Win2008 R2 WEB Server Security Settings Guide for disabling unnecessary services and shutting down ports _win servers

Security is the most important, the least service in exchange for the greatest security. This maximizes security by enabling only those services that need to be used, shutting down services that are temporarily unavailable, or services that are not being used.

As a Web server, not all default services are required, so it can be disabled like print and shared services. Of course, your system patches also need to be updated to the latest, and some port vulnerabilities have been fixed as patches have been updated. Some articles on the web are duplicated and are based on win2003 systems, and win2008 is much more secure than win2003 itself.

So why do we have to talk about closing ports, because we have to nip in the bud, in case the server gets hacked.

Disabling unnecessary services

Control Panel---management tools--service: The following services are all stopped and disabled.

TCP/IP NetBIOS Helper

Servers this server needs to be careful. Sky Wing Cloud host need to use this service, so in the sky-wing cloud host can not be disabled.

Distributed Link Tracking Client

Microsoft Search if available, disable

Print Spooler

Remote Registry

Because we are using a cloud host, and the same as stand-alone, so some services can not be generalized, such as the above server services. For example, the host of the Sky Wing Cloud, Shanghai 1 and Nemmontsch host is not the same, Nemmontsch host need to rely on server services, and Shanghai 1 do not need to rely on this service, so Shanghai 1 can be disabled, Nemmontsch cannot be disabled.

So be careful when disabling a service.

Delete file printing and sharing

Local Area Connection Right-click Properties, delete Tcp/ipv6, Microsoft network client, file, and print sharing.

Open the firewall, inbound rules, the network discovery and file and printer Sharing rules are all disabled.

Close port

Close Port 139

Local Area Connection Right-click Properties, select Tcp/ipv4 Protocol, properties, under the General tab, select Advanced, select the WINS tab, and select Disable NetBIOS on TCP/IP so that port 139 is turned off.

To close a port using IP Security Policy

1. Click Control Panel-Administrative Tools, double-click Open Local policy, select IP Security Policy, right-click on the right side of the local computer, pop-up shortcut menu, select "Create IP Security Policy", and eject the wizard. When you click Next in the wizard, when the Secure Communication request screen is displayed, leave blank by default on the left side of the Activate default rule, and click Finish to create a new IP Security policy.

2. Right-click the new IP Security policy that you just created, in the Properties dialog box, remove the hook to the left of the "Use Add Wizard" and click on the "Add" button on the right to add a new rule, then pop the "New Rule Properties" dialog box and click on the "Add" button on the screen to eject the IP Filter List window. In the list, first remove the hook to the left of the Use Add Wizard, and then click the Add button on the right to add a new filter.

3. Enter the Filter Properties dialog box, first see the search address, the source address selected "Any IP address", Target address Select "My IP Address", click on the "Protocol" tab, choose "TCP" in the "Select protocol type" Drop-down list, and then enter "135" in the text box under "to this port". Click OK. This adds a filter that masks the TCP135 port to prevent the outside world from connecting to your computer via port 135.
You can see that a policy has been added to the dialog box that returns to the filter list after the point is determined. Repeat the steps above to continue adding the TCP137 139 445 593 1025 2745 3127 3128 3389 6129 ports and UDP 135 139-445 ports to establish the appropriate filters for them. Set up the filter for the port above, and click OK button at the end.

4. In the New Rule Properties dialog box, select the new IP filter list and click the checkbox to the left of it to indicate that it has been activated. Finally click on the Filter Action tab, remove the hook to the left of the Use Add Wizard, click the Add button, and in the Security Methods tab of the new Filter action properties, select Block, and then click Apply OK.

5. Enter the new Rule Properties dialog box, select the checkbox to the left of the new filter action, indicate that it has been activated, click the "Close" button, and close the dialog box. Finally, in the new IP Security Policy Properties dialog box, click to the left of the new IP filter list and press OK to close the dialog box. In the Local Security Policy window, right-click the newly added IP Security policy and select Assign.

Cloud-dwelling Community Small note: More detailed IP Security policy settings methods can refer to this article: http://www.jb51.net/article/86271.htm

Original works, allow reprint, reprint, please be sure to hyperlink form to indicate the original source of the article, author information and this statement. Otherwise, legal liability will be held.