Security Configuration Windows2000 Server

First: How to Install

One, the choice of version

I strongly recommend that: in the case of language does not become a barrier, please be sure to use the English version. You know, Microsoft's products are known as "Bugs & Patch", the Chinese version of the bug far more than the English version, and the patch is usually late at least half a month (that is, the general Microsoft released a loophole after your server will be half a month in the unprotected state).

Ii. Customization of components

Win2K installs some common components by default, but it is this default installation that is very dangerous, with the security principle "minimal service + minimal permissions = maximum security", only the services that are really needed are installed. The special note here is the "Indexing Service", "FrontPage Server Extensions", and "Internet service Manager", which are some of the most dangerous services.

Iii. managing the selection of applications

Choosing a good remote management software is very important, not only the security requirements, but also the application needs. Win2K's Terminal service is a remote control software based on RDP (Remote Desktop Protocol), which is fast, easy to operate and more suitable for routine operation. However, Terminal service also has its shortcomings, because it uses the virtual desktop, coupled with Microsoft programming is not rigorous, when you use the Terminal service to install software or restart the server and so on with the real desktop interactive operation, often will appear in distress phenomenon, For example: Restarting Microsoft's authentication server (COMPAQ, IBM, etc.) using the Terminal Service may be turned off directly. Therefore, for the sake of safety, it is recommended to be equipped with a remote control software as auxiliary, and terminal Service complementary, such as pcanywhere is a good choice.

Allocation of partitions and logical disks

Create at least two partitions, one system partition, one application partition. This is because Microsoft's IIS (Internet ihformation Server) often has vulnerabilities, and if you put the system and IIS on the same drive, it can cause system files to leak and even allow intruders to remotely gain administrative power.

Zebian: Bean Technology Application