IIS Security Configuration Essence

zhaozj2021-02-16  83

Here is the essence of masters, let's take a look, harvest is definitely big! 1. How to make the ASP script run in system permission? Modify the virtual directory corresponding to your ASP script, modify "Application Protection" For "low" .... 2. How to prevent ASP Trojans from ASP Troja CaCls% SystemRoot% / System32 / Scrrun.dll / E / D Guests // Based on FILESYSTEMOBJECT Components Based on Guests Use Regsvr32 Scrrun.dll / U / S / / Remove the ASP Trojan CaCls% systemroot% / system32 / shell32.dll / e / d guests based on Shell.Application Components Ban Guests Use regsvr32 shell32.dll / u / s // delete 3. How to encrypt ASP files? From Microsoft Download free download to SCE10chs.exe to complete the installation process. After installation, the Screnc.exe file will be generated, which is a command tool running on DOS ProPt. Running Screnc - l vbscript source.asp destination.asp Generates new file Destination.asp containing ciphertext ASP scripts Use Notepad to open to see "", regardless of whether it is annotated, it becomes unreadable ciphertext but cannot Encrypted Chinese. 4. How to extract Urlscan from IISLOCKDOWN? IISLOCKD.EXE / Q / C / T: C: / Urlscan 5. How to prevent the Content-Location header from exposing the internal IP address of the web server? Perform CScript C: / INETPUB / Adminscripts / Adsutil.vbs Set W3SVC / UseHostName True Finally, IIS 6 needs to be restarted. How to solve the HTTP500 internal error? Most of the IIS HTTP500 internal errors are mainly due to the password of the IWAM account. We will solve the problem as long as you synchronize the iWam_myserver account in the COM application. Execution cscript c: /inetpub/adminscripts/synciwam.vbs -v 7. How to enhance the ability of the defense SYN Flood iis the Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Services / Tcpip / Parameters] 'Start syn attack protection?. The default value is 0, indicating that the attack protection is not turned on, and the item value is 1 and 2 indicates that SYN attack protection is started. After setting 2, the 'security level is higher, and it is considered to be an attack, and it is necessary to attack the TCPMAXHALFOPEN. The conditions set with the TCPMaxHalfopenRetried value 'are triggered. It should be noted here that NT4.0 must be set to 1, set to 2, which will cause the system to restart under certain special data packets. "SYNATTACKPROTECT" = DWORD: 00000002 'simultaneously allows the open semi-connected number. The so-called semi-connected, indicating an uncompleted TCP session, which can be seen with the NetStat command to see the SYN_RCVD status'. Here, Microsoft recommended values, the server is set to 100, and the advanced server is set to 500. It is recommended to set a little bit a little. "TCPMAXHALFOPEN" = DWORD: 00000064 'Judging whether there is a trigger point of the attack. Here, Microsoft recommended values, servers are 80, and the advanced server is 400.

"TCPMAXHALFOPENRETRIED" = dword: 00000050 'Set the SYN-ACK time. The default value is 3, the default process consumes 45 seconds. The item value is 2, the time consumption is 21 seconds. The 'item value is 1, the time consumption is 9 seconds. The minimum can be set to 0, indicating that it is not waiting, the time consumption is 3 seconds. This value can be modified according to the size of the attack. 'Microsoft Site Safety is recommended to 2. "TCPMAXCONNECTRESERETRANSMISSIONS" = dword: 00000001 'Sets the number of times the TCP retransmit a single data segment. The default value is 5, the default process consumption is over 240 seconds. Microsoft Site Safety is recommended to 3. "TCPMAXDATARETRANSMISSIONS" = DWORD: 00000003 'Sets the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the opening of SYN attack protection, and the Microsoft site is recommended to be 5. "TCPMAXPORTSEXHAUSTED" = DWORD: 00000005 'Disable IP source routing. The default value is 1, indicating that the transmission source routing package, the item value is set to 0, indicating all forwarding, set to 2, indicating that all acceptable 'source routing packages, Microsoft site security recommendation is 2. "DisableipsourceRunting" = dword: 0000002 'Limits the longest time in the Time_Wait state. The default is 240 seconds, the lowest is 30 seconds, up to 300 seconds. It is recommended to be 30 seconds. "Tcptimedwaitdelay" = dword: 0000001E 8. How to avoid * MDB files downloaded? Install the URLSCAN tool released by MS, which can fundamentally solve this problem. At the same time, it is also a powerful security tool that you can get more detailed information from the MS website. 9. How to make IIS's minimum NTFS permission to run? Do the following works: a. Choose the entire hard drive: system: Fully control Administrator: Fully control (Allow you tolerant permission from the parent) B./Program Files / Common files: everyone: Read and run the list of file directory reads (allowed to transmit can be sent to the object from the parent ") C./inetpub/wwwroot: IUSR_MACHINE: Read and run list of file directory reads ( Allows inheritance permission from the parent to the object) E./winnt/system32: Select all directories other than INETSRV and CENTSRV, removal "Allows the transfer of the inherited permissions from the parent to the object" check box, copy. F./Winnt: Select all directory removal other than Downloaded Program Files, Help, IIS Temporary Compressed Files, Offline Web Pages, System32, Tasks, Temp, Web Allows to propagate to the object from the parent ,copy.

转载请注明原文地址:https://www.9cbs.com/read-14163.html

New Post(0)