No tools such as anti-virus software, firewall, and Trojan purge. How do you protect the server? In fact, Windows 2000 Server, as a Server operating system, has many built-in commands to maintain network security. As long as you can make good use of them, it can also effectively protect Server security. Next, let's take a look at the power of a small command to maintain network security!
1. Dos service Initiation
One day, the server suddenly becomes "unresponsive". What is the problem? In most cases, attackers intrude into the server system to enable a special network service on the server. If the service is not stopped in time, the server system resources will soon be exhausted.
In fact, with the "net start" command built in Windows 2000 Server, you can clearly know which services are enabled in the current system and immediately disable unknown services. Open the system's run dialog box, enter the cmd command in it, and click the Enter key, the screen will be switched to the MS-DOS status. In the doscommand line, you can directly execute the "net start" command, and then the system will automatically list all the services that have been started (1 ); check carefully which services are of unknown origins, and then execute the "net stop server" command in the command line (the Server is a specific unknown service ), temporarily stop this unknown service.
2. Forcibly specify a password policy
To prevent accounts that log on to the server from being "stolen" by other criminals, you can use the "net accounts" command to force logon users to change their bad password habits. For example, the number of "forced" passwords must be at least a few digits, and "forced" users must change their passwords on a regular basis.
For example, if a Server login user is required to create an access account with at least six digits of the password, you can directly enter the "Net Accounts/MinPWLen: 6" command in the doscommand line and click the Enter key, the number of password digits of the new account will be "forced" at least 6 digits.
If you want to force the user to change the password in a timely manner within the specified time, You can execute the following command "Net Accounts/minpwage: n" (where n is the specific number of days); for example, if you need to change the password every six days, you only need to execute "Net Accounts/minpwage: 6. If you want to specify that the user must change the password within a certain period of time, you can run the "Net Accounts/minpwage: n1/maxpwage: n2" command, where "n1" is the minimum number of days, "n2" indicates the maximum number of days required.
3. check who is secretly connected
If you suspect that your server has been secretly planted by hackers as a Trojan, Or you suspect that the server system has been infected with viruses, however, if you do not have a professional trojan or virus scanning tool, you can run the built-in network command "netstat" on Windows 2000 Server ", to check who is secretly connecting to your server.
The netstat command allows you to clearly understand how the server is directly connected to the Internet, and lists all the connection information on the current server in detail, including Network Interface Information, network connection information, and route table information.
When you use a command to check network connections, you can directly enter the "netstat-a" string in the doscommand. After you click the Enter key, you will be in the network connection list shown in figure 2, see who is secretly connecting to your server. As shown in figure 2, port 4932 from the "61.51.100.13" host and port 50486 from the "218.83.185.252" host have established an HTTP connection with the server.
In addition, if you find that an unknown port is opened in the "Local address" column, for example, port 7626 of an ice horse, it indicates that a trojan already exists on your server. In this case, you must promptly disconnect the connection between the server and the Internet, and use the trojan scan tool or virus scan tool to clear the Trojan horse from the server to ensure the security of the server. In short, with the "netstat" command, you can fully monitor the connection status of the server to control server security.
4. check account exceptions
Many hackers like to use the "clone" login account method to secretly destroy the server system. These Hackers often use the method of activating an infrequently used default account on the server, and then using professional tools to "Upgrade" the default account to administrator permissions. At first glance, it seems that the default account is no different from the usual, but after "Upgrade", it has become the biggest security risk of the server. You can use the "net user" command to check exceptions of the server account in a timely manner.
First, execute the "net user" command in the doscommand line, and then you can know which user accounts are included in the server. Run the "net user username" command to check the permissions of each user account. For example, to view the permission of a Guest account, you can directly execute the "net user guest" command. In the displayed interface, check whether the Guest account has become a member of the "administrator" group. If yes, the server system has been attacked by hackers. In this case, do not hesitate to directly run the "net user guest/delete" command to delete the account.
5. Hide the server
To prevent hackers or other illegal attackers from easily searching for the name of a LAN server, you can use the "net config" command to temporarily hide the name of the server. As a result, even if the illegal users in the LAN fail to find the server through the neighbor window on the network, the risk of external attacks on the server will be greatly reduced.
When you want to use commands to hide the server name, you can directly enter "net config server/hidden: yes" (where server is the server's computer name) in the doscommand line. Press enter, the computer name of the server will automatically disappear from the network neighbor window, so that hackers cannot know what the server name is, let alone how to attack it.
