The continuous development of the network economy and the concept of e-commerce have also been recognized by most people. Hackers who have been stealing and destroying data on the Internet have also become very active. The network hacking behavior of hackers may cause heavy losses in the enterprise e-commerce system every year. And as your business continues to expand, even a small, unimaginable security negligence can easily expose your hard-working company to potential threats.
In recent years, servers have been at greater risk than before. More and more viruses, hackers with ill-conceived servers have their own goals. Obviously, the security of the server cannot be ignored. Here I talk about how companies maintain server security.
First, convert disk partitions to NTFS format
When hackers start attacking your network, they will first check for general security vulnerabilities before they consider the difficulty. A higher means of breaking through the security system. So, for example, when the data on your server is in a FAT disk partition, it won't help you even if you install all the security software in the world.
For this reason, you need to start from the basics. You need to convert all disk partitions on the server that contain sensitive data into NTFS format. Again, you need to keep all your anti-virus software up to date. I recommend that you run anti-virus software on both the server and the desktop. The software should also be configured to automatically download the latest virus database files every day. You should also know that you can install anti-virus software for Exchange Server. This software scans all incoming emails for infected attachments. When it finds a virus, it automatically isolates the infected email before it reaches the user.
Another good way to protect your network is to limit the amount of time users spend accessing the network based on the time they spend in the company. Finally, remember that users need a password when they access anything on the entire network. You must force everyone to use high-intensity passwords consisting of uppercase and lowercase letters, numbers, and special characters. There is a good tool for this task in the Windows NT Server Resource Kit. You should also often invalidate some expired passwords and update them to require the user's password to be at least eight characters. If you have done all of this work but are still concerned about the security of your password, you can try to download some hacking tools from the Internet and find out how safe these passwords are.
Second, enable Windows NT callback function
One of the coolest features of Windows NT is remote access (RAS) support for the server. Unfortunately, a RAS server is an open door for a hacker trying to get into your system. Everything a hacker needs is a phone number, and sometimes it takes a little patience to get into a host via RAS. But you can take some measures to ensure the security of the RAS server.
The technology you use will depend to a large extent on how your remote users use RAS. If the remote user often calls the host from home or a similarly unchanging location, I recommend that you use the callback feature, which allows the remote user to log in and disconnect afterwards. The RAS server then dials a pre-defined phone number to connect the user again. Because this number is pre-set, the hacker has no chance to set the number that the server will call back.
Another option is to restrict access to a single server for all remote users. You can place the data that the user usually accesses on a special share point on the RAS server. You can then restrict access to remote users to a single server, not the entire network. In this way, even if hackers enter the host through destruction, they will be isolated on a single machine, where the damage they cause is reduced to a minimum.
Last but not least, the trick is to use an unexpected protocol on your RAS server. Everyone I know uses the TCP/IP protocol as the RAS protocol. Given the nature and typical use of the TCP/IP protocol itself, this seems like a reasonable choice. However, RAS also supports the IPX/SPX and NetBEUI protocols. If you use NetBEUI as your RAS protocol, you can really confuse some unsuspecting hackers.
Third, build a secure workstation
Since the workstation is a flaw to the server, strengthening the security of the workstation can improve the security of the entire network. For beginners, I recommend using Windows 2000 on all workstations. Windows 2000 is a very secure operating system. If you don't want to do this, then at least use Windows NT. You can lock workstations, making it difficult or impossible for people who don't have secure access to get network configuration information.
Another technique is to control which workstations a person can access. For example, if you have an employee, you already know that he is a troublemaker, so you should use the Workgroup User Manager to also modify his account so that he can only log in from his own computer (and within the time you specify). . This way he is unlikely to attack the network from his own computer, because he knows that others can chase him.
Another technique is to limit the functionality of the workstation to a dumb terminal, which means that no data and applications reside on separate workstations. When you use your computer as a dumb terminal, the server is configured to run Windows NT Terminal Services, and all applications are physically running on the server. Everything sent to the workstation is nothing more than an updated screen display. This means that there is only one minimal version of Windows on the workstation and a client for Microsoft Terminal Services. Using this method is perhaps the safest network design. Using a "smart" dumb terminal means that the program and data reside on the server but run on the workstation. All installed on the workstation is a copy of Windows and some icons pointing to applications residing on the server. When you click on an icon to run the program, the program will run using the local resources instead of consuming the server's resources. This is much less stressful on the server than running a full dumb terminal program.
4. Download and install the latest security vulnerability remediation program
Microsoft has a team of programmers to check for security vulnerabilities and fix them. Sometimes these remediation programs are bundled into a large package and released as a service pack. There are usually two different versions of the remediation program: a 40-bit version that anyone can use and a 128-bit version that can only be used in the US and Canada. In general, the 128-bit version uses a 128-bit encryption algorithm, which is much safer than the 40-bit version. Sometimes the release of a service pack may have to wait for several months - obviously, when a big security hole is discovered, you don't want to wait until it is possible to fix it. Fortunately, you don't need to wait. Microsoft regularly publishes important remediation programs on its FTP site.
These hotspot remediation programs are security patches that have been published since the last service pack release. I recommend that you check the hotspot remediation program frequently. Remember that you must use these remediation procedures in a logical order. If you use them in the wrong order, the result may be a version error in some files and Windows may stop working. //This article transferred from www.45it.com computer software and hardware application network
Five, establish strict user rights
If you use Windows 2000 Server, you may specify the user's special access rights Use your server without having to hand over control of the administrator. A good use is to authorize Human Resources to delete and disable an account. In this way, the HR department can delete or disable his user account before a clerk knows that he will be fired. In this way, dissatisfied employees will not have the opportunity to disrupt the company's system. At the same time, with special user rights, you can grant this permission to delete and disable account permissions and restrict the creation of users or changes to permissions and other activities.
V. Establishing strict user rights
If you use Windows 2000 Server, you may be able to specify the user's special usage rights to use your server without having to hand over the administrator's control. right. A good use is to authorize Human Resources to delete and disable an account. In this way, the HR department can delete or disable his user account before a clerk knows that he will be fired. In this way, dissatisfied employees will not have the opportunity to disrupt the company's system. At the same time, with special user rights, you can grant this permission to delete and disable account permissions and restrict the creation of users or changes to permissions and other activities.
VI. Installing Intrusion Detection and Alarm System
With the continuous development of the network economy, the concept of e-commerce has also been recognized by most people, and it has also brought about how to protect it. Corporate and customer transaction data are not stolen and other related issues.
There are two general types of information theft: one is the so-called stealing of intelligent property; the other is the so-called industrial intelligence. And programmers can use the convenience of writing programs to reserve secret doors when developing application software. Under the undetected state, enterprises can unknowingly steal all important information of the company. . Therefore, simply speaking, if a company lacks proper vigilance, it will definitely bring huge economic and information resources losses to the company.
The response method is to install an illegal intrusion detection system, which can complement the function of the current firewall, so that the two can reach the monitoring network, perform immediate interception actions, and analyze the actions of filtering packets and content when the stealer invades. It can be effectively terminated immediately.
The intrusion detection and alarm system provides another line of defense for corporate defense protection. The application of these related protection measures can completely make appropriate and appropriate alarms in the face of attacks or information abuse. This includes warning system administrators, immediately detecting the recorded attack behavior as evidence for future prosecutions, or simply terminating the hacker's network connection. All in all, the use of sophisticated security support decisions can help companies manage the vast amount of data generated by technology as they expand their organization.
Seven, regularly check the server's firewall
The last method is to carefully check your firewall settings regularly. Your firewall is an important part of the network because it isolates your company's computers from those on the Internet that could damage them.
The first thing you need to do is to make sure that the firewall does not open up any necessary IP addresses to the outside world. You always have to make at least one IP address visible to the outside world. This IP address is used for all Internet communications. If you have a DNS-registered web server or email server, their IP addresses may also be visible to the outside world through a firewall. However, the IP addresses of workstations and other servers must be hidden.
You can also check the 埠 list to verify that you have closed all port addresses that you don't use. For example, TCP/IP port 80 is used for HTTP communication, so you may not want to block this trick. However, you may never use 埠81 so it should be turned off. You can find a list of each use on the Internet.
Conclusion
e-commerce provides a more convenient than ever online trading environment for all Internet users in the use of a large number of Web site provides valuable company information, mission-critical Business applications and consumer-private information, server security issues are becoming a big issue, and you don't want critical information to be corrupted by viruses or hackers or by someone who might use it to deal with you. In order to be successful in this highly competitive and crisis-ridden environment, organizations must protect their assets while ensuring the security of their consumers' private information while users access their resources.
Business managers should choose solutions that address these issues and provide endpoint-to-endpoint security infrastructure for a variety of e-business environments. In addition, in the purchase of such products should also consider its integration and support, in addition to providing such intrusion monitoring and prevention products, it should also be able to integrate the firewall with computer virus prevention software, and can be regular Provides virus code and intrusion attack mode database updates, and provides complete information security protection for enterprise and e-commerce systems in the face of the ever-changing Internet technology.
A disk array is a system in which a number of hard disk drives are grouped togeth
There are many popular servers at present, and some professional-grade FTP servers
Friends who have a certain understanding of the network or server may see FTP related knowledge, and
This article takes Serv-U6.4 as an example. Setting method: Double-click to open S
IIS has a "requested resource in use" solution
Use linux to do FTP server (1)
15 ways to securely set up IIS
DNS for Linux server configuration - using BIND
NT and server software installation and setup steps
Summary of Causes of Web Site Crashes
Tianyi F41 series notebook to play Warcraft blue screen of death solution
Apache RewriteCond instructions explain
How to use phpmyadmin to set the permissions of the mysql database user
Windows 8.1 renamed "computer" to "this computer"
Windows XP administrator password three tips
How to create and remove virtual partitions in Windows 7
The little-known win7 shortcuts recommend
Unable to install Win 7 Chinese language pack solution
PPT stereo graphic design tips
Windows 7's task scheduling program makes program automation more flexible
How to set up Win8 to prohibit remote modification of the registry to improve system security