Shulou(Shulou.com)06/02 Report--

How to set security policy for CVM? I believe that many inexperienced people are at a loss about this, so this article summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

The CVM is in the computer network and is a shared environment, which requires users and service providers to work together to maintain stability, otherwise they will inevitably encounter attacks. With regard to CVM security policy, users can start from the following aspects.

Intelligent optimized DNS parsing

It can effectively avoid the risk caused by DNS traffic attacks. At the same time, it is recommended to host the business to multiple DNS service providers. Shield the DNS response information sent without request, discard the fast retransmission data packet, discard the DNS query request and response data from unknown sources, discard the unrequested or sudden DNS request, start the DNS client verification, and cache the response information.

Provide spare bandwidth

Through the server rental performance test, evaluate the bandwidth and the number of requests that can be borne under the normal business environment. When purchasing CVM bandwidth, make sure that there is a certain amount of spare bandwidth to avoid attacks when the bandwidth is larger than the normal usage and affect normal users.

Server self-hardening

Secure the operating system and software services on the CVM, reduce the points that can be attacked, and increase the attack cost of the attacker: make sure that the system file of the server is the latest version, and update the system patch in time. Check all server hosts to find out the source of the visitors.

Filter unnecessary services and ports

Limit the number of SYN semi-connections open at the same time, shorten the timeout time of SYN semi-connections, and limit SYN/ICMP traffic. Carefully check the logs of the network equipment and the server system, once there are vulnerabilities or time changes, the server may be under attack. Restrict network file sharing outside the firewall to reduce the chance for hackers to intercept system files.

After reading the above, have you mastered how to set the security policy on the CVM? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.