Win2003 Server security settings (lottery) _win server

The following is intercepted from the use of a set of lottery programs to help provide instructions for using a standalone server in a program. A general look, some things worth learning, special turn to do a collection

1 Change Remote Desktop system default port 3389 to XXXX

System\currentcontrolset\control\terminal server\wds\rdpwd\tds\tcp, PortNumber, XXXX
System\currentcontrolset\control\terminal server\winstations\rdp-tcp, PortNumber, XXXX

2 Windows system-enabled firewall, open the following ports:
ftp
25 Mail
http
110 Mail
143 Mail
3389 fake Remote Desktop, users confuse attackers
XXXX Remote Desktop port

3 in the network component, set up TCP/IP port filtering, only the above ports are enabled.

4 Add a Super Administrator account.

5 through the Gpedit.msc Group Policy tool, the Administrator user is renamed XXXXXXXX, password unchanged
At the same time, a new administrator fake Super user account, and set a 100-bit long password, this user does not belong to any group, does not have any permissions, used to confuse attackers, commonly known as "trap account."

6 Rename the guest Guest account to XXXXXXXX, remove it from the Guests group. A 100-bit long password was set.

7 in the network component, the Neibios protocol is enabled in TCP/IP.

8 Set the SQL Server SA user's password to create a separate user for each database to access the database. Set SQL Server's integrated system user option to disallowed to improve data security.

9 prevent the password from being DUMP, turn off Remote regisitery services inside the service.

10 Modify the registry to prevent SYN flood attacks
System\currentcontrolset\services\tcpip\parameters, SynAttackProtect, 2
System\currentcontrolset\services\tcpip\parameters, EnablePMTUDiscovery, 0
System\currentcontrolset\services\tcpip\parameters, NoNameReleaseOnDemand, 1

11 Modify the Registry to prevent dead gateway monitoring technology
System\currentcontrolset\services\tcpip\parameters, EnableDeadGWDetect, 0
System\currentcontrolset\services\tcpip\parameters, KeepAliveTime, 300000
System\currentcontrolset\services\tcpip\parameters, PerformRouterDiscovery, 0
System\currentcontrolset\services\tcpip\parameters, enableicmpredirects, 0

12 Modify the registry to prevent responding to ICMP routing notification messages
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces, interface, PerformRouterDiscovery, 0

13 Modify the registry to prevent ICMP redirect packets from attacking
System\currentcontrolset\services\tcpip\parameters, enableicmpredirects, 0

14 Modifying the registry so that the system does not support IGMP protocol
System\currentcontrolset\services\tcpip\parameters, IGMPLevel, 0

15 modifying the registry, prohibiting IPC null connections (limit ipc$ default shares)
SYSTEM\CurrentControlSet\Control\Lsa, RestrictAnonymous, 1

16 Modify the registry so that the system does not support routing features
System\currentcontrolset\services\tcpip\parameters, IPEnableRouter, 0

17 Change the TTL value (the hacker can roughly determine your operating system based on a ping-back TTL value, such as: ttl=107 (WINNT); TTL=108 (Win2000); ttl=127 or 128 (Win9x); ttl=240 or 241 (Linux); ttl=252 (Solaris); ttl=240 (Irix);
Hkey_local_machine\:defaultttl REG_DWORD 0-0xff (0-255 decimal, the default value of 128) into a baffling number, such as 258, at least let those little rookie halo half, you do not have to give up the invasion OH
System\currentcontrolset\services\tcpip\parameters, DefaultTTL, 200

18 Modify the registry, delete the system default share (C $, d$ ...)
System\currentcontrolset\services\lanmanserver\parameters, AutoShareServer, 0

19 Modify the registry to prevent admin$ default sharing
System\currentcontrolset\services\lanmanserver\parameters, AutoShareWks, 0

20 Modify the registry, prohibit the login to display the last login username
Software\microsoft\windowsnt\currentversion\winlogon, Don ' t Display last User Name, 1