Server Security Strategy Analysis

The number of servers in the enterprise data center is increasing, which is not only difficult to maintain, but also faces severe security challenges. For example, if the master Domain Server, ERP server, proxy server, and email server Web server are lost, the operation of the entire company may be greatly affected. Creating secure, stable, and efficient servers is the main task of managers. I will share with you my experience in server security and hope to help you.

1. Anti-Virus Software

Needless to say, the danger of no anti-virus software installed on the server can be avoided. If a file server is poisoned, many computers that use it for data transfer may be infected. Therefore, it is necessary to install anti-virus software on the server. It is best to use professional Anti-Virus Software specially designed for the server. (Figure 1)

498) this. style. width = 498; ">

2. Services belong

Generally, the company's services include active directory service, DHCP eye service, DNS service, file service, email service, ERP service, WSUS service, IIS website service, and proxy service, there will also be oA services, fax services, FTP services, etc. In theory, these services should all use separate servers, but sometimes to facilitate management,

Two or more services are installed on one server.

This is not desirable. For example, many companies use IIS as the website server. However, around the world, IIS is the most vulnerable among Microsoft components, and a vulnerability will be published every time. Many attackers attempt to destroy and attack it through the CGI vulnerability scanner. If the primary domain or other key servers and IIS are enabled one by one, internal data is completely exposed to intruders. In addition, multiple services provided by a single server will also increase the load on the server itself, slow speed or other strange symptoms may occur. Therefore, the author suggests separating services and simplifying them. (Figure 2)

498) this. style. width = 498; ">

3. Partition format

The partition format of the server is basically NTFS, mainly because it has a powerful security control mechanism, and the support function for large hard disks is incomparable to that of FAT32. If the hard disk partition is in the FAT32 format, convert it,

You only need to use the command: Convert c: fs: ntfs to Convert the c disk to the NTFS format. However, there is one drawback of using this conversion method, that is, the blue screen will appear when the Windows Patch is installed after the conversion. If you have some questions and energy, you 'd better reinstall the system and format the partition into NTFS format during installation. This is the top choice. (Figure 3)

498) this. style. width = 498; ">

4. User Account

Some accounts are enabled by default at the initial stage of Server Installation. Many of these accounts are useless, and even exist as threats to system security, such as Guest accounts. This account is fully used by hackers. Many tools can easily escalate the Guest account to the Administrator group. Once the entire network is broken, there will be no system security. Therefore, the account and password should be strictly protected. It is best to do the following:

(1) Close the Guest account.

(2 ). to change the name of the Administrator account, it is recommended that you use a common name that is not easy to expose the target, and create another two Administrator accounts for immediate use. However, the permissions of these accounts must be strictly controlled, do not authorize the entire server if necessary.

(3) In view of the increase in brute force password cracking techniques and speed, the password complexity must be high, preferably more than 10 characters, including letters, numbers, and special characters at the same time.

(4 ). change the password every two weeks or one month, review the account in the log at the same time, check whether the account password has been maliciously attempted to break through, and set the number of locks in the account attributes, the account is locked when the number of failed logon attempts exceeds three.

These operations are simple, but if you have to stick to them for years, not everyone can do it. However, if the problem persists, the loss of accounts and passwords can cause a fatal blow to the entire network system. (Figure 4)

498) this. style. width = 498; ">

5. Related ports

The port is the logical interface connecting the server and the client, and the first path of the server. The security of the port directly affects the security of the server. For example, if the scan result shows that port 69 is open, your operating system is very likely to be a Linux or Unix system, and hackers will abandon the Windows mode and switch to the Unix system mode to initiate an attack. Therefore, it is safer to open only the port used by the Service as needed. (Figure 5)

498) this. style. width = 498; ">

6. Security Audit

Server review is critical. Through Review logs, the network management system can easily identify system intrusion behaviors, abnormal trends, and other information. However, review is skillful. Too many review projects will occupy a lot of system resources, and the network administrator will not be able to view them at all. If there are too few review projects, you will not be able to know the information you need, such review is meaningless. Therefore, you need to set the project to be reviewed based on the server requirements.

For example, the Terminal Service server that provides remote services, in general, we only need to review the logon and logout events to check whether someone has logged on illegally. For example, the Exchange server that provides the mailbox service needs to monitor and review the recipients, senders, times, and attachments. If a virus exists on the server, it is easy to find it through monitoring records. Of course, in order to reduce the burden on the server and make it easier for the Administrator to view the information of each server. (Figure 6)

498) this. style. width = 498; "> 7. Permission Configuration

The "permission configuration" mentioned here is mainly the permissions of the file server and Web server. For companies, many resources need to be read and written for sharing in order to divide labor and cooperation. "Read sharing" is better to say that the server will not be infected with viruses, and "Write Permission" is not so easy to control. Once the client is poisoned, when this machine accesses a shared folder, it is likely to write viruses to the server at the same time. This type of virus intrusion only relies on anti-virus software for passive detection. However, as a network administrator, active defense measures are still necessary.

(1). Use "group" for permission control as much as possible.

(2) Assign the minimum permissions as much as possible based on user requirements.

(3). the permission is accumulative and belongs to multiple groups. Try not to authorize the permission repeatedly.

(4) because the permission to be denied is higher than the permitted permission, the permission to be denied must be used properly. Any unreasonable rejection may cause the sharing to fail. (Figure 7)

498) this. style. width = 498; ">

8. Disable shared resources

Almost all servers except file servers do not need to share resources. Therefore, to prevent criminals from using sharing to initiate attacks, it is best to disable the sharing option:

(1) Open the "local connection" Property Window and remove the "file and printer sharing in Microsoft Network" item.

(2) Disable default share.

(3) disable the Server sharing service.

By disabling these network sharing channels, criminals will not be able to intrude into the server by sharing files. There is no intrusion means, so the security will naturally be improved. Also, disable or disable unnecessary features and protocols as much as possible. For example, a large number of ICMP data packets may form an "ICMP Storm", resulting in network congestion and traffic attacks. The "ICMP route announcement" can cause network connection exceptions between the client and the server, data is eavesdropped and stolen. You can modify the registry to prevent ICMP redirection packet attacks and disable the response to ICMP route notification packets.

In addition, deleting NetBEUI and the IPX/PX protocol that is about to exit the historical stage will also greatly protect the security of the server. In principle, as long as the server can provide the corresponding services, there will be fewer things to use. (Figure 8)

498) this. style. width = 498; ">

 

9. Strengthen data backup

Domain account data, Intranet email account data, Internet email account data, and ERP resource data. You do not need to talk about the importance of these data, to ensure data security, we need to increase the backup strength for the data. I suggest performing Incremental Backup every day and full backup every week to check whether the data backup is complete every month. When the data arrives at the designated size, burn the disc and make redundant discs to prevent improper data loss. Key data should be backed up redundant as much as possible, and the cost will not increase much, but data security can be greatly improved. (Figure 9)

498) this. style. width = 498; ">

 

10. Reserved address

The server address must be completely controlled and never attacked.