Windows 2000 virtual host most secure settings

1. How do I make an ASP script run with System privileges?

Modify the virtual directory of your ASP script to change "Application protection" to "low" ....

2. How to prevent ASP Trojan?

ASP Trojan Horse based on FileSystemObject component
cacls%systemroot%\system32\scrrun.dll/e/D guests//prohibit guests use
regsvr32 scrrun.dll/u///delete

Note: So the FSO of the server can not be used;

Enter the following command on the cmd command line state:

Close command: regsvr32/u C:\WINNT\SYSTEM32\scrrun.dll
Open command: RegSvr32 C:\WINNT\SYSTEM32\scrrun.dll

ASP Trojan Horse based on shell.application component

cacls%systemroot%\system32\shell32.dll/e/D guests//prohibit guests use
regsvr32 shell32.dll/u///delete

Attached: parameter usage of Cacls.exe
/t--changes the acl;/e--edit ACL for the specified file in the current directory and all subdirectories,/c--continues when an Access Denied error occurs,/g user:perm--gives the specified user access. Perm can be R (read), W (write), C (change, write), F (Full Control),/R user--revoke the access rights of the specified user (used only with/e),/p user:perm--to replace the specified user's access rights;/d user--deny access to the specified user

3. How to encrypt ASP files?

Free download from Microsoft to Sce10chs.exe directly run to complete the installation process.
After installation, the Screnc.exe file is generated, which is a command tool running in DOS PROMAPT.
Run screnc-l VBScript source.asp destination.asp
Generate a new file containing ciphertext ASP scripts destination.asp
With Notepad open to see the general "", whether or not the annotation, have become unreadable ciphertext
But cannot encrypt Chinese.
4. How to extract URLScan from IISLockdown?
iislockd.exe/q/c/t:c:\urlscan
5. How to prevent the Content-location header from exposing the Web server's internal IP address?
Perform
cscript C:\Inetpub\AdminScripts\adsutil.vbs set W3svc/usehostname True
The last thing you need is to restart IIS
6. How to solve HTTP500 internal error?
IIS http500 Internal error Most of the reason
Mainly because of the IWAM account password is not synchronized caused.
We can solve the problem simply by synchronizing the Iwam_myserver account password in the COM + application.
Perform
cscript c:\inetpub\adminscripts\synciwam.vbs-v

7. How do I enhance the ability of IIS to Defense SYN flood?

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Initiate SYN attack protection. The default entry value is 0, which means that no attack protection is turned on, and the entry value of 1 and 2 indicates that SYN attack protection is initiated, the security level is higher after 2, and what situation is considered an attack, You need to trigger the boot according to the conditions set by the TcpMaxHalfOpen and tcpmaxhalfopenretried values below. It should be noted here that the NT4.0 must be set to 1, set to 2 after a special packet will cause the system to reboot.
"SynAttackProtect" =dword:00000002
The number of half connections allowed to open at the same time. The so-called semi-connection, which means that the TCP session is not fully established, can be seen in the SYN_RCVD state with the netstat command. This uses the Microsoft recommended value, the server is set to 100, and the Advanced Server is set to 500. Suggestions can be set slightly smaller.
"TcpMaxHalfOpen" =dword:00000064
Determine if there is a trigger point for the attack. Here we use the Microsoft recommended value, the server is 80, and the Advanced Server is 400.
"TcpMaxHalfOpenRetried" =dword:00000050
Set the wait syn-ack time. The default entry value is 3, which consumes 45 seconds of the default process. The item value is 2 and consumes 21 seconds.
The item value is 1 and consumes 9 seconds. The minimum can be set to 0, which means no wait, and consumes a time of 3 seconds. This value can be modified according to the size of the attack.
Microsoft Site security recommended for 2.
"TcpMaxConnectResponseRetransmissions" =dword:00000001
Sets the number of TCP heavy flyer data segments. The default entry value is 5, which consumes 240 seconds of the default process. Microsoft Site security recommended for 3.
"TcpMaxDataRetransmissions" =dword:00000003
Set the critical point for SYN attack protection. When the available backlog changes to 0 o'clock, this parameter is used to control the opening of SYN attack protection, and the Microsoft Site security recommendation is 5.
"TCPMaxPortsExhausted" =dword:00000005
Prohibit IP source routing. The default entry value is 1, which indicates that the routing packet is not routed, the entry value is set to 0, all forwarding is set to 2, which means that all accepted source routing packets are discarded and Microsoft Site security recommendation is 2.
"DisableIPSourceRouting" =dword:0000002
Limit the maximum time that is in the TIME_WAIT state. The default is 240 seconds, the minimum is 30 seconds, and the maximum is 300 seconds. The recommended setting is 30 seconds.
"TcpTimedWaitDelay" =dword:0000001e

10. How do I hide the IIS version?

A hacker can easily telnet to your web port and send a GET command for a lot of information
The corresponding DLL files that IIS holds for IIS banner are as follows:
Web:c:\winnt\system32\inetsrv\w3svc. Dll
FTP:C:\WINNT\SYSTEM32\INETSRV\FTPSVC2. Dll
Smtp:c:\winnt\system32\inetsrv\smtpsvc. Dll
You can use the 16 editor to modify the keywords of those DLL files, such as the microsoft-iis/5.0 of IIS
The specific process is as follows:
1. Stop IIS Iisreset/stop
2. Delete a file with the same name under the%systemroot%\system32\dllcache directory
3. Revise