Security first makes your IIS impeccable

If nt4/win2000 is installed on your computer, you can directly use it as an Internet server. Microsoft has many patches, but there are still some vulnerabilities. Now let's talk about how to use IIS to build a server with high security performance.

1. Based on the security mechanism of Windows NT

1) patch SP6 for NT and SP2 for 2 K. Convert the file system of the disk to NTFS (the partition of the installation system can be converted when the system is installed, or after the system is installed, use a tool for conversion ). At the same time, remove the write and modification permissions of Everyone from the permission, and remove the key directories, such as WinntRepair's read permission.

2) modify the shared permission. Choose NT> program> Management Tools> System Policy Editor, then, open "open registry" in the File menu in the system policy and modify the windows NT Network to remove it. In 2 K, you can write a net share c $/delete bat file and put it in the startup task of the machine.

3) Rename the system administrator account. At the same time, change the password of the system administrator to strong encryption: the password must contain more than 10 characters, and the password must contain numbers, letters, and ,! And other characters.

4) Disable NetBIOS on TCP/IP. Disable binding between NetBIOS and TCP/IP through the network attribute binding option.

5) install other services. Try not to install database services on the same server. If installed, the most important thing is that the database password cannot be the same as the system login password.
2. Set the IIS Security Mechanism

1) IIS4 and earlier versions are attacked by D. O.S and the service will be stopped. Run regedit32.exe at: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw3svcparameters to add a Value: Value Name: MaxClientRequestBuffer Data Type: REG_DWORD to specify the maximum length of URLs allowed by IIS. Set CNNS to 256.

2) Delete the HTR script ing.

3) set the/_ vti_bin directory under IIS web server to disable remote access.

4) on the IIS console, click the web site, properties, select the main directory, configure (starting point), and map the application to delete the webing between htw and webhits. dll.

5) if the installed system is 2 K, install Q256888_W2K_SP1_x86_en.EXE.

6) Delete: c: Program FilesCommon FilesSystemMsadcmsadcs. dll.
　
7) if you do not need to use Index Server, disable or uninstall the service. If you use Index Server, disable the "Index this resource" option of the directory containing sensitive information.
　
8) solve the unicode vulnerability: 2kunicode.exe1_ntinstall ntunicode86.exe.

After the above settings, I dare not say that it is completely safe. Do not go back to sleep! But you can relax!

Although Microsoft products are easy to use, their vulnerabilities are the most common in the same analogy. as a network administrator, you must always pay attention to the emergence of new vulnerabilities and take appropriate measures in a timely manner to be prepared!