Operating System Security Configuration

1. run the "Regedit" command to start the Registry Editor, configure security items in the Windows registry (1), disable the Windows Remote Registry Service, and run the "Start-> Run" command in the taskbar ", enter Regedit to enter the Registry Editor. Locate the "RemoteRegistry" item under HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services in the registry .) Right-click "RemoteRegistry" and select "delete ". (2) modify the system registry to prevent SYN flood attacks (a) locate the Registry location: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters to create a New DWORD Value named SynAttackProtect. (B) Right-click to modify
The attribute of the synattackprotec t key value. (C) In the "Edit DWORD Value" dialog box, enter "2" in the value data column (D) and click "OK" to continue adding the following key values to the Registry, prevent SYN flood attacks. Enablepmtudiscovery REG_DWORD 0 NoNameReleaseOnDemand REG_DWORD 1 EnableDeadGWDetect REG_DWORD 0 KeepAliveTime REG_DWORD 300,000 running mrouterdiscovery REG_DWORD 0 enableicmpredirects
REG_DWORD 0 (3) modify the registry to prevent IPC $ attacks: (a) Search for the restrictanonymous entry of "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA" in the registry. (B) Right-click and select "modify ". (C) Add "1" to the "Edit DWORD Value" dialog box and set "restrictanonymous" to "1 ", in this way, you can disable connections to IPC $ and click OK. (4) Disable default sharing by modifying the Registry () for default sharing of C $, d $, and ADMIN $ types, you must find the "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters" item in the registry. Right-click the blank area on the right of the item and choose New DWORD from the shortcut menu.
(B) add the key value "AutoShareServer" (type: "REG_DWORD", value: "0 "). Note: If the system is Windows 2000 Server or Windows 2003, you must add the key value "AutoShareServer" (type: "REG_DWORD", value: "0") to this item "). If the system is Windows 2000 pro, you should add the key value "auto1_wks" (type: "REG_DWORD", value: "0") in this item "). 2. configure local security policies through "Control Panel \ Administrative Tools \ Local Security Policy" (1) do not Enumerate accounts in the "Security Settings" directory tree on the left side of the "Local Security Policy" list. Expand "Local Policy" and "Security Options" layer by layer ". View the list of related policies on the right, find "Network Access: Anonymous Enumeration not allowed for SAM accounts and sharing", right-click and choose "properties" from the pop-up menu ", then, a dialog box is displayed. Activate the "enabled" option and click "Apply" to make the setting take effect. (2) The user name of the last logon is not displayed. 3.
Open IE, select Tools \ Internet Options \ Security, and set security for IE (1) custom security level in Internet Options (2) set to add trusted and Restricted Sites. 4. create a user group and create a new account in this user group. 5. Set your local security policies, including password policies and account locking policies. (1) Open "Control Panel" → "Administrative Tools" → "Local Security Settings", (2) Set Password Complexity Requirements: Double-click "the Password Must Meet Complexity Requirements ", the "Local Security Policy Settings" interface appears. You can select "enabled" as needed and click "OK" to enable password complexity check. (3) set the minimum password length: Double-click "Minimum Password Length" and set the password length to more than 6 characters. (4) set the maximum password retention period: Double-click "Maximum Password retention period" and set the password expiration period to 60 days. The password set by the user is valid only within 60 days. (5) Click "account lock policy" in the list on the left, (6) set the account lock time: Double-click "account lock time" to set the user lock time to 3 minutes, the account remains locked for 3 minutes after each lock. (7) set the account lock threshold value: Double-click "account lock threshold value" to set the account lock threshold value to three times. 6.
Create a folder and set its access control permissions. (1) create a folder on the E disk, right-click the folder, select "properties", and select the "Security" tab in the Properties dialog box, you can set the access control permissions for folders, as shown in. (2) Delete the "everyone" User Group on the page, join the "experiment" User Group we created, and set the permissions of the "experiment" User Group to "read-only ". (3) Log On As a user try to verify the above settings. 7. Learn to use the Event Viewer to view three types of logs. (1) log on to the system as an administrator. Open "Control Panel"> "Administrative Tools"> "Event Viewer". Three types of logs are recorded in the system. (2) double-click "application logs" to view the application logs recorded by the system. (3) double-click a piece of information in the details pane on the right to view the details of the event recorded in the information. You can view the Security Log and system log in the same way.