No matter what operating system you are using, there are always some general suggestions for enhancing system security. If you want to reinforce your system to prevent unauthorized access and unfortunate disasters, the following preventive measures will certainly be of great help to you.
1. Use a password with a high security factor
One of the simplest and most effective ways to improve security is to use a password that is not easily guessed by a brute-force attack.
What is a violent attack? Attackers can use an automated system to guess the password as quickly as possible, hoping to find the correct password soon. Use special characters and spaces, and use uppercase and lowercase letters at the same time. Do not use words that can be found in the dictionary. Do not use a pure digital password, it is much harder to crack this password than to use the name of your mother or your birthday as the password.
In addition, you should remember that each time you increase the length of your password by one character, it will increase the combination of your password characters at a multiple level. Half of the passwords with less than 8 characters are considered to be easily cracked. You can use 10 or 12 characters as the password. It is better to use 16 characters. If it is not too long and difficult to type, it is safer to keep your password as long as possible.
2. Complete boundary protection
Not all security issues occur on the system desktop. Using an External Firewall/router to help protect your computer is a good idea, even if you only have one computer.
If you consider low-end, you can buy a Broadband Router device, such as a router that can be purchased from the Internet. For high-end scenarios, you can use enterprise-level security devices such as network management switches, routers, and firewalls. Of course, you can also use a pre-encapsulated Firewall/router installer to create your own protective device. Proxy servers, anti-virus gateways, and spam filter gateways also help achieve very powerful boundary security.
Remember, in general, in terms of security, the Network Management Switch is better than the hub, and the router with address translation is better than the switch, and the hardware firewall is the first choice.
3. upgrade your software
In many cases, it is critical to perform a patch test on the system before you install and deploy the productive application software. The final security patch must be installed in your system. If the security upgrade is not performed for a long time, the computer you use may easily become the target of an immoral hacker. Therefore, do not install the software on a computer that has not been updated with security patches for a long time.
The same situation applies to any pattern-based malware protection tool, such as anti-virus applications. If it is not updated in a timely manner, the current malware feature definition cannot be obtained, the protection effect is compromised.
4. Disable unused services
In most cases, many computer users do not even know which services can be accessed through the network on their systems. This is a very dangerous situation.
Telnet and FTP are two common problem services. If your computer does not need to run them, disable them immediately. Make sure that you understand what each service running on your computer is and why it is running.
In some cases, this may require you to know which services are very important to you so that you will not make errors such as disabling the RPC service on a Microsoft Windows computer. However, closing services you actually don't need is always the right idea.
5. Use Data Encryption
For computer users or system administrators with security awareness, data encryption ranges of different levels can be used. The correct level of encryption is usually determined based on the actual situation.
Data Encryption covers a wide range of fields, from the use of cryptographic tools to encrypt files one by one, to the file system encryption, and finally to the entire disk encryption. Generally, these encryption levels do not include encryption on the boot partition, because it requires decryption help from specialized hardware, but if your secret is important enough and worth the money, you can also implement this encryption for the entire system. In addition to partition encryption for boot, there are also many solutions to meet the needs of each encryption level, including commercial proprietary systems, it also includes an open-source system that can encrypt the entire disk on every mainstream desktop operating system.
6. Protect your data through backup
Back up your data. This is one of the most important ways to minimize your loss in the face of disasters. Data redundancy policies can include simple and basic regular copying of data to CD, and complex Regular automatic backup to a server.
7. Encrypted sensitive communication
It is very common to use a password system to protect communications from eavesdropping. Software that supports OpenPGP protocol for emails, Off The Record plug-in for instant messaging clients, and encrypted channel software that maintains communications using security protocols such as SSH and SSL, and many other tools can be used to easily ensure that data is not threatened during transmission.
Of course, in personal communications, it is sometimes difficult to persuade the other party to use encryption software to protect communications, but sometimes this protection is very important.
8. Do not trust external networks
In an open wireless network, for example, in a local coffee with a wireless network, this concept is very important. If you are very cautious and cautious about security, there is no reason to say that you cannot use this wireless network in a coffee shop or some other untrusted external network. However, the key is that you must use your own system to ensure security. Do not trust that the external network is as secure as your own private network.
For example, in an open wireless network, it is necessary to use encryption measures to protect your sensitive communication, including when you connect to a website, you may use a login session cookie for automatic authentication, or enter a user name and password for authentication. Also, be sure not to run network services that are not necessary, because if there are unpatched vulnerabilities, they can be exploited to threaten your system. This principle applies to Network File System software such as NFS or Microsoft CIFS, SSH servers, Active Directory Services, and many other possible services.
Check your system from both the internal and external aspects to determine if there is any chance to be exploited by a malicious Security hacker to threaten the security of your computer and ensure that these access points should be disabled as much as possible. In some respects, this is just an extension of the two security recommendations of disabling unwanted services and encrypting sensitive communications. When using external networks, you need to be more cautious. Many times, to protect yourself in an external untrusted network, you must reset the security configuration of the system.
9. uninterrupted power supply
If you only want to avoid file loss during power outages, you may not want to purchase UPS. in fact, we recommend that you use UPS for more important reasons, such as power adjustment and file system damage. For this reason, make sure that your operating system will remind you when it will shut down, so that you will not be at home when the power supply is exhausted, make sure that a UPS instance provides power adjustment and battery backup.
A simple surge protector is not enough to protect your system from the destruction of "dirty electricity. Remember, UPS plays a key role in protecting your hardware and data.
10. monitor whether the security of the system is threatened and intruded.
Never think that, because you have taken a series of security protection measures, your system will not be infiltrated by the Security breaker. You should set up some types of monitoring programs to ensure that suspicious events can quickly attract your attention and allow you to track and determine whether it is a security intrusion or a security threat. We not only need to monitor the local network, but also conduct integrity audits and use some other local system security monitoring technologies.
Depending on the operating system you use, there are many other security precautions. Some operating systems have larger security problems due to design reasons. Some operating systems allow experienced system administrators to greatly improve system security. However, whether you are using open-source operating systems such as Microsoft Windows and Apple Mac OSX, or Linux and FreeBSD, when you are reinforcing their security, the above suggestions must be kept in mind.