Security Settings Internet Information Service method 3

Comments: Is your website often hacked, or is it a hacker's "BOT" without looking at it "? If you do not configure security settings for your Web server, it is easy for hackers to "stare" and there is a risk of intrusion at any time. What? Do you think security settings are complicated? It doesn't matter. By introducing the three methods of IIS server security settings, we can effectively prevent attacks.

　　Basic settings, patch, delete, and share

Webmasters usually use Windows servers, but we usually do not have dedicated technical staff to perform security settings through rented or hosted servers. Therefore, some common basic vulnerabilities still exist. In fact, you only need to install server patches to prevent most of the vulnerability intrusion attacks.

After the operating system is installed on the server and enabled, install various patches. The server patch installation method is similar to the XP system we use, so we will not go into details here.

After basic patch installation is completed, the more important thing is to set accessible ports. Generally, the server only needs to open the necessary ports for providing Web services, and other unnecessary ports can be disabled. However, do not disable the remote port 3389 of the management server.

Deleting the default share is also a required step. After the server enables sharing, it is likely to be infiltrated by viruses or hackers to further escalate permissions or delete files. Therefore, we should try our best to disable file sharing. You can delete default shares in multiple ways. For example, you can disable the default share function of drive c by using the net share c $/delete command.

　　Permission allocation to prevent virus and Trojan Horse intrusion

Good server permission settings can minimize the risk. If the permission settings for each IIS Site are different, it is difficult for hackers to intrude into the entire server by means of bypass attacks. The following describes how to set permissions.

In the system, permissions are divided by users. To manage users, you can choose Start> program> Management Tools> Computer Management> local users and groups on the server ", you can see all the system users and user groups on the management server.

When partitioning a server, you need to divide all the hard disks into NTFS partitions, and then you can set the permissions that each partition has for each user or group. You can right-click the folder to which you want to set permissions and select "Properties> Security" To Set permissions for files or folders.

For a website, you need to assign an IIS Anonymous user to each website. In this way, when a user accesses your website file, the permission is limited to the website directory, it can effectively prevent other websites from being infiltrated.

　　Component Management makes insecure components disappear

The server supports many components by default, but these components will also become harmful. The most dangerous components are wsh and shell, because they can run the exe program on the server hard disk, for example, they can run Elevation of Privilege programs to enhance Serv-u permissions or even use Serv-u to run system programs with higher permissions.

The simplest way to uninstall the most insecure component is to directly Delete the corresponding program file.

TIPS: In addition to the above Security Settings, you must pay attention to some operation details. For example, Do not browse the Web page on the server, install anti-virus software for the server, install anti-ARP attack software and other security programs.