1. Make sure all servers use the latest system and put on the security patches. Computer Emergency Response Coordination Center found that almost every system that is subject to DDOS attacks does not patch in time. 2. Make sure the administrator checks all hosts, not only for critical hosts. This is to ensure that the administrator knows what each host system is running? Who is using the host? Who can access the host? Otherwise, even if the hacker infringes the system, it is difficult to find. 3. Make sure that unused services such as FTP or NFS are removed from the directory or file database of the server. There are some known vulnerabilities, and hackers can access privileged systems through root attacks and access other systems - even affected by firewalls. 4. Make sure all services running on UNIX have TCP packages, restrict access to the host. 5. The internal network is forbidden to connect to the PSTN system via MODEM. Otherwise, the hacker can discover unprotected hosts through the telephone line, instantly access the extremely confidential data. 66. It is forbidden to use network access programs such as Telnet, FTP, RSH, RLogin, and RCP to replace the PKI-based access program such as SSH. SSH will not deliver passwords in a clear text in the Internet, while Telnet and Rlogin are just in contrast, and hackers can search for these passwords to immediately access important servers on the network. In addition, it should be deleted on .rhost and hosts.equiv files, because these files will provide login access as not guessed! 77. Limit to the firewall to share with the network file. This will make hackers have the opportunity to intercept system files, and replace it with Trojan horses, and the file transmission function will fall into the paralysis. 88. Make sure there is a newest network topology map. This picture should be demonstrated in detail TCP / IP address, host, router, and other network devices, should also include network boundaries, non-military districts (DMZ), and internal confidential parts of the network. 99. Run the port mapping program or port scan program on the firewall. Most events are caused by improper firewall configuration, so that the DOS / DDoS attack has high success rate, so we must carefully check the privileged port and the non-privileged port. 10. Check the log of all network devices and host / server systems. As long as the log occurs or changes, it is almost certain that the relevant host security is affected. 11. Use DDOS equipment providers. Unfortunately, no network can be protected from DDOS attacks, but if the above measures can be taken, it can play a certain preventive role.