Information Security Tips (March 2024) – Advice for Securing a System
資訊安全貼士 (2024年3月號) - 確保系統安全的建議
To: All Users
In today’s digital environment, it is very important to ensure the security of your system. By following the below advice, you can significantly enhance the protection of your system and data.
- Enable Strong Authentication: Use strong password and consider other authentication mechanisms such as multi-factor authentication (MFA) to add an extra layer of security when accessing your system.
- Create an SSH Key Pair: Generate and use SSH key pairs for secure remote access. This method provides stronger encryption and authentication compared to traditional password-based authentication.
- Keep the System Up to Date: Regularly update your system with the latest security patches and software updates. These updates often address known vulnerabilities and protect against emerging threats.
- Remove Unnecessary Software: Minimize the attack surface by uninstalling any unnecessary or unused software. These software may contain vulnerabilities that can be exploited by attackers.
- Disable Administrator Login: Disable direct administrator login (e.g., “administrator”, “admin”, ”root”) and enforce the use of individual user accounts. This helps restrict access and mitigates the risk of unauthorized access to critical system resources.
- Check and Close Open Ports: Regularly scan your system for open ports and close any unnecessary or unused ports. Open ports can be served as entry points for attackers, so it is vital to limit their availability.
- Enable a Firewall: Set up a firewall to control inbound and outbound network traffic. A properly configured firewall can filter malicious traffic and protect your system from unauthorized access.
- Harden Your Linux System with SELinux or AppArmor: Implement Security-Enhanced Linux (SELinux) or AppArmor to enforce strict access controls and limit the impact of an attack on your system.
- Security Audits: Conduct regular security audits to identify vulnerabilities, assess system configurations and ensure compliance with security policies and standards.
- Regularly Create and Maintain Backups: Regularly back up your critical data to mitigate the impact of system failures, data loss, or ransomware attacks. Test the restoration process periodically to ensure the integrity of backup copies.
Protecting the security of system is an ongoing process. Stay informed about the latest security threats, update your security strategies, and best practices.
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
在當今數字化的環境中,確保系統的安全至關重要。通過遵循以下建議,您可以顯著提高系統和數據的保護程度。
- 啓用强密碼認證:使用强密碼,並考慮其他身份驗證機制,如多因素身份驗證(MFA),以在訪問系統時增加額外的保護層。
- 使用SSH密鑰對:生成並使用SSH密鑰對進行安全的遠程訪問。與傳統基於密碼的身份驗證相比,這種方法提供了更强的加密和身份驗證。
- 保持系統更新:定期更新系統以獲取最新的安全補丁和軟件更新。這些更新可以解决已知的漏洞,以避免受新興威脅影響。
- 移除不必要的軟件:通過卸載任何不必要或未使用的軟件來减小攻擊面。這些軟件可能存在漏洞,被攻擊者利用。
- 禁用管理員登錄:禁用直接的管理員登錄(例如,“administrator”,“admin”,“root”),並强制使用單獨的用戶賬號。這有助於限制訪問並降低未經授權訪問關鍵系統資源的風險。
- 檢查和關閉開放端口:定期掃描系統的開放端口,並關閉任何不必要或未使用的端口。開放的端口可以作爲攻擊者的入口點,因此限制其可用性至關重要。
- 啓用防火牆:設置防火牆以控制入站和出站的網絡流量。正確配置的防火牆可以過濾惡意流量,並保護系統免受未經授權的訪問。
- 使用SELinux或AppArmor加固Linux系統:實施安全增强型Linux(SELinux)或AppArmor以强制執行嚴格的訪問控制,並限制攻擊對系統的影響。
- 安全審計:定期進行安全審計,以識別漏洞,評估系統配置,並確保符合安全政策和標準。
- 定期創建和維護備份:定期備份關鍵數據,以减輕系統故障、數據丟失或勒索軟件攻擊的影響。定期測試恢復過程以確保備份的完整性。
維護系統安全是一項持續的工作,保持對最新的安全威脅的瞭解,更新您的安全策略以及關於資訊安全的最佳實踐。
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部