Recommended WIN2003 Server Security Configuration complete article 1th/3 page _ Server

Source: Internet
Author: User
Tags net command net send
This article details the security configuration issues in Windows Server 2003, including ports, auditing, default sharing, Disk Management, and firewalls and databases, which I believe will help you gain.

First, close unwanted ports

I'm more careful, I turn off the port first. Only opened 3389 21 80 1433 Some people have been saying what the default 3389 unsafe, on this I do not deny, but the use of the way can only one of the poor lift blasting, you have changed the password set to 66, I guess he will break for several years, haha! Approach: Local Area Connection--Attribute--internet protocol (TCP/IP)--Advanced--Option--TCP/IP Filter--attributes--Put the tick and add the port you need. PS: Set the port needs to reboot!

Of course, you can also change the remote connection port method:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\winstations\rdp-tcp]

"PortNumber" =dword:00002683

Save As. REG file Double click! Change to 9859, of course, we can change the other port, directly open the address of the above registry, the value of the decimal to enter the input you want to the port can! Reboot effective!

There is also a point, in the 2003 system, TCP/IP filtering in the port filtering function, the use of FTP server, only open 21 ports, in the FTP transmission, FTP-specific port mode and passive mode, in the data transmission, the need to dynamically open high-end port, Therefore, in the case of TCP/IP filtering, there is often a problem where the directory and data transfer cannot be listed after the connection. So the addition of Windows Connection Firewall on 2003 system can solve this problem very well, so it is not recommended to use the TCP/IP filtering function of the NIC. Do FTP download users look carefully, the table blame I said I write articles is rubbish ... If you want to turn off unnecessary ports, there is a list in \\system32\\drivers\\etc\\ services that Notepad can open. If lazy, the easiest way is to enable WIN2003 's own network firewall, and port changes. function can also! Internet connection firewalls can effectively intercept illegal intrusion on Windows 2003 servers, prevent illegal remote hosts from scanning the servers, and improve the security of Windows 2003 servers. At the same time, can also effectively intercept the use of operating system vulnerabilities for port attacks, such as the Blaster worm virus. Enabling this firewall feature on a virtual router constructed with Windows 2003 can provide a good protection for the entire internal network.

A description of the port can be accessed by: http://bbs.86dm.net/viewthread.php?tid=7&extra=page%3D1

Second, close the unwanted services to open the appropriate audit policy

I have closed the following services

Computer Browser maintains the latest list of computers on the network and provides this list

Task Scheduler allows a program to run at a specified time

NET SEND and Alarm service messages between the Messenger transport client and the server

Distributed file System: LAN management shared files, no need to disable

Distributed linktracking client: For LAN update connection information, no need to disable

Error Reporting Service: Prohibit sending errors report

Microsoft serch: Provides fast word search without the need to disable

Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable

Printspooler: If there are no printers to disable

Remote Registry: Disable the registry from being modified remotely

Remote Desktop help session Manager: No distance assistance

Remote NET command does not list user group if Workstation is closed

Prohibit unnecessary services, although these may not be used by attackers, but in accordance with security rules and standards, superfluous things do not need to open, reduce a hidden danger.

In "Network Connections", delete all the unwanted protocols and services, install only basic Internet Protocol (TCP/IP), and install the QoS Packet Scheduler in addition to the bandwidth flow service. In Advanced TCP/IP Settings--"NetBIOS" setting disables NetBIOS (S) on TCP/IP. In the advanced option, use Internet Connection Firewall, which is a firewall with Windows 2003, not in the 2000 system, although not functional, but can screen ports, so that has basically reached an IPSec function.

Enter Gpedit.msc carriage return in the run, open Group Policy Editor, select Computer Configuration-windows Settings-security Settings-Audit policy when creating an audit project, it should be noted that if there are too many items to be audited, the more events are generated, the more difficult it is to find a serious event. Of course, if the audit is too small, it will also affect your discovery of serious Events, you need to make a choice between the two depending on the situation.

The recommended items to audit are:

Logon event failed successfully

Account Logon event failed successfully

System Event failed successfully

Policy Change failed successfully

Object access failed

Directory Service access failed

Privilege usage failed
Current 1/3 page 123 Next read the full text

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.