Backup servers are very powerful. This server can read or overwrite any file or database in your enterprise. Without such a server, businesses cannot back up or restore files. By combining these capabilities with many backup software that requires a backup administrator to have root privileges or administrator privileges to access the system, you give a person the right to read or overwrite any files and databases in your environment. Of course, this means that the backup server is broken is a very scary thing. Therefore, you should make every effort to protect the backup server. Here are six tips for protecting your backup server.
1. Close unused ports
Check your backup vendor's documentation to determine which port is absolutely necessary for your backup system to function properly, then block all other port. For example, if your backup server does not need to be an NFS (Network File System) or CIFS (Common Internet File System) server, then you should turn off or revoke the backup server to provide this service. The same blocking measures are required for Web, print, Telnet, and other backup servers to run unneeded services.
2. Require Encrypted Access
If you are managing your backup server using a plain text protocol, the intruder can monitor your packets and determine your administrative password. Create a policy that blocks plaintext access to your backup server and enforces this policy. First, you must uninstall or close the plain text protocol, such as Telnet, FTP, HTTP, and so on. Then, all management tasks must be implemented through an encrypted protocol such as SSH, HTTPS, encrypted FTP, and SCP.
3. Reduce the number of people with full access
If your backup server requires root or administrator access to manage, limit the number of people with this permission. Provide a different administrative password for the backup server and only provide the password to the person who needs access to the backup server. The average administrator may not like this approach because they usually have access to the entire system. However, you have to explain to them that this is to protect them. Put the backup system's administrative password in a safe place and only allow those who really need it to access the password.
4. Record backup activities and place records on other servers as much as possible
Use the system logging function in the Unix backup server or a third-party data protection management product to record all backup activities. And put the records on another server to prevent malicious administrators from overwriting these records.
5. Separate media management from backup management
You can also give media management and backup management permissions to two people, one for loading tapes and the other for setting up backups. Generally speaking, these tasks are all done by one person. However, separating these jobs can avoid the disaster caused by malicious employees. If a malicious employee has administrative rights, but they have access to the storage medium, he can't cause any damage. If a malicious employee has access to the storage medium, but he does not have permission to put anything into the medium, he can't cause any damage.
6. Investigate the security features of your backup products
Backup software products have added many security features over the past few years, including encryption, task-based security and enhanced customer and Administrator identification, etc. Encryption can encrypt the backup process, back up tapes or manage processes. Task-based security measures prevent processes that require root or administrator access to manage the system and allow you to separate responsibilities and decentralize power. Finally, the enhanced identity system abandoned the old practice of using IP addresses and hostname identification systems. Investigate which of the above features your product uses and use them immediately.
Some of the above tips are difficult to do. However, applying these tips is much better than without any tricks. Let us make sure these backup servers are safe!
This article aims to teach the first contact with VPS novice, if you are a veteran. Can leave, there
When the Windows 2003 server is installed on the server and the firewall is ready
cited: In the eyes of many network administrators, managing the server may be a relatively simple th
In this article, we will work together to see how shortcuts can help users improve their productivit
16 Linux server monitoring commands that you must know
In-depth analysis of IIS 6.0 (four)
In-Depth Analysis of Server Web Cache
Knowledge Academy: Two major points to be aware of server hosting
Apache server user authentication simple configuration solution set
How do I find the machine-installed HBA card in Device Manager?
Windows IIS FTP server advanced configuration
Automation server can not create multiple solutions for objects
Security hardening setup experience in LNMP PHP environment
Server 404 error page http status return value of 200 reason analysis
How to install win10 preview version Win10 preview version of the installation method Daquan
How does the Win7 system customize the mouse DPI? How to adjust the USB mouse overclocking?
Why is Windows 8 higher performance and lower system requirements?
Non-genuine users install IE7.0 method
Other theme sound effects in Win7 theme
Comparison of the advantages and disadvantages of Apache and IIS Comments
How to adjust the screen resolution of Win8 system