Into the data center hosting server before the engine room, the system definitely had to do well in advance, but only good system installed, open the remote control or not enough. Section I we talked about are the "hard security", and now we talk about a number of "soft security" expert not seen again, and do not Paizhuan against my enthusiasm, not to despise me.
Server was hacked, and a good recall, you do not have these to operate.
1, Operating System Security
There may be a friend often response, I was hacking into another server, I get every week at least two more trips to the room, how do ah? In Bahrain after the operating system, install an antivirus software immediately and for the operating system patch upgrades, and antivirus software, virus database and the feature database upgrade. Do not you this time on the server Xia Guang, s many Trojan virus on the Internet. After the upgrade completed, quickly some basic security permissions settings, including all disk partitions and directory permissions, even to the documents detailed security settings. Specific permission settings in this not dwell on the. Different operating systems, different applications, and permission settings are not the same. Do not press on-line tutorial to move intact, or you will suffer.
2, the security of application software
I suggest, do not install the server does not have any relationship with your server software, including Windows operating system to Linux operating system. Recommended that you use the latest version of the application software, such as Windows operating system's FTP software Serv-U, Xiang Xin Zai server hacking of cases, of which 80% yes because the server's version of Shang Serv-U is too low, Zai Jie He vulnerability of other places have been invaded. A new version of the application software was extended out, of course, the reason it.
3, the website and database security
A friend later in the finished program, direct upload to the server, set up the site up, the client can access on the matter, and this is the wrong approach. When writing web programs, procedures, location of the syntax and the judgments, etc. must be strict, the database installed after the database is absolutely necessary to the latest patch, and for some a set of basic rights. Program to the server on the site after the time corresponding to the relevant directory permissions to be set. Doing so, it can not guarantee the security of the whole server, but at least greatly reduce the possibility of invasion server.
4, anti-virus software and firewall
There may be a friend complained that my server is only installed antivirus software, then install a firewall, server, or by hacking into it. That may be your antivirus software is not configured or not updated their virus, it could be a firewall is not configured. Including friends around me are guilty of this error, installed anti-virus software installed like a normal application procedures, Bahrain after a restart no longer cares, this is a bad habit of installing antivirus software, restart the server be the first time since the virus signature database, or upgrade to the latest, and some simple configuration, such as the boot scan, scan or regular scanning into the system and so on. Install an antivirus software did not update anti-virus software installed with no difference between not too much. Similarly, the firewall installed after the need for appropriate settings, such as the prohibition of the external computer ping the computer (in fact, a firewall, this feature is an arbitrary basic function), does not prohibit the procedure commonly used in the external connection (you should never Do not the system update or antivirus software to be added in a) and so on.
5, service and port
After the initial installation of the system will start a lot of services that some core services, some unnecessary services. Similarly, a service will open up one or more ports.
You can install the system after the service immediately and those unnecessary ports to close, in a way to strengthen system security. So in the end what services and ports need to close it? Would need to start your system every common port services and a more profound understanding and knowledge.
6, other
Just do the above five points, does not mean that your server will hundred percent safe.
Is the so-called best is yet to be. Should be based on actual, each different application server, using the security policy is not the same, while all aspects of security is also very flexible. But as long as seizing the most crucial point, even if your server is more secure, and that is at least as open to the service (port).
Merely mentioned above the security of wired networks in a very small part of a very small, there is wireless network security. Interested friends can search the web for related articles to understand.
Well, the server that you have some basic security well, there could be related to the data center staff will be your server added to our catalog on it, go back to remote control your server it. Network security is a very huge project, every aspect of security is not to ignore that each link has a chain. Similarly, it is a long-term, continuous process, server and network technology developing rapidly, new vulnerabilities and hacking techniques are constantly arise, which need your friends constantly updated server administrator to consolidate own knowledge base of the brain, while free time, often to the class website to see some security vulnerabilities and the latest software vulnerabilities, have time to soak security forum category, in fact, feel very good to!