How to Ensure the security experience of WINNT + ASP + SQL Web Sites

The following are some of my experiences that I hope will be useful to you, but you need to know that absolute security is not. This is why a network administrator exists. So. It is a good thing to plan ahead. But it is not the best strategy to make up for it.

Please refer to my experience:

1. Let's take a look at the MS Security announcement, which is the first choice. Subscribe to security technology magazine. (MS free !) If it is a genuine nt, there will be the latest secure e-mail. Ensure timely updates.

2. Pay attention to the order of patches. If the system software is installed, it must be supplemented again. (If the SMTP service is added to the backend, re-fill SP1. Otherwise, the old file may not be overwritten ).

3. To improve security policies, you can also use Microsoft Security templates. There are some good automatic templates. It can be automatically added as needed.

4. Increase the review intensity and audit permissions.

5. Change the password on time. The policy must be met.

6. There are often security forums. For example, the aligreennet technology site and the fox website.

7. The account level must be more divided. If you can implement the function, do not grant more permissions.

8. Remove unnecessary services. Example: (FTP, SMTP, nntp, Telnet) redundant scripts. For example, many script libraries in IIS can be avoided.

9. Remove some dangerous commands. Do not share the C drive.

10. Take a look at the logs and events.

11. Do not install remote management of HTML.

12. Install some hacker tools to simulate attacks. Check whether a problem has occurred.

13. Install the port scanning tool. Check whether there are unnecessary open ports.

14. Install some anti-eavesdropping tools, remove some sniffer hidden on the port, and prevent password data from being intercepted.

15. It is best to manage the debugging end during Remote Management. The password encryption policy is higher. To prevent interception.

16. Use the Registry to modify some options. For example, the last logon name is automatically displayed.

17. Change the default name of administrator. In this way, more protection is supported!

18. Password Policy

19. Password security policy. The number of passwords is safe. This is strange. Encryption by MsAlgorithm. It is possible to have a password of more than 14 characters. But in fact few people can remember so many passwords. But it takes about 14 digits. The 7-bit password is safe. (Strange .) Microsoft engineers say that sometimes 7 people are more secure than 10 people. The specific reason is complicated. I give lectures to my younger brother. Omitted.

20. It is recommended that the password contain letters. Number. Case. It is best to add some! · # Characters such as ￥ %. It is hard to guess.

21. After changing the default admini... name, you can create a 14-bit long Administrator name. All letters are allowed. This increases level 1 protection.

22. Increase strategy. Avoid using the enumeration method to guess the account name.

23. To prevent five failed logons, the account is automatically locked for 20 points. Prevent brute force cracking.

24. Create a password policy for classification. Do not use some built-in accounts. For example, "sa ".

25. Increase the SA password. It is better not to use him frequently. Create another administrator account. Create a category account for each user-created database. ASP is the most useful for connection. This ensures the security of other databases.

26. Remove some permissions. Common users are not allowed to use dangerous stored procedures.

27. Remote connection is not allowed for accounts other than administrators. Or add a named pipe.

27. If ASP can use DSN, do not use a connection string. The file inclusion mode is adopted.