Ten factors for server security check

Introduction: This article will introduce the elements and precautions for security checks when evaluating and checking server security in the application of Microsoft Windows OS servers. My intention is to improve the security awareness of Chinese enterprises, as well as personal security awareness and the security technology level of server management personnel. I will do my best to create a green security network environment.
 
Ten elements of server security check:
(Note: the points mentioned in this article are aimed at Win 2 K, Win Server 2003 and other Win system Server platforms. Unix and Linux are not covered in this article. Therefore, this article is a summary of the elements, technical details are not involved in some areas. The detailed technical details are described in other articles of the author ...)
 
I. Basic Security Policy deployment purpose: "minimum permission + minimum application + minimum settings + daily check = maximum security" (minimum permission refers to the minimum permission for various services and applications to run; the least Application means that the server only installs the necessary application software and programs. The most detailed setting means that the application security policy must be well-rounded and careful; routine check refers to routine maintenance of servers, such as routine check, system optimization, cleaning of temporary junk files, and analysis of Log data .)
 
Ii. Operating System Security: "Are all system patches completely updated to the latest version? If it is not a special reason, you can set the patch update to automatic. Have you corrected or compensated for some known or unknown vulnerabilities and risks in the Win system? For example, using ACLs to control key commands and services, downgrading the default running permissions of services or applications on some servers, preventing Overflow attacks, and elevation of permissions (note: for more information about anti-overflow, see the author's previous article: Anti-overflow anti-Privilege Escalation solution.
 
Iii. Password/password security: "Are all system passwords, as well as various applications and services, Web and databases powerful passwords? Here, I suggest you use escape characters whenever possible when using passwords, because escape characters are difficult to crack and directly read. Or use the encrypted string as the password. For example, "Leebolin $) ^_^ 1688! ."
 
Iv. WEB server security: "includes 1. IIS security, as well as the high security of user settings, as well as the security of virtual hosts, the ACL for reading and writing web directories, and the use of script permissions... I will not describe it here. Readers who do not quite understand it can go to the server security forum to refer to my previous articles on Web security, such: FSO, ASP, Webshell, and ASP.. NET Trojan and Webshell security solution. 2. Extend the security of scripts or three Web servers, such as enhancing the security settings of PHP and enhancing the security of Apache, TomCat, and Resin ). 3. If necessary, start the SSL connection of the WEB service to enhance security ."
 
5. TCP/IP protocol related: "1. TCP/UDP port security; 2. ACLs Access Control List; 3. firewall security policies; 4. NetBIOS, IPX, ICMP, and IGMP
Protocol Security "(for details, go to the relevant forum of the server security forum to view relevant articles and tutorials to ensure the security of TCP/IP protocol applications. For example, Disable ICMP and modify the Registry to enhance the system's ability to compete against SYN, ICMP, IGMP, and other attacks, and using IPSec, Firewall, TCP/IP Filter, and other common trojan ports and insecure protocols) This article author: Li Bolin, English name: LeeBolin. (AD ^ _ ^: The game blade is on the edge of the Technical Ghost God to create a server security myth! Pioneer in the Internet revolution! Server Security Forum [S.S. D. A] www.31896.net)
 
6. Database Security: "1. If you use an SQL Server database, ensure SQL security: delete dangerous extended stored procedures, such as xp_mongoshell, Xp_regaddmultistring, Xp_regdeletekey, Xp_regdeletevalue, Xp_regenumvalues, xp_regread, Xp_regwrite, and limit. Do not run SQL SERVER with system privileges; if you use MySQL, perform related security. 2. Use the latest software version for the database server. If SQL 2000 is used, use Sp4. 3. If the database server does not require external connections, it is recommended that TCP1433/TCP3306 and UDP1434 be disabled ." (For details, please refer to the relevant information. We will not detail it here) if there is no database server, skip this item ..
 
VII. Mail Server Security: "1. Whether you select the software, we recommend that you use the new version... There are too many vulnerabilities in the old version, such as attacks caused by the previous N vulnerabilities of Imail overflow and permission escalation in three places. 2. the email server performs Anti-Spam and server optimization ." (For details, please refer to the relevant information, which will not be detailed here) if there is no email server, skip this item ..)
 
8. FTP server security: "1. FTP servers are of course required by General WEB servers. Microsoft's iis ftp and Serv-U are common in Win. 2. If Serv-U or other third-party FTP server software is used, ensure the new version and reinforce the security settings. For example, you can control the upload and download permissions of each user in detail, change the default FTP connection port, and use the SSL and password connection method to limit the number of FTP connections to prevent attacks and crack attacks. 3. If you use the FTP provided by Win, add a strong password to the User used by FTP, and use the NTFS ACLs to strictly control the FTP site directory ..." (For details, please refer to the relevant information, which will not be detailed here) if there is no FTP server, skip this item ..)
 
9. other third-party security: "1. Install as few third-party software as possible on the server. 2. ensure the security of all third-party software on the server, update and upgrade the software in time... 3. Ensure the security of personal computers that often remotely connect to the server. 4. ensure the security of the network operating environment of the data center. 5. Do not open webpages or QQ on the server unless necessary; it is best to avoid external connections from the server. 6. Try not to run unknown programs on the server. The server is not a testing machine. 6. If your server security is poor, you 'd better install a good anti-virus system and update the virus database in time; add a firewall and set security rules. "
 
10. Secure data backup and security system: "establishes a sound server data backup mechanism to ensure disaster recovery in the event of any accident. And establish a good system for routine security maintenance and security maintenance of servers, and the responsible persons are responsible for implementation. There are regular staff to check the servers ."
 
Note: here we will briefly introduce the general security elements that I pay attention to when conducting server security checks. In the next article, we will launch a series of articles on server security, network security, and electronic information security solutions... In fact, server security is a general concept. It is far more than that. It is possible that you may make your website, or even the entire server, fall down with a slight negligence when applying security policies. Therefore, security policies must follow the principle of preventing problems before they occur and eliminating risks and hidden dangers in the bud, I cannot be careless in any small part of the world. Today I will introduce the "Ten factors of server security check" to you...