Essential Security Checklist for Ops: From Port Hardening to Data Protection

Recently I heard the saying: operations is essential, security is a luxury. Security issues keep appearing—servers go down, databases are compromised, and incidents are frequent, yet many companies still ignore security for three main reasons: lack of dedicated staff, perceived cost, and a false sense of safety.

After experiencing two security incidents—a Windows server compromised with a backdoor and a Linux server exploited for cryptomining—I realized the importance of basic security practices.

Port Security

Most applications communicate via TCP/IP; to expose services you open ports like HTTP/HTTPS, SSH, RDP. Recommended principles: only ports 80 and 443 are open to the public; remote maintenance ports should be whitelisted; prefer using 443 over 80.

Use iptables on regular servers or cloud security groups on cloud instances.

System Security

Following Level 3 protection standards would require many measures, but I focus on three areas: login/password management, vulnerability management, and baseline checks.

Login/Password Management

Increase password complexity

Set password expiration

Regularly change passwords

Limit password retry attempts

Check for empty passwords

Disable empty‑password logins

Prefer SSH keys for authentication

Use a bastion host for access control

Vulnerability Management

Vulnerabilities are endless; we must regularly scan and patch systems, avoiding a complacent attitude.

Cloud providers often offer basic vulnerability scanning, but remediation usually requires additional effort or paid tools.

Baseline Checks

Daily baseline checks cover weak passwords, account permissions, identity verification, password policies, access control, security auditing, and intrusion prevention.

Application Security

Applications are the business foundation; insecure code can expose vulnerable components, unencrypted passwords, or leaked keys.

Application vulnerability scanning

Web application firewalls (WAF) for backdoor protection

Key leakage prevention

Intrusion detection

Network Security

Network defense often relies on purchasing solutions (e.g., DDoS protection). Brute‑force attacks can be mitigated by IP blocking, though it may be cumbersome.

Data Security

Key data‑security practices include preventing SQL injection, masking sensitive data, database auditing, access control, and redundant backups.

For databases, use a database bastion host, avoid granting read/write rights to individuals, assign one account per application, and mask sensitive fields.

In summary, security requires continuous investment—both monetary and human—and the cheapest effective measures are often basic best practices.

Reply with 安全 to receive a recommended security beginner course.