Essential IT Security Practices Every Ops Engineer Should Master

Previous Perception

When I first entered the IT field as an operations engineer, I believed security meant simply using complex passwords, changing the SSH port from 22, and preventing anyone from logging into the server.

Current Perception

After several years of experience dealing with hacked servers, DDoS attacks, and database tampering, I realized that security is far more complex and requires comprehensive knowledge of many aspects.

IT Security Overview

1. Network Security

Many companies lack third‑party audit systems, making it difficult to generate audit reports. I built an ELK stack to provide operation traceability and monitor system and security logs, achieving the desired effect. Developers also use ELK for app behavior monitoring and auditing.

Below is the ELK system I set up for server operation monitoring:

Network security also includes measures such as ARP binding, intrusion detection/prevention devices, firewalls, regular password changes for network equipment, configuration of login failure handling, session timeouts, and using HTTPS for encrypted transmission.

Regular self‑checks like vulnerability scanning, weak‑password scanning, and baseline configuration audits are essential to discover and remediate host and application vulnerabilities.

2. Host Security

Most companies do not install host intrusion detection systems, missing the ability to record attacker IPs, attack types, targets, and timestamps. While commercial WAFs or IPS devices can be costly, free open‑source tools such as OSSEC and other HIDS solutions can provide real‑time malicious code detection and removal.

Host security also involves secure system configuration, strong password policies, limiting login attempts, enforcing resource‑level access controls, and renaming or disabling default accounts.

3. Application Security

Recommended practices include using multi‑factor authentication, enforcing password complexity (8‑20 characters, mixed character types, rotation ≤ six months), limiting login failures, applying sensitivity labels to critical data, enabling comprehensive security auditing that cannot be tampered with, restricting concurrent sessions, and setting service priority based on security policies.

4. Data Security and Backup Recovery

Implement off‑site data backup, hardware redundancy for network devices and communication lines, data masking for production data used in testing, strict access procedures for non‑ops personnel (e.g., using a bastion host to disable clipboard), and regular database upgrades—preferably to the latest stable version—to mitigate high‑severity vulnerabilities.

5. Web Business Security

Set reasonable session timeout thresholds, limit concurrent sessions per user, enforce SSL/TLS (version ≥ 3.0, key lengths ≥ 128‑bit symmetric, ≥ 1024‑bit asymmetric, hash ≥ 128‑bit), log all critical user actions, conduct code audits before deployment, prohibit plaintext password transmission, require secondary authentication for sensitive operations, provide generic error messages on authentication failure, enforce password policies, implement account lockout after repeated failures, and protect session integrity against tampering and replay attacks.

This article was originally published on 运维人生. http://www.ywadmin.com/?id=75