Windows System Server (Web site) Security considerations

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Years of unfinished business, network security is increasingly important, the recent hacker attacks are more and more, for the webmaster sometimes is a nightmare.

Here I have to do some of my own station security experience to share with you, maybe I said you may feel too simple, but I hope that some friends are need this information, can help one or two also worthy of my writing this article.

1. Server Limited port

Install the system, the first limit to use TCP/IP port filtering function, open some of the ports you need, others do not open, only 80, 21 (20), 3389 (remote management).

Of course, with the software firewall can also be.

2. Make all the patches

That doesn't explain it.

3. Install anti-virus software (optional)

If you are more than a person to use, the proposal or put on the good, just in case, if you use it, and can guarantee the upload of no poison can not be installed.

4, turn on Automatic Updates, but manual installation

This allows you to download it backstage and install it selectively.

5, disable some script components, at least have to change the name of the

6, disable the guest user, rename the administrator, and then set the password more complex, including some special characters.

7, disable some of the default services, on this, there are many articles on the Internet, I do not elaborate, need to find a friend online.

8, disable Cmd.exe, disable Net.exe (so that the command can not be loaded to add users)

9. Set permissions for Web directories individually

10, for each site set up a separate user, and then tied to the web directory below.

11, there is the upload function of the site, the uploaded directory, in IIS set to not run script, run permissions for none.

12, for those who do not need to write operation of those site directory, it is best to delete the directory write right, read-only.

13, in order to prevent the dynamic script being maliciously modified, you can also set the script file read-only + can run

14, if equipped with MSSQL, to remove the disabling of those dangerous system stored procedures, there are many online, find it.

15, the ASP website especially to prevent SQL injection. Add the anti-injection code as much as possible.

16, FTP to manage well, do not support anonymous access, password not too easy, better get rid of the default 21 port number

17, if not necessary, prohibit the 1433,1434 port

18, often check the log, the best habit.

19, try not to install your unfamiliar software on the server

20, try not to use IE or other browsers on the server Internet

21, try not to use Outlook or other mail client on the server

Of course, I hope everyone's website can be safe!