Although this forum has some similar articles, but this article also has its own unique, is worth seeing
If your computer is newly installed nt4/win2000, it is not meant to be used directly as an Internet server. Although Microsoft's patch has hit a lot, there are still holes. Now let's talk a little bit about how to use IIS to build a server with high security performance.
First, based on the Windows NT security mechanism
1 NT dozen SP6 patches, 2K dozen SP2 patches. Convert the file system of the disk to NTFS (the partition of the installation system can be converted when the system is installed, or after the system is installed, with a tool). At the same time the use of permissions on everyone's write, modify the permissions removed, key directory: such as Winntrepair access to the right to remove.
2 change of share permissions. In the NT down to Start menu--"program-" management tool-"System Policy Editor, and then open the System Policy in the File menu in the" Open registry "Modify the Windows NT network to remove it.
2 k can write a net share C $/delete bat file, placed in the start-up task of the machine.
3 Rename the system administrator account. At the same time the system administrator password changed to strong encryption: password length of more than 10 digits, and password to include numbers, letters,! And all kinds of characters.
4) to revoke NetBIOS on TCP/IP. Revoke the binding between NetBIOS and TCP/IP through the binding options for network properties.
5 Install other services. Should try not to install the database on the same server other services, if installed, the most important point is that the database password can not be the same as the system login password.
Ii. setting up security mechanisms for IIS
1 Resolve IIS4 and previous versions of the D.O.s attack will stop the service.
Run Regedt32.exe in: Hkey_local_machinesystemcurrentcontrolsetservicesw3svcparameters Add a value: Value Name: The MaxClientRequestBuffer Data Type:reg_dword set to the decimal specific value set to the maximum length of the URL that you want to set for IIS to allow. The CNNs is set to 256.
2 Delete the HTR script map.
3 Set the/_vti_bin directory under IIS Web server to prohibit remote access.
4 in the IIS management console, click Web Site, properties, select Home directory, configuration (starting point), application mapping, remove HTW and webhits.dll mappings.
5 If the installed system is 2K, install q256888_w2k_sp1_x86_en. Exe.
6) Delete: C:Program FilesCommon FilesSystemMsadcmsadcs.dll.
7 If you do not need to use the index Server, disable or uninstall the service.
If you use the index Server, disable the option "Index this resource" for directories that contain sensitive information.
8 to solve the Unicode vulnerability: 2K installation 2kunicode.exe, NT installation Ntunicode86.exe.
After the above settings, I still dare not say it is completely safe, you do not go back to sleep Ah! But you can relax!
Microsoft's products, although easy to use, but its vulnerabilities and similar to the most vulnerable one. As a network management to pay attention to the emergence of new vulnerabilities, timely take the appropriate measures to be prepared!
[Come from www.yeshu.com]
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.