I. DDoS attack targets:
1. Program Vulnerability (overflow) sensitive information disclosure, application bug
2. Use a weak password.
3. Database (column directory, differential backup, log backup, stored procedure)
4. System permissions configuration (run, upload, write)
5.IIS settings (script execution permissions)
6.FTP settings
7.ARP
Limit the number of consecutive password errors.
Split administrator privileges to cancel the hyper-pipe.
Remove the service ports that you do not need.
To close a service port that is not needed
Restrict permissions for remote logins.
View the server Event Viewer frequently.
The system disk and site settings must be formatted in NTFS for easy setting of permissions.
For the system disk and the site placement disk, the Aministrators and system user rights are cleared.
Enable Windows to bring your own firewall, leaving only the service ports that you need.
Rename administrator, create admin account, as a trap account, set an extra long password, not belong to any group, and disable the guest user.
Gpedit.msc account Policy, three login invalid, lockout time 30 minutes, reset lock count is set to 30 minutes.
Security Policy: Anonymous access to the share, anonymous access to the named channel, remote access to the registry path;
The remote Access registry path and Subpath are empty.
Deny login via Terminal Services.
Account: ASPNET guest iuser_*** iwam_***, NETWORK Sqldebgger
Audit Policies: Account management, account login events, login events, system events, policy changes (success, failure)
Directory service access, object access, privileged use (failed)
Windows Redgistry v5.00 turn off the default share to prevent a null password or weak password intrusion
Hkey_local_machine\system\current Contorl Set\services\lanmanserver\parameters
autoshareserver=dword:000000000
autosharewks=dw:00000000
Web server
Build Web user password, belong to Guset Group
IIS is placed on other disk directories for Web user access, network authentication.
Execute Permissions: Pure script
To modify the log directory method:
Regedit:hkey_local_machine/system/current Control Set/services/evertlog
File D:\cee----d:ceeappevent.evt
Computer security Management (note)