Windows 2000 Security Checklist-Advanced Articles

Source: Internet
Author: User
Tags connect net version access root directory backup

Advanced Security Articles

1. Close DirectDraw

This is the C2 level security standard for video cards and memory requirements. Shutting down DirectDraw may have an impact on some programs that need to use DirectX, but for most commercial sites it should be unaffected. Modify the Registry Hklmsystemcurrentcontrolsetcontrolgraphicsdriversdci Timeout (REG_DWORD) is 0.

2. Turn off default sharing

Win2000 installed, the system will create some hidden shares, you can play in the cmd net share view them. There are many articles on the internet about IPC intrusion, I believe you must be familiar with it. To disable these shares, open Administrative Tools > Computer Management > Shared Folders > Shares right-click on the appropriate shared folder, point to stop sharing, but after the machine restarts, these shares will be reopened.

Default shared directory paths and features

C $ d$ e$ The root directory of each partition. Win2000 Pro version, only the administrator

and Backup Operators group members to connect, Win2000 server version

The Server Operatros group can also connect to these shared directories

admin$%SYSTEMROOT% A shared directory for remote administration. Its path is always

Point to the installation path for Win2000, such as C:winnt

fax$ in Win2000 server, fax$ will arrive when fax client sends faxes.

ipc$ NULL connection. Ipc$ sharing provides the ability to log on to the system.

NetLogon This shared net Login service in Windows 2000 Server is

Used when Riden land domain request

print$%systemroot%system32spooldrivers users to remotely manage printers

3. Prohibit the generation of dump file

Dump files are a useful search for problems when the system crashes and blue screens (or I translate them literally into junk files). However, it can also provide hackers with some sensitive information such as the password of some applications. To disable it, open the Control Panel > System Properties > Advanced > Boot and failback to change the write debug information to none. When you want to use it, you can reopen it.

4. Use file encryption system EFS

Windows2000 powerful encryption system can give disk, folder, file plus a layer of security. This will prevent someone from hanging your hard drive on another machine to read the data. Remember to also use EFS for the folder, not just a single file. Specific information about EFS can be viewed in http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

5. Encrypt Temp Folder

Some applications copy things to the Temp folder when they are installed and upgraded, but they do not clear the contents of the Temp folder themselves when the program is upgraded or closed. Therefore, the Temp folder encryption can give your file a layer of protection.

6. Lock the Registry

In Windows2000, only administrators and Backup Operators have permission to access the registry from the network. If you think it is not enough, you can further set registry access, for more information please refer to http://support.microsoft.com/support/kb/articles/Q153/1/83.asp

7. Clears the paging file when shutting down

The paging file, which is the dispatch file, is the hidden file that Win2000 uses to store parts of programs and data files that are not loaded into memory. Some third party programs can have some unencrypted passwords in memory, and the paging file may contain other sensitive information. To clear the paging file when the computer is shut down, you can edit the registry hklmsystemcurrentcontrolsetcontrolsession managermemory Management sets the ClearPageFileAtShutdown value to 1.

8. Disable boot system from floppy disk and CD ROM

Some Third-party tools can bypass the existing security mechanisms by booting the system. If your server is highly secure, consider using removable floppy disks and optical drives. It's a good idea to lock up the chassis and throw them away.

9. Consider using a smart card instead of a password

For passwords, always make the security manager dilemma, vulnerable to 10phtcrack tools such as attacks, if the password is too complex, users to remember the password, will write the password everywhere. If conditions permit, it is a good solution to use smart cards instead of complex passwords.

10. Consider using IPSec

As its name implies, IPSEC provides security for IP packets. IPSEC provides authentication, integrity, and selectable confidentiality. The sender computer encrypts the data before it is transmitted, and the receiving computer decrypts the data after it receives the data. The use of IPSec can greatly enhance the security of the system. For more information about ipses, refer to Http://www.microsoft.com/china/technet/security/ipsecloc.asp



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.