The invention belongs to the technical field of communication, and particularly relates to an information security server host protection method, which comprises the following steps of: manufacturing a network filter driver based on a network driver interface specification, including network card receiving filtering and sending filtering to a network card. The network card receiving and filtering comprises the following steps: step 1, judging whether the format of a data packet is a set format or not, and directly discarding a packet in a non-set format; and 2, re-judging the data packet with the set format in the step 1, judging whether a receiving port is a set port or not, and if the set port passes normally, directly discarding a non-set port. According to the method, the server can be prevented from actively establishing the network connection outwards by installing the port filter driver on the network server, the network connection sent to the Trojan from the outside can also be prevented, even if a Trojan program runs in the server, the server cannot be remotely controlled, and then the server can be protected.