Server maintenance security policy solution (1)

Most of the servers we use are windows server 2000 and windows server 2003 windows. server2003 is currently the most mature network server platform, which greatly improves security compared with windows 2000, however, the default security configurations of 2003 and 2000 are not necessarily suitable for our needs. Therefore, we need to complete the security configurations of win2003 and win2000 according to the actual situation. Security Configuration is a relatively difficult network technology. The permission configuration is too strict, many programs cannot run, and the permission configuration is too loose and easy to be hacked. as an administrator, we need to set security policies based on our actual usage and the application to ensure the permanent and secure operation of the server.

★The following are some security policies for our current server situation:

I. windows Account

1. Rename the administrator, for example, change it to an alias, such as boco_ofm, or use a Chinese name (this adds an obstacle to hacker attacks)

2. rename guest as administrator as a trap account, and set strong passwords or disable them directly. (some hacker tools exploit the weakness of guest, the account can be upgraded from an ordinary user to an Administrator group .)

3. In addition to administrator accounts and services, all users must be disabled or deleted.

(1) website accounts are generally used only for system maintenance. Do not use one redundant account, because one more account is at risk of being broken.

(2) In addition to the Administrator, it is necessary to add an account belonging to the Administrator Group; (the accounts of the two administrators groups prevent the Administrator from having forgotten the password of an account and having a backup account number; in addition, once a hacker breaks an account and changes the password, we still have the opportunity to regain control in the short term .)

(3) give all user accounts a complex password (SYSTEM account going out). The password must contain at least 8 characters and contain letters, numbers, and special characters. Do not use familiar words (such as boco), familiar keyboard in ascending order (such as qwert), and familiar numbers (such as 2008. (Password is the focus of hacker attacks. Once the password is broken, there will be no system security at all. By checking the information on the network, A five-character password with only letters and numbers will be cracked in a few minutes)

Ii. Password and User Policy

1. Enable Password Policy

Apply the password policy and enable the Password Complexity Requirements. Set the minimum password length to 8 bits, and set the force password to 5 times for 31 days.

2. Enable User Policy

Use the user policy to set the reset user lock counter time to 30 minutes, the user lock time to 30 minutes, and the user lock threshold to 3 times.