Virtual host server how to do a good job in security protection

Virtual host server how to do a good job in security protection

tenco 2019-08-20

We all know that the server is mainly divided into three kinds: virtual host server, independent server, cloud server.Among them, the virtual host server is the choice of most small and medium-sized enterprises, because of the low cost.Nowadays, this network environment is very complex. Cyber attacks happen almost every day, especially DDOS attacks, which have doubled in the past year. Therefore, the security of website servers is very important.If the safety protection work is not done well, it is likely to be attacked by lawbreakers, causing heavy losses to enterprises.Today, the Mexican security through the past security case analysis, virtual host server how to do a good job in DDOS protection work?

The most straightforward explanation is to improve their ability to fight, the virtual host hardware configuration upgrade, such as every second 100,000 SYN attack package, server configuration at least to P4 2.4g /DDR512M/ scsi-hd.Memory must choose DDR high-speed memory, and CPU, Intel I series suitable for personal PC, server or choose to strong series, cache is larger, stronger stability, some server special instruction set, with a large data throughput.

When choosing routers, switches and other network equipment, we must choose products with good reputation and high brand awareness. For example, some routers also have traffic restriction function, which can also play a certain role in alleviating some small traffic DDOS attacks.


Network bandwidth directly determines the defense capability of the server. What kind of security measures are difficult to resist a DDOS attack with a bandwidth of 10M?Now this network environment, at least 100M bandwidth to choose it, of course, can be hung on the 1000M trunk is the best.What needs to be noted is the access bandwidth of the switch. If the switch only supports 100M bandwidth, then there is only 100M bandwidth on the 1000M trunk.

Network address translation NAT should be avoided as far as possible for both routers and hardware protective wall devices, because it will greatly reduce the network communication capacity.Because NAT requires round-trip translation of addresses and the verification and calculation of network packets during the translation process, a lot of CPU time is wasted.

Regular detection of server system updates, maintain the latest status, can improve the security of the server.Because every update of the server will fix new vulnerabilities and bugs, so as to avoid attackers to launch attacks by taking advantage of these.Static pages can greatly improve the ability to resist attacks, like tencent, sina and other large portals are static pages.If you don't need a dynamic script call, move it to a separate host to avoid compromising the primary server.

When meet DDOS attacks, more than six measures if still cannot solve the problem of DDOS, that means it was a big flood DDOS attack traffic, can only access like "security professional services to the anti DDOS defense through the latest fingerprint identification system for malicious attack traffic flow cleaning, filtering the extreme varieties, wear shield, simulation, abnormal.

TENCO-TECH