My thoughts on win server security

By bbs.powers.com.cn

(Note: The following issues are discussed in the ntfs file system)

Set internet user permissions.
For more information about how to delete virtual directories in iis, see IISHelp, IISAdmin, IISSamples, and MSADC.
Useless services, and you do not need to disable them all. Remove all unused main iis components.
Leave an asp ing, which is commonly used and is not commonly used for asp ing.
Create directories for different types of files on the Web site, and assign them appropriate permissions.
For example, static file folders allow reading and writing, ASP script folders allow execution, writing and reading, EXE, and other executable programs allow execution and read/write rejection.

Setting the database to a non-web directory does not matter. If you perform the preceding operations
Set the Log Access permission to the Administrator. Changed the path.
All disks are in full control of the Administrators group and system. Other accounts do not grant permissions.
C: Program FilesCommon Files allows internet accounts to read, read, and run Files and directories.
Cmd is also renamed.
Do not modify ASP data. This prevents downloading and inserts Trojans.

The database is set as the site's parent directory, so that access to the site fails in the HTTP path. add an MDB ing. in this way, the database is basically safe, not so much as basic, because there is no absolute security. technology is developing, and we are working hard!

Overall idea: minimum service = maximum security. No ing or deletion is required, no service is allowed, and no port is blocked.

Used to set permissions and modify paths.

Microsoft's products are upgraded rapidly. Let's look at the management site.
Install the iis plug-in SecureIIS to block some parameters (such as post and get to avoid the popular SQL injection vulnerability .)
Get a Microsoft IIS Lockdown Tool.
\ The technology is very helpful. I hope to share my contact information with you. charm and charm. @ 126.com