Several security operations must be done after the server is installed

Enterprise 2020-11-15 10:37:03 views: null

For Windows systems:
1. Be sure to turn on the system's built-in firewall and close high-risk ports such as 445, 135, 137, 138, and 139.
2. There is usually a remote desktop requirement and port 3389 needs to be released. It is best to modify the default 3389 as Other ports, then release
3. If the system is installed with a database system, it is best to close related ports, such as mysql 3306, sqlserver 1433, etc. If there is a need to open the database port, it is best to modify the default port. Then the firewall
allows you to set a complex default administrator password, such as mixed numbers, letters, special characters, and longer passwords, and avoid using personal information such as phone numbers and birthdays.
5. Open the system update, only check the important update, and it is best to choose to download only the update, install the update manually, and then manually update the patch on the server from time to time according to the actual situation. Generally, you need to restart the server to take effect.
6. Installing one is more popular The security and anti-virus software that I think is more reliable
7. If possible, check the system log from time to time to find some security problems and deal with them in time

For Linux systems:
1. The firewall must be turned on and the policy must be made to only release the necessary ports. For the ports that must be released, it is recommended to modify the default value and then release, such as 22 port
3, if possible, you can only release One, a few or a certain network segment IP remote login3
, set a more complex root password, or directly turn off the password login, use the public key
to log in4, check system related logs from time to time, such as messages, lastlog, auth .log etc., find some clues in time

Finally:
1. Try to open as few ports as possible, if you must open, try to modify the default value, and then release.
2. For installing software, try to download from the official website to avoid software poisoning and backdoor
3. For uploading files, it is best to check and kill first, try to ensure that the files are clean.
5. Cooperate with hardware security products, such as firewall, ids, ips Category
6, Deploy a monitoring system, do a good job of monitoring and alert
4, improve prevention awareness, avoid dangerous operations, and beware of being social workers

Guess you like

Origin blog.51cto.com/3823536/2550938
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com