Windows Server Security Considerations What time do you do?

With the rapid development of computer technology, the business processed on computers is also developed from the mathematical operation of single machine, the processing of documents, the internal business processing of the internal network based on simple connection, the office automation and so on to the complex internal network (Intranet), Enterprise External Network (Extranet), Enterprise-Class Computer http://www.aliyun.com/zixun/aggregation/34332.html "> Processing systems and worldwide information sharing and business processing for the global Internet."

At the same time, the system's ability to connect is increasing. But in the connection ability information, the circulation ability enhancement at the same time, the network connection security problem is also increasingly prominent, the overall network security mainly manifests in the following several aspects: The network physical security, the network topology structure security, the network system security, the application system security and the network management security and so on.

Therefore, the problem of computer security, should be like every household fire anti-theft problem, as a precaution in the first place. Even if you don't think you're going to be a target, the threat is already there, and when it happens, it's often taken by surprise, causing a lot of damage.

Years of unfinished business, network security is increasingly important, the recent hacker attacks are more and more, for the webmaster sometimes is a nightmare. Here I have to do some of my own station security experience to share with you, maybe I said you may feel too simple, but I hope that some friends are need this information, can help one or two also worthy of my writing this article.

1. Server Limited port

Install the system, the first limit to use TCP/IP port filtering function, open some of the ports you need, others do not open, only 80, 21 (20), 3389 (remote management).

Of course, with the software firewall can also be.

2. Make all the patches

That doesn't explain it.

3. Install anti-virus software (optional)

If you are more than a person to use, the proposal or put on the good, just in case, if you use it, and can guarantee the upload of no poison can not be installed.

4, turn on Automatic Updates, but manual installation

This allows you to download it backstage and install it selectively.

5, disable some script components, at least have to change the name of the

6, disable the guest user, rename the administrator, and then set the password more complex, including some special characters.

7, disable some of the default services, on this, there are many articles on the Internet, I do not elaborate, need to find a friend online.

8, disable Cmd.exe, disable Net.exe (so that the command can not be loaded to add users)

9. Set permissions for Web directories individually

10, for each site set up a separate user, and then tied to the web directory below.

11, there is the upload function of the site, the uploaded directory, in IIS set to not run script, run permissions for none.

12, for those who do not need to write operation of those site directory, it is best to delete the directory write right, read-only.

13, in order to prevent the dynamic script being maliciously modified, you can also set the script file read-only + can run

14, if equipped with MSSQL, to remove the disabling of those dangerous system stored procedures, there are many online, find it.

15, the ASP website especially to prevent SQL injection. Add the anti-injection code as much as possible.

16, FTP to manage well, do not support anonymous access, password not too easy, better get rid of the default 21 port number

17, if not necessary, prohibit the 1433,1434 port

18, often check the log, the best habit.

19, try not to install your unfamiliar software on the server

20, try not to use IE or other browsers on the server Internet

21, try not to use Outlook or other mail client on the server

Of course, I hope everyone's website can be safe!