Windows operating system security Settings _win Server

system and disk format selection

1, do not use the ghost version of the Windows XP system

When choosing an operating system, it is best not to select the ghost version of the Windows XP system, because users who use this system version will automatically open remote Terminal Services by default, and there will also be a weak password form of the new account, both easily exploited by hackers, This led to the end of the computer being invaded by a man with ulterior motives. Of course, if only the ghost version of the Windows XP system installation disk does not matter, but please note that after the installation of the system, click the "start" → "run" option, in the Open "Run" dialog box, enter the Services.msc command return, this will start the "service" List dialog box. After you find the Terminal Services service entry, change its properties to the disabled option to determine.

2, the disk selected NTFS format

The NTFS partition format is created with the Windows NT operating system, and as Windows NT4 into the main partitioning format, it has the advantage of being extremely secure and stable, making it difficult to produce file fragments in use, and the NTFS partition has very restrictive user permissions. Each user can only operate according to the permissions given by the system, any attempt to exceed the authority will be prohibited by the system, and it also provides fault-tolerant structure log, you can record all the user's operations, thereby protecting the system security. The NTFS file system also has other advantages, such as: For more than 4GB hard drives, using NTFS partitions, you can reduce the number of disk fragmentation, greatly improve the utilization of the hard disk. NTFS can support file sizes up to 64GB, much larger than 4GB under FAT32, support for long filenames, and so on.

3, collect evidence to catch hackers

As we all know, audit login is a security feature in the local policy, so you want to use audit login to stop the hacker's illegal intrusion. Here we should start with the local security policy, to do this: click the "start" → "run" option, in the Open "Run" dialog box, enter the "Control admintools" command return, in the display of the Administrative Tools page, double-click the Local Policy tab entry, the pop-up Local Security Settings dialog box. Expand the Local policy option on the left, and click the Audit Policy tab. Then double-click the right "Audit logon events" option, will "audit these operations," "Success", "Failure" are selected, in the same way to "Audit account Management", "Audit account login Events", and "Audit directory service Access" are set up, the system will log remote intruder information, so that we can "track down" to catch hackers. For information on how to find records of illegal intruders, we can view them by entering the Eventvwr.msc command in the Run dialog box and opening the Event Viewer.

second, System permissions settings

1, to the disk to set permissions

If you want to set permissions on a disk, your system must be a Win2K operating system, except for Windows XP Home Edition users, and all of its disk drives are in the form of NTFS files, both of which are indispensable. Then you can right-click on the drive you want to set, select the "Properties" option, add adminitrator and system OK, and then select everyone to remove it, click "Advanced" to check "Reset all child object permissions and allow propagate inheritable permissions".

2. Permission settings for certain files

If you want to set up some individual file permissions, we can set the permissions on the file by the cacls command at the command line. This does not rule out that many people are unfamiliar with the use of CACLS commands, can be in the cmd command line, enter the cacls/? command, you can in its cmd command line under the area to display the detailed usage of the command. Here take the 123.txt file as an example, after the command line, enter cacls 123.txt/e/g administrator:f command return, you can process its files. Wait until the cursor is on a different line, enter type 23.txt to test the situation, and there will be a hint of access denied. In addition, the file will be moved to the root of the system disk, to a certain extent, can also prevent Trojan to its loading.

3. Permissions settings for registry Startup items

To prevent a malicious program from modifying some important settings in the Registry's startup entry, we can avoid such malicious situations by giving the startup item the relevant permission settings. Here opens the "Run" dialog box, enter the REGEDT32 command return, in the pop-up "Registry" dialog box, expand the left main part to Hkey_local_ Machinesoftwaremicrosoftwindowscurrentversionrun, right-click the key value to select the Permissions option. Then click Advanced, remove the check from the parent that can be applied to the child object, including those that are explicitly defined here (I), and then click OK to delete the user other than the administrator and the system account. When you are done, check the "Inherit from parent the permission entries that can be applied to child objects, including those explicitly defined here (I)".

third, the system services security Operation

To view the list of services, click the start → run option in the desktop, and in the Open dialog box, open the System Services List dialog window after you enter the Services.msc command return.

The list on the right of its services lists all installed program services for the current system, and if you are not familiar with a service here, you can view the description of its services by double-clicking the service bar, and in the pop-up Properties dialog box. There are times, of course, you may encounter a description of the situation is empty, or its description and the name "Donkey Head Not Horse mouth", then they are very likely to be loaded Trojan to the system services, I suggest you should be such a suspicious service immediately close to avoid unnecessary trouble.

1. Disable Alter/messeng Messenger Service

Based on the Alter/messeng Messenger service, although you can enable administrators to send information to other users on the network, QQ and MSN Chat software is sufficient to replace all the features of their services, and two chat software is very strong in communications, more than based on service delivery information. Another malicious person can use the service, using net send to the network users send spam information, can affect the user's normal access to the Internet. So for this you'd better in the List Service dialog box, double-click the Messeng Messenger service, and in the pop-up Properties dialog box, select the startup type of its Messenger service as the disabled option to turn its service off.

2. Disable ClipBook Service

The opening of the ClipBook service allows administrators to easily view the contents of the local clipboard, but the service is exploited by hackers and provides a convenient view of the Clipboard. If at this time is a like to copy the password to the Clipboard, and then paste to the relevant location of the people, can be imagined by the consequences of the use of people, will be unthinkable.

So here again in the Service List dialog box, locate and double-click the ClipBook service name, and in the associated Properties dialog box that pops up, select the list of Startup items as disabled to turn their services off.

3. Disable Remote Registry Service

Although the Open Remote Registry service allows administrators to remotely manipulate the registry of other computers, it does not know that it also poses potential security risks. For example, the other party to obtain our local computer account and password, and the Ipc$ Air Connection service is also launched, then the hacker can be based on this service in the launch of a malicious program to download a start, imagine your computer will be under orders from him. So Remote Registry service also want to disable it, its operation method ditto can.

4. Close Task Scheduler service

The general remote intruder, in order to facilitate the next remote control after connecting to the victim host through the ipc$ NULL command, will immediately upload the remote controlling wood to the victim host, and then activate the Trojan that was uploaded by using the AT command to make it play a role. and its use at command is based on Task Scheduler scheduling service, so in order to prevent hackers on their own host Trojan, please turn its Task Scheduler service off, so that even after your machine is really hackers uploaded Trojan, it can not activate and run its Trojan.

5. Disable Terminal Services

Terminal services, which are often called remote terminals, can allow multiple users to connect and control a machine, and the desktop and applications displayed on a remote computer can be viewed and manipulated very intuitively. If hackers use the Terminal Services service to log in to the host, the consequences are naturally self-evident, so in order to prevent their services. Here also in the list of services, open the Properties dialog box for the Terminal Services service, change its startup type to a disabled state, and then click OK to make it effective. Then right click on the "My Computer" icon, select the "Properties" option, in the pop-up "System Properties" dialog box, into the above "remote" tab, the inside "Allow Remote Assistance from this computer to send the invitation" check box to remove it.

Iv. take advantage of the Security Center of Windows XP, which can effectively prevent foreign attack

Microsoft has a lot of vulnerabilities, but Windows XP has its own Security Center, which is a "comfort" for the vast majority of user defense attacks. Not only does the Security Center provide a firewall capability for users, but it also has built-in defenses for virus protection software and Automatic Updates to system vulnerabilities in its Security Center. If you want to enter the Security Center at this point, you can open the Security Center dialog box by clicking the "start → control Panel → Security Center" option on the desktop.

To block windows that are ejected from other sites, here we click the Internet Options tab below, and in the pop-up Internet Properties dialog box, cut to the "privacy" tab above, and you will see that there is a pop-up "window blocking" program bar, and then we click the " Settings button, in the Pop-up Blocker Settings dialog box, enter the site address to be allowed in the text box, so you can only accept some of your own set up the normal Web site pop-up window.

In addition, the Security Center also provides firewall capabilities, just below it. Click the Windows Firewall tab to eject the Windows Firewall dialog box window and select the Enable checkbox item from it, and click OK to play the built-in firewall to protect against external attacks. In addition, if you do not want to go to Microsoft's website to download patches, you can click the "Automatic Updates" tab below, in the pop-up "Automatic Updates" dialog box, set a good update time, the system will be at your designated time, automatically help you update the system to download security patches.