WIN2008 remote control to ensure security setting tips _win Server

Source: Internet
Author: User
Tags server port telnet program
Although this kind of control method can improve the efficiency of network management, the security threat caused by remote control method is often neglected by managers. To ensure the security of remote control operations on the server, the Windows Server 2008 system has specifically been enhanced in this regard, with a number of new security features being introduced, but not enabled by default, which requires our own hands to set the system properly, To ensure remote control of the security of the Windows Server 2008 Server System.
1. Only allow designated personnel for remote control
If any ordinary user is allowed to remotely control the Windows Server 2008 Server system, the security of the server system must be very difficult to secure effectively. In view of this, we can make the appropriate settings for the Windows Server 2008 Server system, only allow the designated person through Remote Desktop Connection way to remote control, the following is the specific setup steps:
First, open the Start menu of the Windows Server 2008 Server System desktop, expand Programs, Administrative Tools, and Server Manager options in turn, and in the corresponding System Server Manager console window that appears, click the Server Management node option in the left child pane. Then select the Server Summary settings item under the Target Node branch, and then click the Configure Remote Desktop project to enter the Settings dialog box for the remote control Windows Server 2008 system;
Next, click the Select User button in the Remote Desktop section of the Settings dialog box. Open the Setup interface shown in Figure 1, where we see all the user accounts that can be remotely controlled for the Windows Server 2008 Server system, and once you see a strange user account or a user account that does not trust you , we can select it and click the "Delete" button, remove it from the system; Click the Add button in the corresponding settings interface to open the User Account Settings dialog box, select and add the specified administrator user account, and then click OK to end the user account setup operation. As a result, the Windows Server 2008 Server system will only allow remote administration operations by the specified system administrator, and not allow any other user to remotely control the operation.

  

Figure 1

2, refused to attack the administrator test
As with traditional server operating systems, the Windows Server 2008 Server system still uses the Administrator account to perform system logon operations by default, because such an administrator account is particularly vulnerable to being exploited by some illegal attackers, They attempt to log on to the server by cracking the password of the administrator account and try to test it against it. To deny an illegal attacker the use of an administrator account for attack testing, we can set up a Windows Server 2008 Server system by following these steps:
First in the Windows Server 2008 Server System desktop, click Start/Run, and in the pop-up system run text box, enter the Secpol.msc string command, and then click Enter to open the Local Security Group Policy Console window for the corresponding system;
Second, display the area to the left of the Local Security Group Policy Console window. Locate the Security Settings node option in which the mouse is positioned, select Local Policy/security options under the target Node branch, and locate the target security Group Policy account: Rename the system administrator account under the Security Options branch. And right-click the Group Policy option, from the shortcut menu that appears later, perform the Properties command, open the account: Rename administrator account Group Policy Property Settings dialog box, click the Local Security Settings tab in the dialog box, and open the label Settings page as shown in Figure 2. In this page, we can modify the name of the administrator account to other people not easily guessed the name, for example, you can modify it to "Guanliyuan", and finally click the "OK" button to save the above set of actions, The security of the server system can be effectively guaranteed when an illegal attacker attempts to test the Windows Server 2008 Server system with an administrator account.
9 8 :

  

Figure 2

3. Modify Telnet port to secure remote connection
  
The telnet command is the default Telnet program in a Windows Server 2008 server system because it is directly integrated into the server system and is easy to use, so network administrators often use that program when managing servers. However, when you use the Telnet command to remotely manipulate the server system, control information is often transmitted in clear text on the network, some malicious attackers can easily be similar to the account name and password of the control information interception, while the Telnet program authentication method also has obvious weaknesses, That is, it is particularly vulnerable to other people's attacks. Given the telnet command's remote control of the Windows Server 2008 Server System, the "23" default network port is typically used automatically, and the port is almost all familiar to the security of Telnet remote connections, We simply modify the default network port number for this program to prevent others from using the Telnet command to remotely control the server system as follows:
First in the Windows Server 2008 Server System desktop, click the start/Run command, in the pop-up system run text box, enter the "cmd" string command, click the ENTER key, open the corresponding system DOS command line work window;
Second, at the command prompt at the DOS window, the input string command "tlntadmn config port=2991" (where "2991" is the modified new port number) to prevent the newly set network port number from having a conflict with the system's existing port number. We must make sure that the new port number entered here cannot be set to the port number of a known system service; After confirming that the string command is entered correctly, click Enter, and the port number used by the Telnet command will automatically become "2991", at which point the network administrator must know the new port number. To use this program to remotely control operations on a Windows Server 2008 server System.
Of course, we do not go to the server site, can also remotely modify the Windows Server 2008 Server System Telnet program port number, we simply open the DOS command Line Working window on the local client system, at the command prompt at the window, enter the string command "tlntadmn Config server port=2991-u xxx-p yyy "(server indicates the host name or IP address of the remote server system, port=2991 the Telnet port number to be modified, and XXX is the user name to log on to the server system. YYY is the password for the application user account, the Telnet port number of the remote server system becomes "2991" after clicking Enter.
4, force the use of complex passwords to prevent violent cracking
If the remote login password for a Windows Server 2008 Server system is not set to be complex, it is possible for an illegal remote control user to successfully break the login password through brute force. In fact, many network administrators in order to facilitate memory, often the server system remote login password is set relatively simple, this invisible to the illegal attackers to provide the opportunity for brute force, remote control operation Security will
First in the Windo WS Server 2008 Server System desktop Click the Start/program/Administrative Tools command, and in the list of system management tools that appears, double-click the Local Security Policy icon in the following window to open the Local Security Settings dialog box for the corresponding system;
div>
Second displays the area to the left of the Settings dialog box. With the mouse, select the Account Policy Branch option, and then select the Password Policy subkey under the target Branch option, and in the right side of the password policy subkey, we see six set policy options for the password. Double-click the "Password must meet complexity requirements" Group Policy option to open the target Group Policy property Settings window as shown in Figure 3;
Check that the Enabled option is selected, and if it is found that the option has not been selected, we should It should be checked again in time, and then click OK to save the settings, so that when the remote login password for the Windows Server 2008 Server system is not set to be complex, the system automatically pops up the prompts;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.