Security preparations before hosting servers enter the IDC
Source: Internet
Author: User
Before the server is hosted in a data center, the system must be completed in advance. However, it is far from enough to enable remote control only by installing the system. In the first section, we talked about "hard security". Now, let's talk about "soft security". Experts should not look at it again, nor beat my enthusiasm, let alone despise me. The server has been infiltrated by hackers. Let's take a look at whether you have all these operations. 1. The operating system security may often be reflected by some friends. My server has been hacked again. The system must be prepared in advance before servers are hosted in the data center every week, however, it is far from enough to enable remote control by simply installing the system. In the first section, we talked about "hard security". Now, let's talk about "soft security". Experts should not look at it again, nor beat my enthusiasm, let alone despise me. The server has been infiltrated by hackers. Let's take a look at whether you have all these operations.
1. Operating System Security
Some may often say that my server is hacked again. I have to go to the data center for at least two times a week. What should I do? After the operating system is installed, install an anti-virus software immediately, upgrade the operating system patch, and upgrade the antivirus software virus library and feature library. At this time, you can never go around on the server. There are many viruses and trojans on the Internet. After the upgrade, you can quickly set basic security permissions, including permissions for each disk partition and directory, and even refine the Security Settings of related files. The specific permission settings will not be detailed here. Different operating systems and application directions have different permission settings. Do not move the course on the Internet. Otherwise, you will suffer.
2. Application Software Security
I suggest that you do not install software on your server that has nothing to do with your server, including Linux operating system for Windows. We recommend that you use the latest version of application software, such as the FTP Software Serv-U in the Windows operating system. We believe that in the case of server intrusion, more than 80% of the attacks are due to the fact that the Serv-U version on the server is too low and the intrusion is due to vulnerabilities in other places. A new version of the application is promoted for some reason.
3. website and database security
After writing the program, a friend directly uploads the program to the server and sets up the website. It does not matter if the client can access it. This is also a wrong practice. When writing a website program, the syntax and judgment of the program must be rigorous. After the database is installed, you must install the latest database patches and set basic permissions. After a website program is uploaded to the server, it must promptly set the permissions for the relevant directories. Although this does not guarantee the security of the entire server, it will at least greatly reduce the possibility of server intrusion.
4. anti-virus software and Firewall
Some may complain that my server is equipped with both anti-virus software and a firewall, and the server is hacked. It may be because your antivirus software is not configured or the virus database is not upgraded, or the firewall is not configured. My friends, including me, will make such a mistake. installing anti-virus software is like installing a common application. After the software is installed and restarted, it will not be taken care of. This is a bad habit, after anti-virus software is installed, update the virus database or pattern to the latest immediately after the server is restarted, and make some simple configurations, such as boot scanning, system scanning, or timed scanning. Installing an unupgraded anti-virus software is not much different from installing anti-virus software. Similarly, after the firewall is installed, you need to set it accordingly, such as disabling external computers from pinging the computer (in fact, this function is the most basic function of any firewall ), disable programs that are not commonly used for external connection (you must never add system updates or anti-virus software.
5. services and ports
After the system is installed for the first time, many services will be started. Some of these services are core services and some are unnecessary services. Similarly, a service is bound to open one or more ports.
After the system is installed, you can immediately disable unnecessary services and ports to enhance system security. Which services and ports need to be closed? You need to have a deep understanding and understanding of every service and common ports started by the system.
6. Others
The above five points do not mean that your server is completely secure.
The so-called wise man has to worry about it. According to the actual situation, different applications on each server adopt different security policies. At the same time, the security of each link is flexible. But as long as you grasp the most critical point, your server is relatively secure, that is, to open the least Service (port) as far as possible ).
The above is only a very small part of wired network security, as well as wireless network security. If you are interested, you can search for related articles on the Internet.
Now, you have completed some basic server security measures. You can have the data center staff mount your server and go back to remote control of your server. Network security is a huge system project, and the security of each link cannot be ignored. Similarly, it is a long-term and continuous process. server and network technologies are evolving with each passing day, and new vulnerabilities and hacker attack technologies are constantly emerging, this requires your server administrators and friends to constantly update and consolidate their knowledge bases in their brains. When they are free, they often go to security websites to check for the latest system and software vulnerabilities, when you are free, go to a security forum to make a bubble. In fact, it feels good!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.