Malicious network behaviors to network servers include two aspects: one is malicious attack behaviors, such as denial of service attacks, network viruses, etc., these behaviors are designed to consume server resources, affect the normal operation of the server, and even paralyze the network where the server is located; The other is malicious intrusion, which will lead to the leakage of sensitive information on the server, and the intruder can do whatever they want to destroy the server. Therefore, we need to ensure the security of the network server, so to speak, to minimize the impact of the network server by these two behaviors.
The current article is mainly based on windows as the operating system server. The following are just some of my personal opinions on maintaining the security of Windows web servers.
To access a website, users must first go to the DNS server to resolve the domain name to a certain IP, and then access the server of a certain IP. Then in theory it should be a three-layer defense system. The first layer is the DNS domain name server; the second layer is the CDN node server; the third layer is the WEB server. Generally speaking, DNS is provided by the domain name provider, but when the number of resolutions is frequent, the domain name provider's approach is often to directly block the domain name to solve the problem, but this is what website operators are most afraid of. The control is not in their own hands at all, and it is left to fate. Therefore, in this link, it is best to find a DNS domain name server provider with security protection. Small domain name providers such as medium resources are absolutely not an option. Wanwang can still be used for small and medium traffic, but those with large traffic still have to find a home. suitable.
(1) Build your hardware security defense system
Choose a good security system model. A complete set of security model should include the following necessary components: firewall, intrusion detection system, routing system and so on.
The firewall plays a security role in the security system, which can largely guarantee illegal access from the network and data traffic attacks, such as denial of service attacks; the intrusion detection system plays the role of a monitor, monitoring the entrance and exit of your server , very intelligently filter out those visits with intrusion and attack nature.
(2) Select the operating system in English
You must know that Windows is, after all, something of Microsoft in the United States, and Microsoft’s products have always been known for having more Bugs and Patches. The Chinese version has far more Bugs than the English version, and the Chinese version of the patch has always been released later than the English version. , that is to say, if your server is installed with a Chinese version of the Windows system, after the Microsoft vulnerability is announced, you will have to wait for a while before patching. Maybe hackers and viruses will use this time to invade your system.
How to prevent your web server from being hacked:
First of all, as a hacker admirer, I would like to say that there is no absolutely secure system in the world. We can only try to avoid being invaded and minimize casualties.
(1) Using the NTFS file system format
As we all know, the file system we usually use is FAT or FAT32, and NTFS is a disk format supported by a series of operating systems of Microsoft Windows NT kernel and specially designed for network and disk quota, file encryption and other management security features. In the NTFS file system you can individually set access permissions for any disk partition. Put your own sensitive information and service information on separate disk partitions. In this way, even if hackers gain access to the disk partition where your service files are located through some methods, they still need to find ways to break through the system's security settings to further access sensitive information stored on other disks.
(2) Do a good job of system backup
As the saying goes, "Be prepared for anything." Although no one wants the system to be suddenly destroyed, they are not afraid of 10,000, but just in case, make a backup of the server system so that it can be restored in time in case of damage.
(3) Close unnecessary services and only open ports that should be opened
Close those unnecessary services, and do local management and group management. There are many default services in the Windows system that are actually unnecessary to open, and can even be said to be dangerous, such as: the default shared remote registry access (Remote Registry Service), many sensitive information of the system are written in the registry, such as pcanywhere's encrypted password, etc.
Close those unnecessary ports. Some seemingly unnecessary ports can indeed reveal a lot of sensitive information about the operating system to hackers. For example, the IIS service enabled by default on the Windows 2000 server tells the other party that your operating system is Windows 2000. Port 69 tells the hacker that your operating system is extremely vulnerable. It may be a linux or unix system, because 69 is the port used by the default tftp service under these operating systems. Further access to the port can also return some information about the software and its version on the server, which is of great help to hackers' intrusion. Also, an open port is more likely to be a portal for hackers to enter the server.
In short, doing a good job of TCP/IP port filtering not only helps prevent hackers from invading, but also helps to prevent viruses.
(4) Software firewall, antivirus software
Although we already have a set of hardware defense systems, it is not a bad thing to have more "bodyguards".
(5) Open your event log
Although opening the log service has no direct effect on preventing the hacker's intrusion, by recording the whereabouts of the hacker, we can analyze what the intruder has done on our system and what damage has been caused to our system. And hidden dangers, what kind of backdoors hackers have left on our systems, what security holes still exist in our servers, and so on. If you are a master, you can also set up the secret pot, wait for the hacker to invade, and catch him when he invades.