web| Security | Site is some of my experience, I hope to be useful to you, but you know, absolute security is not. This is the reason for the existence of a network management. So. A rainy day is a good thing. But it is not an unwise to mend.
Please see my experience is.
1. Take a look at MS's security bulletin, which is preferred. Subscribe to the security technology magazine. (MS for FREE!) If it is genuine NT, it will have the latest security e-mail. ensure timely updating.
2. How big patches, must pay attention to the order, if installed system software, but also to be mended. (If you add the SMTP service later, you will also need to SP1, etc.), otherwise it may cause the old file to be overwritten.
3. Improve your security policy, or you can use Microsoft's security templates. There are some good automatic templates. Can be added automatically as needed.
4. Increase the audit strength, audit permissions relatively large operation.
5. Password changed on time. must conform to policy.
6. A number of security forums are often used. Such as: Green Union technology, demon Fox site.
7. The level of the account must be more points, if you can implement the function, do not give greater authority.
8. Remove the extra service. such as: (ftp,smtp,nntp,telnet) redundant scripts, examples. such as many script libraries in IIS, you can not.
9. Get rid of some dangerous commands. Do not share C disk.
10. Often look at the log, events.
11. Do not install remote administration of HTML.
12. It is best to install some hacker tools to simulate the attack. See if there's a problem.
13. Install the port scanning tool. See if there are any unused open ports.
14. Install some tools to prevent eavesdropping, remove some sniffer hidden in the port, and prevent the password data from being intercepted.
15. The best debugging-side management is remote administration. Password encryption policy is higher. prevented from being intercepted.
16. Modify some options with the registry. such as automatically displays the name of the last login.
17. Get rid of the administrator's default name. This can be more than a level of protection!
18. Password Policy .... Cond!
