In simple terms, server intrusion prevention

Demand analysis

Many enterprise servers , In particular, the business system server is relatively fragile , Even with anti-virus software 、 Deployed firewalls 、 And patch regularly , Still

However, there will be various risks of intrusion and tampering , Even blackmail virus .

Solution ： Host reinforcement concept
Host reinforcement is actually a security mark for the system 、 Access control and other multi-layer and three-dimensional protective measures , Make up for operating system defects .
It can be understood as putting a lock on the main machine , Redefine the functions of each module of the operating system , Build an independent identity authentication system , When anti-virus software 、 When the firewall doesn't work , The host can still be protected , Prevent viruses and Trojans from invading , Prevent core data from being peeped 、 Be destroyed 、 Be tampered with 、 Stolen ！ By guarding against external attacks , Prevent internal active disclosure , Solve abnormal behaviors such as unauthorized access , Make up for the security shortcomings of traditional information security solutions in the host layer , Improve the overall security protection ability of the operating system .

​ To make a long story short , Host reinforcement and anti-virus software are two completely different concepts , They are complementary , Not a substitute relationship .
Adjustment strategy of host reinforcement ：
1、 Correct installation of software and system
2、 Install the latest and all OS And security patches for application software
3、 Security configuration of system and software
4、 System security risk prevention
5、 Provide suggestions on system use and maintenance
6、 System function test ,
7、 System security risk test
8、 System integrity backup
9、 Rebuild the system if necessary
Some important links of host reinforcement ：
1、 Overall investigation of system environment
（1） System security requirements analysis
（2） System security policy formulation
（3） System security risk assessment

2、 Formulate the host reinforcement scheme
Formulate the content of host reinforcement according to the results of system environment investigation 、 Steps and schedule .

3、 Implement host reinforcement
The main contents of strengthening and optimizing the system include the following two aspects ： Mainframe reinforcement 、 Environmental testing

4、 Generate host reinforcement report
The reinforcement report is the final report provided to users after completing the reinforcement and optimization services of network and application system . It includes the following ： A complete record of the reinforcement process 、 Suggestions or solutions on system security management 、 The results of the safety audit of the reinforcement system .
Host reinforcement technology ：
1、 Network equipment reinforcement
2、 Network structure adjustment
3、 Server system reinforcement
4、 Database hardening
5、 Safety product optimization
（1） A firewall
Today's firewall products , There are mainly three kinds of ： Software based 、 Application based and integrated .
（2） intrusion detection system
intrusion detection system （IDS） They are roughly divided into three categories according to their functions ： host IDS（HIDS）、 The Internet IDS（NIDS）、 And distributed IDS（DIDS）. although IDS It is an important technology to detect malicious behavior of computer system , But it still has room for improvement . Smart sellers sell you New IDS when , Promise how powerful it is , however IDS Can't detect all intrusion events .

The core points of host reinforcement ：
1. System reinforcement
Lock the debugged system , Become a trusted system .
In a trusted system , Illegal procedure 、 Scripts can't run . And it will not affect data access .
Even if the system has vulnerabilities , Even administrator privileges are lost , This trusted system is secure .
2. Program reinforcement
The executable program is signed by trusted signature 、 Start the script in real time hash value check , Verification failed
Refuse to start , And trusted programs cannot be disguised .
3. Document reinforcement
Protect files of the specified type from tampering .
4. Disk encryption
Create a safe sandbox , The sandbox is isolated from the outside , Encrypt the data in the sandbox , Ensure that the data can only be used in authorized management
On the premise that the theory is effective , To be decrypted . If there is no authorization , Even administrators cannot copy and use this data ,
Even system cloning does not work .
5. Database hardening
first floor ： Database files are forbidden to be accessed and tampered with by unfamiliar programs . Ensure database file level security .
The second floor ： Database port access trusted filtering , Only business programs are allowed to connect to the database port , In company
Followed by string IP+ port + In the account password , Append process identification .
The third level ： Database connection SQL Intelligent filtering of text , Prevent critical data from being retrieved and accessed , Prevent database
Illegal access to internal data , Prevent dangerous operations of database forms .

​
Host reinforcement application scenario ：
1. Protect enterprise server security . Server anti blackmail virus 、 Trojan horse 、 mill 、 Data tampering, etc .
2. Host data anti disclosure protection . Without affecting the normal operation and maintenance of the host , Encrypt and protect some data , Prevent core data from being stolen or tampered with .
3. The business system host is locked in the best state , Reduce viruses through process whitelist control 、 Number of illegal programs running , Greatly reduce the operation and maintenance of the host .
4. Disk encryption , Even if the server is stolen , The hard disk was removed , The protected data is still encrypted .
Which host reinforcement brands are worth recommending ：
At present, several brands that have done well in the field of host reinforcement are known in the market ：
1.  Shenxinda Of MCK Mainframe reinforcement .
2. Wisteria cloud security .
3. Luoan Technology .
4. wave .
5. Anheng .
6. Convinced .
7.  Tian Rong Xin .

MCK Host reinforcement system

(1) Vulnerabilities in the business system itself ;

(2) Vulnerabilities in the operating system itself ;

(3) WEB Application vulnerability ;

(4) Wrong configuration .

Program summary

Shenxinda MCK Host reinforcement system , Is to take over the operating system through the security container , Let the application run inside the container , The data is stored in a container , Inside the container through image technology , Implement the white list mechanism for working scenes , And encrypt and protect the core data , Realize the final defense of the server . Even hackers Attack as super administrator , Nothing can be done .

External can prevent trojan virus invasion , Prevent core data from being peeped 、 Be destroyed 、 Be tampered with 、 Be stolen ！

Internally, the operation and maintenance personnel can audit the log of server attacks .

Function list