[Windows Server 2003] Server security Hardening

★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com
★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.
★ This section we will lead you: Server Security Hardening
• Due to the wide variety of security factors and different server settings, this section can only introduce a few aspects of security hardening
Surface.
• If you need professional safety reinforcement, purchase the Guardian God "artificial safety reinforcement Service".

1. Update system Patches
Updating patches is the most important step in security hardening.

2. Disable services that you do not need
The following services must be disabled: Server, Workstation, Telnet, Print Spooler, Remote Registry, Routing
And Remote Access, TCP/IP NetBIOS Helper, computer Browser

3. Remove Extra permissions
Because there are so many places to set up the system permissions, we can only publish the common ones.
• All packing directories retain only Administrators and system permissions.
· C:\Documents and Settings retain only Administrators and system permissions
· C:\WINDOWS, C:\WINDOWS\system32 only retain administrators and system, as well as user Read and Execute
· C:\WINDOWS\Temp only retains administrators and system, as well as read and write deletions from users and network service
· C:\WINDOWS\IIS Temporary compressed Files retain only Administrators and system, as well as users and
Read and write deletion of NETWORK service
· C:\WINDOWS\SYSTEM32\MSDTC only retains the administrators and system, as well as the Users and Network service
Read/write Delete
· Some EXE software under C:\WINDOWS\ only retains administrators and system, such as Regedit.exe, Cmd.exe,
Net.exe, Ne1.exe, Netstat.exe, At.exe, Attrib.exe, Cacls.exe, format.com

4. Unloading Dangerous components
regsvr32/u%systemroot%\system32\shell32.dll
Regsvr32/u%systemroot%\system32\wshom.ocx

5. Firewall settings
It is recommended to open only the ports you need, such as: 80, 3389

6. Software drop right setting
Common serv-u, SQL Server, MySQL, Apache, Tomcat and so on have security risks.
Because the setting method is different, please refer to the corresponding course of my station.

7. Installation of Safety Assistant software
There is no absolute security, only as far as possible to improve security, manual + software collocation, in order to maximize security.
Guardian God • Intrusion Prevention system is a set of defense software that sets the level at every step of the hacker's intrusion, through remote monitoring, user
Monitoring, process monitoring, file monitoring and other modules, to keep all uninvited guests out.

After the above reinforcement, for most hackers, the invasion will be more difficult.
Now that this section is over, please visit the Guardian God website (www.huweishen.com) for more instructional videos.

Reprint please indicate the source (http://v.huweishen.com/video/23.html) Thank you!

[Windows Server 2003] Server security Hardening