Do you have some important data on your server that cannot be disclosed at will? Of course there is? Recently, the risks to servers have been particularly high. More and more viruses, malicious hackers, and commercial spies all target servers. Obviously, server security issues can't be ignored for a moment.
LED emergency driver has been widely used in LED lamps , which can be used not only as an emergency when the power grid is off , but also as an energy saving use . The housing material of LED emergency power supply is divided into aluminum alloy housing , stainless steel housing and ABS housing . The LED emergency kit is suitable for LED lights of different powers to be used at AC85-265V wide voltage , and equipped with high quality rechargeable lithium ion battery . It has a wide range of applications such as home , commercial buildings , offices , hospitals , schools etc .
Emergency Devices,Led Emergency Kit,Led Emergency Driver,Emergency Backup Lights, LED Emergency Module Jiangmen City Pengjiang District Qihui Lighting Electrical Appliances Co., Ltd , https://www.qihuilights.com
It is impossible to talk about computer security issues in an article. After all, there are many books on this topic in the market, but I can tell you seven tips for maintaining server security.
Tip 1: Start with the basics
Starting with the basics is the safest way. You must convert areas containing confidential data on the server to NTFS format; similarly, antivirus programs must also be updated on time. It is recommended to install antivirus software on both the server and the desktop computer. These software should also be set to automatically download the latest virus definition files every day. In addition, the Exchange Server (mail server) should also install anti-virus software, such software can scan all incoming e-mail, looking for virus-infected attachments, if a virus is found, the mail will be quarantined immediately, reducing the chance of user infection .
Another good way to protect the network is to limit the user's permission to log on to the network based on employees' working hours. For example, employees who work during the day should not have the right to log on to the network in the middle of the night.
Finally, you must log in with a password to access any data on the network. Forcing everyone to set a password must mix uppercase and lowercase letters, numbers, and special characters. There is such a tool in the Windows NT Server Resource Kit. You should also set the password to be updated regularly, and the password length should not be less than eight characters. If you have already done these measures, but still worry about the password is not safe, you can try to download some hacking tools from the Internet, and then test how safe these passwords are.
Tip 2: Protect the backup
Most people do not realize that backup itself is a huge security hole, how to say? Imagine that most of the backup work starts at 10 or 11 in the evening. Depending on the amount of data, it is probably midnight after the backup is completed. Now, imagine that it is four o'clock in the morning and the backup work is over. Those who are interested can just steal the backup disk at this time and restore it on the server in their own home or your competitor's office. However, you can prevent this from happening. First, you can use a password to protect your disk. If your backup program supports encryption, you can also encrypt the data. Secondly, you can set the time when the backup is completed when you enter the office in the morning. In this case, even if someone wants to slip in and steal the disk in the middle of the night, the disk is in use; if the thief forcefully takes the disk, he It is also impossible to read the damaged data.
Tip three: use the callback function of RAS
One of the coolest features of Windows NT is to support remote server access (RAS). Unfortunately, the RAS server is too convenient for hackers. They only need a phone number and a little patience, and then they can enter through RAS Host. However, you can take some measures to protect the security of the RAS server.
The technology you use mainly depends on how the remote accessor works. If the remote user often accesses the Internet from home or a fixed place, it is recommended that you use the callback function, which allows the remote user to hang up after logging in, and then the RAS server will dial out the preset phone number to connect the user, because of this Once a phone number is already in the program, the hacker will not have the opportunity to specify the number that the server calls back.
Another method is to restrict remote users to access only a single server. You can copy the data frequently used by users to a special common point on the RAS server, and then limit the login of remote users to one server instead of the entire network. In this way, even if hackers invade the host, they can only blame on a single machine, indirectly to reduce the degree of damage.
Finally, another trick is to use "alternative" network protocols on the RAS server. The TCP / IP protocol is often used as the RAS protocol. Using the nature and acceptance of the TCP / IP protocol itself, this choice is quite reasonable, but RAS also supports IPX / SPX and NetBEUI protocols. If you use NetBEUI as the RAS protocol, hackers will be confused if they do n’t check for a while.
Tip 4: Consider the security of the workstation
In the server security article, it seems that the workstation security feeling is not very close, but the workstation is the door to the server. Strengthening the security of the workstation can improve the security of the overall network. For beginners, it is recommended to use Windows 2000 on all workstations. Windows 2000 is a very safe operating system. If you do n’t have Windows 2000, at least use Windows NT. In this way, you can lock the workstation. Without permission, it will be difficult for ordinary people to obtain network configuration information.
Another trick is to restrict users from logging in only from specific workstations. Another trick is to use the workstation as a simple terminal (dumb terminal) or a smart simple terminal. In other words, there is no data or software stored on the workstation. When you use the computer as a dumb terminal, the server must execute the Windows NT terminal service program, and all applications only operate on the server. The workstation can only passively receive and Show data only. This means that only a minimal version of Windows is installed on the workstation, and a copy of Microsoft Terminal Server Client. This method should be the most secure network design.
  Tip 5: Perform the latest patch
Inside Microsoft, there is a group of people who specifically check and fix security vulnerabilities. These patches (patches) are sometimes collected into service packs (service packs) and released. Service packs usually come in two different versions: a 40-bit version that anyone can use, and the other is a 128-bit version that can only be released in the United States and Canada. The 128-bit version uses a 128-bit encryption algorithm, which is much safer than the 40-bit version.
A service pack sometimes has to wait for several months before it is released, but if serious vulnerabilities are discovered, you certainly want to fix them immediately, and do n’t want to wait for the late service pack. Fortunately, you do n’t need to wait. Microsoft will regularly publish important patches on its FTP site. These latest patches have not been included in the latest version of the service pack. I suggest that you always check the latest patches. Remember, the patch must be used in chronological order. If you use the patch incorrectly, it may cause the wrong version of some files, or it may cause Windows to crash.
Tip six: promulgate strict security policies
Another way to improve security is to develop a strong security strategy to ensure that everyone understands and enforces it. If you use Windows 2000 Server, you can authorize certain permissions to a specific agent without having to hand over all network management rights. Even if you approve certain rights of the agent, you can still control the size of the authority, for example, you cannot open a new user account or change the rights.
Tip seven: firewall, check, check again
The last tip is to carefully check the firewall settings. A firewall is an important part of network planning because it protects corporate computers from malicious damage from the outside world.
First, do n’t publish non-essential IP addresses. You must have at least one external IP address, all network communications must go through this address. If you have a DNS-registered web server or e-mail server, these IP addresses should also be announced through the firewall. However, the IP addresses of workstations and other servers must be hidden.
You can also check all the communication ports to make sure that all the unused ones have been closed. For example, TCP / IP port 80 is used for HTTP traffic, so this port cannot be blocked. Perhaps port 81 should never be used, so it should be turned off. You can check the detailed usage of each port on the network.
Server security is a big issue. You do n’t want important data to be damaged by viruses / hackers or stolen as a bad use. This article introduces 7 important security checkpoints. You may wish to try it. 