Server Death Diary (System Articles)
The server is placed in the machine room, just like the safe in the street, I am still afraid in my heart, I am hovering. There are three aspects of the security of the server, one is the operating system, and the other is the application, and the third is network security. Since these three areas are responsible, this makes our safety are very fragile, and the network management is only responsible for playing the system's patches, the programmer is responsible for the application, and the network security is rarely tube. Usually, the NMS is most concerned about the safety of the operating system, which is the easiest way to enroll in hackers. Whether it is Linux or Windows system, there are a lot of vulnerabilities, and ordinary people are hard to find new system vulnerabilities. We only work after work, and we will find safety vulnerabilities in time and do corresponding measures. The best way is: First, we must close our unwanted port. Windows always has a few ports in 135, if you only provide web services, just open 80 well, other ports are closed . Close mode is best, because the policy does not need to restart the server, the adjustment is also very simple, the vulnerability is much, but I put the door, see how you come in. Secondly remove all unwanted components, NetBIOS services, IIS default files, Print Pool, and other unrelated service pass-through, these files Microsoft is also an old problem, you love problems, but what is it with me? I don't install you at all, and if you want to install the terminal service, it is best to change the default port number. Disks must be converted into NTFS partitions, permissions should be set, can't be EVERYONE FULL Control, once IIS programs have vulnerabilities, they will not die very miserable. Setting the application running policy, qualifying only programs in a specific directory to run, so that you have added some points for your security.
The system log is necessary. Especially the log of IIS and system security logs, do not need IIS logs to increase the amount of performance, but this is better than death compared to death, life is better than death, I don't know how to die, how terrible! If you don't need to install other security software (what day, what anti-virus software), the more you get, the faster you die, they can't bring you more security, you can't care because of their vulnerabilities Dead and fade. Don't go online by the server, the server is very dangerous. If you want to put it on the highest, don't put any components that populate, including 3721, they may make your system crash. Summarize, operating system security: all patch, seal port, ban service, set file permission, application security strategy, don't put things, don't go online
