Tell you seven tips for maintaining your server security

Is there any vital data on your computer, and don't want them to fall into the hands of the wicked? Of course, they have this possibility. Moreover, in recent years, servers have been at greater risk than before. More and more viruses, hackers, and commercial spies have made the server their goal. Obviously, the security of the server cannot be ignored.

It is impossible to tell all the computer security issues in just one article. After all, there are countless books on this topic. All I have to do next is to tell you seven tips for maintaining your server's security.

1: Callback for RAS

One of the coolest features of Windows NT is remote server access (RAS) support. Unfortunately, a RAS server is an open door for a hacker trying to get into your system. Everything a hacker needs is a phone number, and sometimes it takes a little patience to get into a host via RAS. But you can take some measures to ensure the security of the RAS server.

The technology you use will depend to a large extent on how your remote users use RAS. If the remote user often calls the host from home or a similarly unchanging location, I recommend that you use the callback feature, which allows the remote user to log in and disconnect afterwards. The RAS server then dials a pre-defined phone number to connect the user again. Because this number is pre-set, the hacker has no chance to set the number that the server will call back.

Another option is to restrict access to a single server for all remote users. You can place the data that the user usually accesses on a special share point on the RAS server. You can then restrict access to remote users to a single server, not the entire network. In this way, even if hackers enter the host through destruction, they will be isolated on a single machine, where the damage they cause is reduced to a minimum.

Last but not least, the trick is to use an unexpected protocol on your RAS server. Everyone I know uses the TCP/IP protocol as the RAS protocol. Considering the nature and typical use of the TCP/IP protocol itself, this seems like a reasonable choice. However, RAS also supports the IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can really confuse some unsuspecting hackers.

2: Using popular patches

Microsoft hired a team of programmers to check for security vulnerabilities and fix them. Sometimes these patches are bundled into a large package and released as a service pack. There are usually two different patch versions: a 40-bit version that anyone can use and a 128-bit version that can only be used in the US and Canada. The 128-bit version uses a 128-bit encryption algorithm, which is much safer than the 40-bit version. If you are still using a 40-bit service pack and live in the US or Canada, I highly recommend downloading the 128-bit version. //This article is transferred from www.45it.com.cn computer software and hardware application network

Sometimes the release of a service package may have to wait for several months - obviously, when a big security hole is discovered Whenever possible, fix it, you don't want to wait any longer. Fortunately, you don't need to wait. Microsoft regularly releases important patches on its FTP site. These hotspot patches are security patches that have been published since the last time the service pack was released. I suggest you check the hot fix frequently. Remember that you must use these patches in a logical order. If you use them in the wrong order, the result may be a version error in some files and Windows may stop working.

3: Starting from the basics

I know this sounds like nonsense, but when we talk about the security of the web server, the best advice I can give you is not to Be a layman. When hackers start attacking your network, they first check for general security vulnerabilities before considering the more difficult means of breaking through the security system. So, for example, when the data on your server is in a FAT disk partition, even installing all the security software in the world won't help you much.

For this reason, you need to start from the basics. You need to convert all disk partitions on the server that contain sensitive data to NTFS format. Again, you need to keep all your anti-virus software up to date. I recommend that you run anti-virus software on both the server and the desktop. The software should also be configured to automatically download the latest virus database files every day. You should also know that you can install anti-virus software for Exchange Server. This software scans all incoming emails for infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.

Another good way to protect your network is to limit the amount of time users spend accessing the network based on the time they spend in the company. A temporary employee who normally works during the day should not be allowed to access the network at 3 am unless the employee's supervisor tells you that it is for a special project.

Finally, remember that users need a password when they access anything on the entire network. You must force everyone to use high-intensity passwords consisting of uppercase and lowercase letters, numbers, and special characters. There is a good tool for this task in the Windows NT Server Resource Kit. You should also often invalidate some expired passwords and update them to require the user's password to be at least eight characters. If you have done all of this work but are still concerned about the security of your password, you can try to download some hacking tools from the Internet and find out how safe these passwords are.