Server security Settings _ Advanced Article _win server
Source: Internet
Author: User
1. Close DirectDraw This is the C2 level security standard for video cards and memory requirements. Closing DirectDraw may have an impact on programs that need to use DirectX (such as games, playing StarCraft on the server). I'm dizzy. $%$^%^&?? , but the vast majority of commercial sites should not be affected. Modify the Registry Hklm\system\currentcontrolset\control\graphicsdrivers\dci Timeout (REG_DWORD) is 0.
2. Turn off default sharing Win2000 installed, the system will create some hidden shares, you can play in the cmd net share view them. There are many articles on the internet about IPC intrusion, I believe you must be familiar with it. To disable these shares, open Administrative Tools > Computer Management > Shared Folders > Shares right-click on the appropriate shared folder, point to stop sharing, but after the machine restarts, these shares will be reopened.
Default shared directory paths and features
C $ d$ e$ The root directory of each partition. Win2000 Pro version, only the administrator and Backup Operators group members can connect, Win2000 server version
The Server Operatros group can also connect to these shared directories admin$%SYSTEMROOT% Remote administration shared directories. Its path always points to the Win2000 installation path, such as C:\Winnt
fax$ in Win2000 server, fax$ will arrive when fax client sends faxes.
ipc$ NULL connection. Ipc$ sharing provides the ability to log on to the system.
NetLogon This shared net Login service in Windows 2000 Server is
Used when Riden land domain request
print$%SystemRoot%\System32\Spool\Drivers users to remotely manage printers
Solution:
Open Registry Editor. REGEDIT
Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters
On the right, create a DWORD key named AutoShareServer. Value is 0
3. Prohibit the generation of dump file Dump files are a useful search for problems when the system crashes and blue screens (or I translate them literally into junk files). However, it can also provide hackers with some sensitive information such as the password of some applications. To disable it, open the Control Panel > System Properties > Advanced > Boot and failback to change the write debug information to none. When you want to use it, you can reopen it.
4. Use File encryption system EFS Windows2000 powerful encryption system can give disk, folder, file plus a layer of security. This will prevent someone from hanging your hard drive on another machine to read the data. Remember to also use EFS for the folder, not just a single file. Specific information about EFS can be viewed
Http://www.microsoft.com/windows200...ity/encrypt.asp
5. Encrypt Temp folder Some applications copy things to the Temp folder when they are installed and upgraded, but they do not clear the contents of the Temp folder themselves when the program is upgraded or closed. Therefore, the Temp folder encryption can give your file a layer of protection.
6. Lock the Registry In Windows2000, only administrators and Backup Operators have permission to access the registry from the network. If you think it is not enough, you can further set registry access, for more information please refer to:
Http://support.microsoft.com/suppor...s/Q153/1/83.asp
7. Clears the paging file when shutting down The paging file, which is the dispatch file, is the hidden file that Win2000 uses to store parts of programs and data files that are not loaded into memory. Some third party programs can have some unencrypted passwords in memory, and the paging file may contain other sensitive information. To clear the paging file when the computer is shut down, you can edit the registry
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Set the value of the ClearPageFileAtShutdown to 1.
8. Disable boot system from floppy disk and CD ROM Some Third-party tools can bypass the existing security mechanisms by booting the system. If your server is highly secure, consider using removable floppy disks and optical drives. It's a good idea to lock up the chassis and throw them away.
9. Consider using a smart card instead of a password For passwords, always make the security manager dilemma, vulnerable to 10phtcrack tools such as attacks, if the password is too complex, users to remember the password, will write the password everywhere. If conditions permit, it is a good solution to use smart cards instead of complex passwords.
10. Consider using IPSec As its name implies, IPSEC provides security for IP packets. IPSEC provides authentication, integrity, and selectable confidentiality. The sender computer encrypts the data before it is transmitted, and the receiving computer decrypts the data after it receives the data. The use of IPSec can greatly enhance the security of the system.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.