Website server security maintenance skills (1)

Server maintenance is crucial. A slight loss will paralyze the entire network. Currently, malicious network attacks include: 1. Malicious attacks, such as denial of service attacks and network viruses, which consume a large amount of server resources, it may affect the server's speed and normal operation, or even paralyze the network where the server is located. Another type of behavior is malicious intrusion, which may cause leakage of sensitive information on the server. Intruders can do whatever they want, sabotage the server. To ensure the security of network servers, we should try to prevent the network servers from being affected by these two behaviors. This article introduces some website server security maintenance skills based on windows.

1. switch roles to simulate possible attacks

Most of the time, if we only think about the problem as a website maintainer, it may be difficult to detect website server vulnerabilities. On the contrary, if the maintainer can consider itself as a possible attacker, starting from their roles, he can speculate on the methods they may use to attack website server vulnerabilities, you may discover potential security vulnerabilities on your website server, so that you can fix them first to prevent Trojans or virus attacks.

Access your website server from the Internet, perform complete detection, and then simulate an attacker to attack your website. This is undoubtedly a good detection method for website security. Attackers can use appropriate scanning tools to scan website servers. Some items may not be taken seriously in daily life, but scanning is performed using tools commonly used by hackers, you will find some services or vulnerabilities that may be called by them. For example, when the website server is installed, the operating system will install and start some unnecessary services by default, or some services need to be started when the server is configured, but not closed in time afterwards, this leaves attackers with a chance to attack. (For example, the basic network maintenance protocol of the SNMP service). This service is enabled by default after the system is installed. However, this service can provide attackers with detailed information about the server system, such as the operating system used by the website server, the services enabled, and the corresponding ports, attackers only need to know the basic information to launch attacks. Security maintenance personnel may not find this problem in their daily work. If they use hacker scanning tools, they can find the problem. Therefore, when necessary, you can change the angle from the attacker's point of view and guess what attack means they will use to prevent the attackers from getting confused.

2. Reasonable permission Maintenance

Most of the time, a server not only runs website applications, but also runs network services such as FTP servers and streaming media servers. Using multiple network services on the same server may cause mutual infection between services. That is to say, as long as attackers attack a service, they can use relevant skills to attack other users. Attackers can use this service platform to attack other services from the inside. Generally, it is much easier to execute attacks from the inside than from the outside.

Some may say that different services can use different servers. Of course, this is a big waste, because in terms of performance, it is completely feasible to deploy Web Services, FTP services and streaming media services on the server at the same time. To this end, we use one server to run three services at the same time: one is the traditional website service; the other is the FTP service; the third is the streaming media service because the service is in the mms mode, streaming Media Servers can also be directly accessed on the Internet, so the same server is deployed. Because the selected server configuration is relatively high, running these three services is not too problematic, and the performance will not be affected. However, this poses a challenge for website security defenders: How can they ensure security and prevent mutual infection when two or more services are deployed on one server at the same time?

The common file system is FAT or FAT32. NTFS is a series of operating systems supported by Microsoft WindowsNT kernel. It is a disk format specially designed for management security features such as network and disk quotas and file encryption. In the NTFS file system, you can set access permissions for any disk partition separately, and store sensitive information and service information in different disk partitions. In this way, even if hackers obtain access to the partition of the disk where the service file is located through some methods, they also need to find ways to break through the system's security settings to further access sensitive information stored on other disks. We use the Windows2003 server. To achieve this security requirement, all the hard disks on the server are converted into NTFS partitions. Generally, NTFS partitions are much more secure than FAT partitions. Use the built-in functions of NTFS partitions to assign related permissions to them reasonably. For example, if you configure different maintainer accounts for the three services, different accounts can only access specific partitions and directories. In this way, even if a maintainer account is stolen, attackers can only access the storage space of a service, but not other services. For example, you can install the website service in partition D and the FTP service in partition E. If FTP account information is leaked and attacked, the FTP account does not have the right to read and write the partition D. Therefore, it does not perform any read/write operations on the content on the website server. This prevents hackers from adversely affecting the website server even if they have attacked the FTP server.

In addition, it is also a good method to limit the user's permission to log on to the network according to the employee's working hours. For example, employees in the previous day class should not have the permission to log on to the network in the middle of the night.