VM Security Settings

This article is only a relatively safe measure compared with the current security measures, as follows:
1. How to Run asp scripts with the system permission?
Modify the virtual directory corresponding to your asp script and change "application protection" to "low "....
2. How to Prevent asp Trojans?
Asp Trojan Based on FileSystemObject Components
Cacls % systemroot % system32scrrun. dll/e/d guests // disable the use of guests
Regsvr32 scrrun. dll/u/s // Delete
Note: The FSO of the server cannot be used;
Enter the following command in the CMD command line status:
Close the command: RegSvr32/u C: WINNTSYSTEM32scrrun. dll
Open the command: RegSvr32 C: WINNTSYSTEM32scrrun. dll
Asp Trojan Based on shell. application Components
Cacls % systemroot % system32shell32. dll/e/d guests // disable the use of guests
Regsvr32 shell32.dll/u/s // Delete
Appendix: cacls.exe parameter usage
/T -- change the ACL of the specified file in the current directory and all its subdirectories;
/E -- edit the ACL without replacing it;
/C -- continue when an access denial error occurs;
/G user: perm -- Grant the specified user access permission. Perm can be R (read), W (write), C (change, write), F (full control );
/R user -- revoke the access permission of the specified user (only used with/E );
/P user: perm -- replace the access permission of the specified user;
/D user -- deny access from the specified user
3. How to encrypt asp files?
Download sce10chs.exe from Microsoft for free and run it directly to complete the installation process.
After installation, the screnc.exe file will be generated, which is a command tool running on dos promapt.
Run screnc-l vbscript source. asp destination. asp
Generate the new file destination. ASP that contains the ciphertext asp script
Use NotePad to open and view all the "" content, no matter whether the annotation is used or not, it will become unreadable ciphertext.
However, Chinese characters cannot be encrypted.
4. How to extract urlscan from IISLockdown?
Iislockd.exe/q/c/t: c: urlscan
5. How can I prevent the Content-Location header from exposing the internal IP address of the web server?
Run
Cscript c: inetpubadminscriptsadsutil. vbs set w3svc/UseHostName True
Restart iis.
6. How can I solve the internal error of HTTP500?
Most internal iis http500 errors
This is mainly because the password of the iwam account is not synchronized.
We only need to synchronize the password of the iwam_myserver account in the com application to solve the problem.
Run
Cscript c: inetpubadminscriptssynciwam. vbs-v
7. How to Enhance iis's defense against SYN Flood?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
Enable syn attack protection. The default value is 0, indicating that attack protection is not enabled. The values 1 and 2 indicate that syn Attack Protection is enabled, after which 2 is enabled.
The security level is higher. under which circumstances is an attack, You Need To retried according to the following TcpMaxHalfOpen and TcpMaxHalfOpenRetried values
Set conditions to trigger the startup. It should be noted that NT4.0 must be set to 1. If it is set to 2, the system will be restarted under a special data packet.
"SynAttackProtect" = dword: 00000002
The number of semi-connections that can be opened at the same time. The so-called semi-connection indicates a TCP session that is not fully established. The netstat command shows that the session is in the SYN_RCVD state.
Yes. Here, we recommend that you set the server to 100 and the Advanced Server to 500. It is recommended that you set it a little smaller.
"TcpMaxHalfOpen" = dword: 00000064
Determine whether an attack is triggered. The recommended value is Microsoft. The server is 80, and the Advanced Server is 400.
"TcpMaxHalfOpenRetried" = dword: 00000050
Set the wait SYN-ACK time. The default value is 3, which is 45 seconds by default. The item value is 2 and the consumption time is 21 seconds.
The item value is 1 and the consumed time is 9 seconds. The minimum value can be set to 0, indicating no waiting. The consumed time is 3 seconds. This value can be modified based on the attack scale.
2 is recommended for Microsoft Site Security.
"TcpMaxConnectResponseRetransmissions" = dword: 00000001
Sets the number of TCP retransmission times for a single data segment. The default value is 5. By default, this process takes 240 seconds. 3 is recommended for Microsoft Site Security.
"TcpMaxDataRetransmissions" = dword: 00000003
Sets the critical point of syn attack protection. When the available backlog becomes 0, this parameter is used to control the Enable of syn attack protection. For Microsoft site security, 5 is recommended.
"TCPMaxPortsExhausted" = dword: 00000005
Disable IP source routing. The default value is 1, indicating that the source route package is not converted. If the value is set to 0, it indicates that all packets are forwarded. If it is set to 2, it indicates that all accepted packets are discarded.
Source Route package. 2 is recommended for Microsoft Site Security.
"DisableIPSourceRouting" = dword: 0000002
The maximum time allowed to be in the TIME_WAIT status. The default value is 240 seconds. The minimum value is 30 seconds and the maximum value is 300 seconds. We recommend that you set it to 30 seconds.
"TcpTimedWaitDelay" = dword: 0000001e
8. How to hide the iis version?
A hacker can easily telnet to your web port and send a get command to obtain a lot of information.
Iis stores the following dll files for iis banner:
WEB: C: WINNTSYSTEM32INETSRVW3SVC. DLL
FTP: C: WINNTSYSTEM32INETSRVFTPSVC2. DLL
SMTP: C: WINNTSYSTEM32INETSRVSMTPSVC. DLL
You can use a hexadecimal editor to modify the keywords of those dll files, such as Microsoft-iis/5.0 in IIS.
The specific process is as follows:
1. stop iis iisreset/stop
2. delete files with the same name under the % SYSTEMROOT % system32dllcache directory
3. Modify