, you can also use the permission system provided by the system to enhance security protection, and select a file system with a higher security level. Windows NT and later versions provide support for the NTFS file system. Compared with the FAT file system, the most important feature of the system is security, which allows administrators to set access permissions for files and directories, users can only perform operations according to the permissions granted by the system. The access settings not only prevent intruders, but also prevent viruses from being executed and installed, effectively protecting the security of the system and data. Set the security account and password. The Administrator is the default Administrator Account of the system. It is often the target of hacker attacks. Once the password is cracked, the entire system is not secure, creating an Administrator account with all permissions, changing the Administrator account name or deleting it, and disabling a Guest account without any security level is an effective measure to prevent attacks.

Internet Threats

The IDC accesses the Internet through the campus network, and the threats posed by network intrusion directly affect the security of the IDC. Nowadays, many websites have scripts for planting Trojans using IE Security Vulnerabilities. A large number of fraudulent download sites directly provide software downloads containing Trojans. You can also download hacking tools and malicious scripts on the Internet at any time. Even common computer users can use these tools to attack the network. Therefore, in addition to the latest patch, the computer system in the IDC must install effective anti-virus programs to create a virus database to update the server locally to facilitate updates to the virus database.

Various Specialized killing tools can be used for the current epidemic of "robot dogs" and "ARP attacks. To prevent internal users from downloading attack tools, you can use a firewall to restrict internal users from accessing the internet, disable special ports, and prohibit the downloading of executable files to prevent various possible damages.