Discover server security hardening, include the articles, news, trends, analysis and practical advice about server security hardening on alibabacloud.com
First, close unwanted ports I'm more careful, I turn off the port first. Only opened 3389 21 80 1433 Some people have been saying what the default 3389 unsafe, on this I do not deny, but the use of the way can only one of the poor lift blasting, you have changed the password set to 66, I guess he will break for several years, haha! Approach: Local Area Connection--Attribute--internet protocol (TCP/IP)--Advanced--Option--TCP/IP Filter--attributes--Put the tick and add the port you need. PS: Set
security, we only need to set the upload file directory execution permissions for none, so that even if someone broke through the upload component of the security filter, Will Trojan forcibly uploaded to the server , also still can not start Trojan to cause damage, the following screenshot shows how to set directory execution permissions. First, open IIS
1. Close DirectDraw This is the C2 level security standard for video cards and memory requirements. Closing DirectDraw may have an impact on programs that need to use DirectX (such as games, playing StarCraft on the server). I'm dizzy. $%$^%^?? , but the vast majority of commercial sites should not be affected. Modify the Registry Hklm\system\currentcontrolset\control\graphicsdrivers\dci Timeout (REG_DWORD
can save bandwidth. Like pictures, Flash,js, these infrequently altered files, are ideal for setting HTTP expiration. However, it is best not to set up dynamic folders or files, which can create vulnerabilities. Set only static file content expiration. 3 home directory, select Redirect to URL, you can let the weight of this domain name to inherit to the new domain name. Change the domain name do not worry about the weight is gone. You can also set a domain name/a.html jump to B domain/a.html.
1, install the latest version of the server on your server security dog, installation completed, click on the pop-up window on the "Join Now". 2, the use of "service Cloud" account number, password click "Login." 3, Login successfully, the system will automatically add the current server to the "service
for a period of time. "Account lockout time"is how long after the invalid login can continue to try to log on. "Reset account lockout counter"set how long it takes to reset"Account lockout threshold value",must be less than or equal to"Account lockout time". 4, Prohibit Administrator user Remote Desktop loginAdministrator is too glaring , You can disable its Remote Desktop login , and set up an administrator account to perform remote login tasks , So the combination of user name and password i
Restricting external scan behavior through firewall policy Please according to your server operating system, download the corresponding script to run, after running your firewall policy will ban the behavior of the external contract, to ensure that your host will not appear malicious contract, for you to do follow-up data backup operations to provide enough time. Window2003 Batch File @rem Configure the IP
Installation of Windows Server2003 1, the installation system requires at least two partitions, the partition format is formatted with NTFS 2. Install 2003 systems in the case of disconnected network 3, install IIS, install only the necessary IIS components (disable unwanted FTP and SMTP services, for example). By default, the IIS service is not installed, select Application Server in the Add/Remove Win component, click Details, double-click Intern
%, filename=n'F:\Work\SQL\LawyerBlog_log1.ldf'), (name='lawyerblog_log2', size=5MB, FileGrowth=5%, filename=n'E:\SQL\LawyerBlog_log2.ldf') GoView CodeExtended:If it is normal user to have ALTER settings permission to run sp_configure (the general administrator has this permission)to add a data file or log file to a database Connect to the database engine. New Query.">On the Standard menu bar, click New Query. Execute.">Copy and paste the following example into the Query window, and then
The security of the server is very important, especially by hackers to claim, here refers to the use of the web for the right to claim, the web is generally used to network SERVICE account number, and registry changes, so we change the part of the registry to read-only, please look at the following figure: Put the registry locationHkey_users\s-1-5-20Hkey_users\s-1-5-20_classesNetwork SERVICE account full p
"Administrator, System, two accounts for full control" Create a corresponding application pool application pool named Www.jb51.net and set up additional properties for the application pool according to site size and expected access and requirements Establish the IIS site. The site name is Www.jb51.net, and the site's virtual directory is configured Independent establishment of the FSO's virtual directory to give the ASP write permission to execute. Other directories give the ASP the ability to
If you have previously set permissions, please see clearly what the batch content is set in place, if you have already set up a place to delete the direct deletion without the need to repeat the set on it, the general duplicate set also no problem!Description: regsvr32/s/u Wshext.dll has previously used this command to uninstall this component of the server will not be able to set the normal file and textFolder permissions, the old version of the user
cracker cannot use the nbtstat command to read your NetBIOS information and the NIC MAC address. 8. Rename the administrator to the Cytz_admin_ip mantissa. 9. Modify 3389 Port 1. Run Regedt32 and go to this item: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\winstations\rdp-tcp And: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\wds\rdpwd\tds\tcp Note: The a
As Microsoft's latest server operating system, Windows Server 2003 not only inherits the ease-of-use and Stability of Windows 2000/XP, but also provides higher hardware support and more powerful security functions, it is undoubtedly a choice for Small and Medium network application servers. This article describes how to develop
that the Haiyang trojan has lost its role here! PHP security settings: Note the following when installing php by default: C: \ winnt \ php. ini only grants users read permission. In php. ini, you need to make the following settings: Safe_mode = on Register_globals = Off Allow_url_fopen = Off Display_errors = Off Magic_quotes_gpc = On [the default value is on, but you need to check it again] Open_basedir = web directory Disable_functions = passthru, e
Tags: alphabetic number will not TTY RAC 2.3 Association denied access match launchedby Don Kiely, 2014/06/18 The seriesThis article is part of the stair series: a staircase to SQL Server security. SQL Server has everything you need to protect your servers and data from today's sophisticated attacks. But before you can effectively use these
The premise here is that the system is already installed, IIS, including FTP Server, mail server and so on, these specific configuration methods are no longer repeated, and now we focus on the main description of the SafetyAspects of the configuration. About regular security installation systems, setting up and managing accounts, shutting down redundant services,
Label:This article is the third of the SQL Server Security series, please refer to the original text for more information. In general, you implement the security of users and objects on SQL Server by assigning the principal permissions to objects. In this series, you will learn to perform operations and access
SQL Server blocked access to the process ' dbo.sp_set_sqlagent_properties ' of component ' Agent XPs ' because this component was shut down as part of this server's security configuration. System administrators can enable ' Agent XPs ' by using sp_configure. For more information about enabling ' Agent XPs ', see "surface area Configurator" in SQL Server Books Onl
The fewer things on the server, the better, the remote control with only 3389 of the absolute security, do not believe and use the Internet popular those remote control software! Do not install serv-u, really want to pretend to follow this tutorial to do, will not be able to ask me!------------------------------------Create the safest FTP settings for serv-uHttp://www.jb51.net/article/16109.htmAttack defen
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
