First, close unwanted ports
I'm more careful, I turn off the port first. Only opened 3389 21 80 1433 Some people have been saying what the default 3389 unsafe, on this I do not deny, but the use of the way can only one of the poor lift blasting, you have changed the password set to 66, I guess he will break for several years, haha! Approach: Local Area Connection--Attribute--internet protocol (TCP/IP)--Advanced--Option--TCP/IP Filter--attributes--Put the tick and add the port you need. PS: Set the port needs to reboot!
Of course, you can also change the remote connection port method:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\winstations\rdp-tcp]
"PortNumber" =dword:00002683
Save As. REG file Double click! Change to 9859, of course, we can change the other port, directly open the address of the above registry, the value of the decimal to enter the input you want to the port can! Reboot effective!
There is also a point, in the 2003 system, TCP/IP filtering in the port filtering function, the use of FTP server, only open 21 ports, in the FTP transmission, FTP-specific port mode and passive mode, in the data transmission, the need to dynamically open high-end port, Therefore, in the case of TCP/IP filtering, there is often a problem where the directory and data transfer cannot be listed after the connection. So the addition of Windows Connection Firewall on 2003 system can solve this problem very well, so it is not recommended to use the TCP/IP filtering function of the NIC. Do FTP download users look carefully, the table blame I said I write articles is rubbish ... If you want to turn off unnecessary ports, you can have a list in \\system32\\drivers\\etc\\services and Notepad will open. If lazy, the easiest way is to enable WIN2003 's own network firewall, and port changes. function can also! Internet connection firewalls can effectively intercept illegal intrusion on Windows 2003 servers, prevent illegal remote hosts from scanning the servers, and improve the security of Windows 2003 servers. At the same time, can also effectively intercept the use of operating system vulnerabilities for port attacks, such as the Blaster worm virus. Enabling this firewall feature on a virtual router constructed with Windows 2003 can provide a good protection for the entire internal network.
A description of the port can be accessed by: http://bbs.86dm.net/viewthread.php?tid=7&extra=page%3D1
Second, close the unwanted services to open the appropriate audit policy
I have closed the following services
Computer Browser maintains the latest list of computers on the network and provides this list
Task Scheduler allows a program to run at a specified time
NET SEND and Alarm service messages between the Messenger transport client and the server
Distributed file System: LAN management shared files, no need to disable
Distributed linktracking client: For LAN update connection information, no need to disable
Error Reporting Service: Prohibit sending errors report
Microsoft serch: Provides fast word search without the need to disable
Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable
Printspooler: If there are no printers to disable
Remote Registry: Disable the registry from being modified remotely
Remote Desktop help session Manager: No distance assistance
Remote NET command does not list user group if Workstation is closed
Prohibit unnecessary services, although these may not be used by attackers, but in accordance with security rules and standards, superfluous things do not need to open, reduce a hidden danger.
In "Network Connections", delete all the unwanted protocols and services, install only basic Internet Protocol (TCP/IP), and install the QoS Packet Scheduler in addition to the bandwidth flow service. In Advanced TCP/IP Settings--"NetBIOS" setting disables NetBIOS (S) on TCP/IP. In the advanced option, use Internet Connection Firewall, which is a firewall with Windows 2003, not in the 2000 system, although not functional, but can screen ports, so that has basically reached an IPSec function.
Enter Gpedit.msc carriage return in the run, open Group Policy Editor, select Computer Configuration-windows Settings-security Settings-Audit policy when creating an audit project, it should be noted that if there are too many items to be audited, the more events are generated, the more difficult it is to find a serious event. Of course, if the audit is too small, it will also affect your discovery of serious Events, you need to make a choice between the two depending on the situation.
The recommended items to audit are:
Logon event failed successfully
Account Logon event failed successfully
System Event failed successfully
Policy Change failed successfully
Object access failed
Directory Service access failed
Privilege usage failed
Current 1/3 page
123 Next read the full text
