The erection of movie server and its security precaution configuration

In order to attract more people to the Internet, many internet cafes have set up a movie server. The setup of the movie server is not very easy to set up a shared hard disk, and then copy the movie on the line, we need to set the movie server as a Web server, and then need to do some security work. This article describes how the movie server is built, and the configuration of the movie server in terms of security precautions.

How to build a movie server

One is the use of special software, such as the United States-Ping VOD system, this software is a powerful, simple VOD system, its built-in high-performance server engine, using multithreading, multiple concurrent streaming technology, client support Web interface on demand or application interface on demand two interface. Supports all current popular media formats and automatically generates Web files, even if you set up a prohibit download will not affect on-demand. The only drawback is that when the film is put on the first level of emissions, if a soap opera is very troublesome.

Another is the use of ASP-edited web, using a shared or streaming media Player to open these movies, such as "file://movie server name/movie/brother-in-law", the advantage is that the film can be categorized, and facilitate the search, such a programmed program can be downloaded in many places. And then by the way to build an FTP server, we have more movies, to share the resources, the use of serv-u software can be very simple to achieve. Of course, on the router also need to map the default port 21, so that you can build a home page, and then through the router to map 80 ports.

Safety precaution work

Because Windows 2000 has more vulnerabilities, there are several things to do after you install it:

1, play the patch

Microsoft's style is three days a small complement, five days a supplement, the loophole too much, make up a little bit better, use "Start →windows Update" and then put all the patches into it.

2. Delete Default Share

1) Delete ipc$ share

The default installation of Windows 2000 is easy for an attacker to get a list of accounts, even if the latest service pack is installed. There is a default shared ipc$ in Windows 2000, and there are also admin$ C $ d$ and so on, and ipc$ allows anonymous users (that is, users who are not logged in) to access the user list by using this default share.

To prevent this, you can change the "Additional restrictions on anonymous connections" in the administrative tools → local Security policy → security settings → Local policies → security options to "do not allow enumeration of SAM accounts and shares." Can prevent most of these connections, but it is not finished, if you use a nethacker as long as the use of an existing account will be able to successfully obtain all the account name. So we need another way to do it.

Create a file Startup.cmd, the content is one line command "net share ipc$ Delete" does not include quotes; add a task to the scheduled task in Windows, perform the startup.cmd above, schedule "execute on computer startup", Or put the file in the "start → program → boot" to let it start to remove the ipc$ share, and then restart the server.

2 Delete admin$ share, modify registry:

Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters increases the AutoShareWks subkey (REG_DWORD) with a key value of 0.

3 Clear the default disk share C $, d$, etc., modify the registry:

Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters, add the AutoShareServer subkey (REG_DWORD), The key value is 0.

3, modify the default user name

In the Rename guest account, "admin tools → local Security policy → security settings → Local policies → security Options" change "Guest" to "ABC" or other name, the following machine login name is named, and then "Rename system Administrator Account" also change.