如何保护Linux，Unix，Windows服务器和IT系统的安全？

Servers provide different types of infrastructures to implement different solutions for IT. Security is another issue that must be solved in the IT area. In recent years security became a need. In this tutorial, we will look at how to secure our servers.

服务器提供不同类型的基础架构，以实现针对IT的不同解决方案。 安全是IT领域必须解决的另一个问题。 近年来，安全已成为一种需求。 在本教程中，我们将研究如何保护服务器。

打补丁 (Patching)

Operating systems use a lot of internal and external tools and services. Especially external ones interface the operating system with the remote clients and attackers over the network. Services are software those runs without stopping and these services may contain security vulnerabilities. These vulnerabilities can be remediated with patches. Patching mechanisms should be run automatically if it can be done.

操作系统使用许多内部和外部工具和服务。 特别是外部的，通过网络将操作系统与远程客户端和攻击者接口。 服务是可以不间断运行的软件，并且这些服务可能包含安全漏洞。 这些漏洞可以通过补丁修复。 如果可以的话，修补机制应该自动运行。

库存 (Inventory)

Another aspect of security is the inventory. We should know what we have and related information about them. Without knowing our inventory we can not secure and protect them against attacks.

安全性的另一个方面是库存。 我们应该知道我们拥有什么以及有关它们的相关信息。 在不知道我们的库存的情况下，我们无法保护和保护它们免受攻击。

防火墙功能 (Firewall)

As the systems provide services over network there should be a restriction to these services. This restriction can be done simply with firewalls. There are different types of firewalls from simply port access to the file analyzers. Selects the type of firewall according to your needs.

由于系统通过网络提供服务，因此应限制这些服务。 可以使用防火墙简单地完成此限制。 从简单的端口访问到文件分析器，防火墙有多种类型。 根据需要选择防火墙的类型。

帐号与认证 (Accounts & Authentication)

Accounts provide authentication and authorization of users. Each user has their own specific account to define itself. Permissions about access, read, write, execute, delete, modify and other operations are set according to account and group privileges. Give more attention while setting up and managing accounts in IT systems.

帐户提供用户的身份验证和授权。 每个用户都有自己的特定帐户来定义自己。 根据帐户和组权限设置有关访问，读取，写入，执行，删除，修改和其他操作的权限。 在IT系统中设置和管理帐户时，请多加注意。

安全审核或审查 (Security Audit or Review)

All days are different in the IT world and systems. We can not track all systems in real-time. But there should be some time frame to review and track IT systems security issues. This will give some information about security-related events in the previous period and show hidden things in a more clear way.

在IT世界和系统中，每一天都是不同的。 我们无法实时跟踪所有系统。 但是应该有一些时间框架来审查和跟踪IT系统安全问题。 这将提供有关上一时期与安全相关的事件的一些信息，并以更清晰的方式显示隐藏的事物。

LEARN MORE  What Is A Firewall and How Its Work?

了解更多什么是防火墙及其工作方式？

物理 (Physical)

From my point of view, the first step into securing a system is physical security. Without physical security all other security protections will be weak. Simple accessing IT systems physically will lose the guard. So while configuring security start with physical security to be sure.

在我看来，保护系统安全的第一步是物理安全性。 没有物理安全性，所有其他安全保护功能将很弱。 简单地从物理上访问IT系统将失去防护。 因此，在配置安全性时，首先要确保物理安全性。

记录中 (Logging)

Can we prevent all attacks from outside and inside? No there is no corporate that can answer this question as yes even Microsoft, Google, Facebook. So what is a security mechanism that can be used after or before the attack. We can log system, application, database, service, platform, client, user, etc. events. And get real-time alerts about attacks. another usage is finding information after an attack about how it happens.

我们可以防止所有来自内部和外部的攻击吗？ 否，没有公司可以回答这个问题，甚至是微软，谷歌，Facebook。 那么什么是可以在攻击之后或之前使用的安全机制。 我们可以记录系统，应用程序，数据库，服务，平台，客户端，用户等事件。 并获得有关攻击的实时警报。 另一种用法是在遭受攻击后查找有关其发生方式的信息。

翻译自: https://www.poftut.com/how-to-secure-linux-unix-windows-servers-and-it-systems/