Network access: Do not allow anonymous enumeration of SAM accounts and shares to enable
Network access: Enable for network authentication store credentials is not allowed
3. Disable unnecessary service start-run-services.msc (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
Tcp/ipnetbios Helper provides support for NetBIOS and NetBIOS name resolution on clients on the TCP/IP service so that users can share
file, print, and log on to the network
Server supports this computer to share file, print, and named pipes across the network
Computer Browser maintains the latest list of computers on the network and provides this list
Task Scheduler allows a program to run at a specified time
NET SEND and Alarm service messages between the Messenger transport client and the server
Distributed file System: LAN management shared files, no need to disable
Distributed linktracking client: For LAN update connection information, no need to disable
Error Reporting Service: Prohibit sending errors report
Microsoft serch: Provides fast word search without the need to disable
Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable
Printspooler: If there are no printers to disable
Remote Registry: Disable the registry from being modified remotely
Remote Desktop help session Manager: No distance assistance
Remote NET command does not list user group if Workstation is closed
These are disabled in services that are started by default on the Windows Server 2003 system, and the default disabled service does not start if it is not specifically needed.
4. Modify the Registration Form (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
Modify the registry to make your system stronger
4.1, hidden important files/directories can modify the registry to achieve complete hiding (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Current-versionexploreradvancedfolderhi-ddenshowall ", right mouse click" CheckedValue ", select Modify, change the value from 1 to 0
4.2. Prevent SYN Flood attack (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters
New DWORD value, named SynAttackProtect, with a value of 2
New EnablePMTUDiscovery REG_DWORD 0
New NoNameReleaseOnDemand REG_DWORD 1
New EnableDeadGWDetect REG_DWORD 0
New KeepAliveTime REG_DWORD 300,000
New PerformRouterDiscovery REG_DWORD 0
New Enableicmpredirects REG_DWORD 0
4.3. Prohibit response to ICMP routing notification packets (as set out below, we have written a cmd script, copy Run as required can be replaced by the following manual settings,)
Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters
Interfacesinterface
Creates a new DWORD value with the name PerformRouterDiscovery value of 0
4.4. Prevent ICMP redirect packets from attacking
Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters
Set the Enableicmpredirects value to 0
4.5. Do not support IGMP protocol (as set out below, we have written a cmd script, copy Run as required can replace the following manual settings,)
Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters
Creates a new DWORD value with the name IGMPLevel value of 0
4.6, prohibit the IPC null connection (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
Cracker can use the net using command to establish an empty connection, and then intrusion, and net View,nbtstat these are based on the null connection, the prohibition of NULL connection is good.
Local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous change this value to "1".
4.7. Change TTL value
Cracker can approximate your operating system based on a ping-back TTL value, such as:
ttl=107 (WINNT);
TTL=108 (Win2000);
ttl=127 or 128 (Win9x);
ttl=240 or 241 (Linux);
ttl=252 (Solaris);
ttl=240 (Irix);
In fact, you can change it yourself: hkey_local_machinesystemcurrentcontrolsetservices
Tcpip Parameters:defaultttl REG_DWORD 0-0xff (0-255 decimal, default value 128) into a baffling number, such as 258, at least let those little rookie halo half, this is not necessary to give up the invasion you OH
4.8. Delete the default share (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
I've been asked to share all the disks when I turn it on, and after that, the reboot has become a shared thing, and this is the default shared by 2K for management, hkey_local_machinesystemcurrentcontrolsetservices
The Lanmanserverparameters:autoshareserver type is REG_DWORD, change the value to 0.
4.9. Prohibit the establishment of a null connection (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
By default, any user who connects to the server through an empty connection, then enumerates the account number and guesses the password. We can disable the establishment of a null connection by modifying the registry:
The local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous value is changed to "1".
4.10. Create a notepad and fill in the following code. Save as *.bat and add to startup Project
NET share C $/del
NET share d$/del
NET share e$/del
NET share f$/del
NET share ipc$/del
NET share admin$/del
5. IIS Site Settings:
5.1, the IIS directory and data and system disk separate, saved in the dedicated disk space.
5.2. Enable Parent Path
5.3. Delete any unmapped mappings that are not required in IIS Manager (keep the necessary mappings such as ASP, aspx HTML htm, etc.)
5.4. HTTP404 Object not found error page is redirected to a custom HTM file via URL in IIS
5.5, Web site permissions settings (recommended)
Read permission
Write not allowed
Script source access is not allowed
Directory browsing recommended shutdown
Log access recommended shutdown
Index Resource recommended shutdown
Perform the recommended selection of "Pure script"
5.6, the proposed use of the WWW expansion log file format, Daily Record of customer IP address, user name, server port, method, Uri Word root, HTTP status, user agent, and every day to review the log. (It is best not to use the default directory, it is recommended to replace a log path, and to set access to the log, allowing only administrators and system for full Control).
5.7. Program Security:
1 involves the user name and password of the program is best encapsulated in the server side, as little as possible in the ASP file, involving the database connection with the user name and password should be given the minimum authority;
2 need to verify the ASP page, you can track the file name of the previous page, only from the previous page to enter the session to read this page.
3 Prevent ASP homepage. inc File leakage problem;
4) to prevent the UE and other editors to generate Some.asp.bak file leakage problem.
6, IIS permissions to set the idea
• Create a system user for each individual person to protect, such as a Web site or a virtual directory, so that the site has the unique ability to set permissions on the system.
• Fill out the user name you just created in the IIS site properties or virtual directory properties → directory security → Anonymous access and validation control → edit → anonymous access → edit.
• Set all partitions to prohibit this user access, and just the site's home directory corresponding to the folder settings to allow this user access (to remove inherited parent rights, and to add the hyper-control group and the System group).
7, uninstall the most unsafe components (note: According to the actual requirements delete, delete after the FSO)
(The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)
The easiest way to do this is to remove the appropriate program files after you uninstall them directly. Save the following code as one. BAT file, (WIN2000 for example, if 2003 is used, the system folder should be C:windows)
Regsvr32/u C:windowssystem32wshom.ocx
Del C:windowssystem32wshom.ocx
Regsvr32/u C:windowssystem32shell32.dll
Del C:winntwindowsshell32.dll
Then run it, Wscript.Shell, Shell.Application, and Wscript.Network will be unloaded. You may be prompted not to delete the file, do not worry about it, restart the server, you will find that all three prompts "x security".
In order to facilitate everyone, and subtraction error, most of the steps can be replaced by the following script, I have changed to the script cmd, a new TXT, the following code, copied to the inside, the extension to. cmd Double-click Run, after running, follow the prompts to backup.
The code is as follows |
Copy Code |
@echo off ECHO. ECHO. ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHo. ECHo, you are now using the World Network office to organize a "build security" script ECHo. ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHO. ECHO. ECHO. ------------------------------------------------------------------------- ECHo please follow the prompts to back up the registry, otherwise you can not restore after modification, I am not responsible. ECHO. ECHO Yes=next Set No=exit (this time Second default for N) ECHO. ------------------------------------------------------------------------- choice/t 30/c yn/d N if errorlevel 2 goto end if errorlevel 1 goto next : Next If EXIST backup (echo.) Else MD Backup If EXIST temp (rmdir/s/q TEMP|MD temp) Else MD Temp If EXIST backupbackupkey.reg (move Backupbackupkey.reg backupbackupkey_old.reg) Else Goto run : Run regedit/e tempbackup-reg1.key1 "Hkey_local_machinesystemcurrentcontrolset" regedit/e Tempbackup-reg2.key2 "HKEY_CLASSES_ROOT" copy/b/y/v Tempbackup-reg1.key1+tempbackup-reg2.key2 Backupbackupkey.reg If exist Backupwshom.ocx (echo backup already exists) Else copy/v/y%systemroot%system32wshom.ocx Backupwshom.ocx If exist Backupshell32.dll (echo backup already exists) Else copy/v/y%systemroot%system32shell32.dll Backupshell32.dll ECHO Backup is complete ECHO. Goto NEXT2 : Next2 ECHO. ECHO. ------------------------------------------------------------------- ECHo modifies permissions system32 a few of the unsafe EXE files in the directory, Instead, only administrators has permission to run the Echo Yes=next set no=this set Ignore (this time Second default for y) ECHO.--------- ---------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT3 if errorlevel 1 goto next21 : next21 Xcacls.exe%systemroot%system32net.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32net1.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32cmd.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32tftp.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32netstat.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32regedit.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32at.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32attrib.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32cacls.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32fortmat.com/t/g administrators:f/y/c Xcacls.exe%systemroot%system32secedit.exe/t/g administrators:f/y/c echo "Virtual host C disk permission set" echo "Remove everyone's permissions on C disk" cd/ cacls "%systemdrive%"/R "Everyone"/e cacls "%SystemRoot%"/R "Everyone"/e cacls "%systemroot%/registration"/R "Everyone"/e cacls "%systemdrive%/documents and Settings"/R "Everyone"/e echo "Remove access rights for all users in C disk" cacls "%systemdrive%"/R "users"/e cacls "%systemdrive%/program Files"/r "users"/e cacls "%systemdrive%/documents and Settings"/r "users"/e cacls "%SystemRoot%"/R "users"/e cacls "%systemroot%/addins"/R "users"/e cacls "%syst" Emroot%/apppatch "/r" users/e cacls "%systemroot%/connection Wizard"/r "users"/e cacls "%systemroot%/debug"/R "Users"/e cacls "%systemroot%/driver Cache"/r "users"/e cacls "%systemroot%/help"/R "users"/e cacls "%sy" Stemroot%/iis Temporary Compressed Files "/r" users/e cacls "%systemroot%/java"/R "users"/e cacls "%systemroot" %/msagent "/r" users/e cacls "%systemroot%/mui"/R "users"/e cacls "%systemroot%/repair"/R "users"/e CAcl S "%systemroot%/resources"/R "users"/e cacls "%systemroot%/security"/R "users"/e cacls "%systemroot%/system"/ R "Users"/e cacls "%systemroot%/tapi"/R "users"/e cacls "%systemroot%/temp"/R "users"/e cacls "%systemroo" T%/twain_32 "/R" users "/e cacls"%systemroot%/web "/R" users "/e cacls%systemroot%/system32/3com_dmi "/r" users "/e cacls"%systemroot%/system32/ Administration "/R" users "/e cacls"%systemroot%/system32/cache "/R" users "/e cacls"%systemroot%/system32/ CatRoot2 "/R" users "/e cacls"%systemroot%/system32/com "/R" users "/e cacls"%systemroot%/system32/config "/R" u sers/e cacls "%systemroot%/system32/dhcp"/R "users"/e cacls "%systemroot%/system32/drivers"/R "users"/e cacls "%systemroot%/system32/export"/R "users"/e cacls "%systemroot%/system32/icsxml"/R "users"/e cacls "%sys Temroot%/system32/lls "/R" users "/e cacls"%systemroot%/system32/logfiles "/R" users "/e cacls"%systemroot%/ System32/microsoftpassport "/R" users "/e cacls"%systemroot%/system32/mui "/R" users "/e cacls"%systemroot%/ System32/oobe "/R" users "/e cacls"%systemroot%/system32/shellext "/R" users "/e cacls"%systemroot%/system32/ WBEM "/R" users "/e echo "Add IIS_WPG access rights" cacls "%SystemRoot%"/g iis_wpg:r/e cacls "%systemdrive%/program files/common Files"/g iis_wpg:r/e cacls "%systemroot%/downloaded program Files"/g iis_wpg:c/e cacls "%systemroot%/help"/g iis_wpg:c/e cacls "%systemroot%/iis Temporary compressed Files"/g iis_wpg:c/e cacls "%systemroot%/offline Web Pages"/g iis_wpg:c/e cacls "%systemroot%/system32"/g iis_wpg:c/e cacls "%systemroot%/winsxs"/g iis_wpg:c/e cacls "%systemroot%/winsxs"/R "users"/e cacls "%systemroot%/tasks"/g iis_wpg:c/e cacls "%systemroot%/temp"/g iis_wpg:c/e cacls "%systemroot%/web"/g iis_wpg:c/e echo "Add IIS_WPG access rights [. NET private]" cacls "%systemroot%/assembly"/g iis_wpg:c/e cacls "%systemroot%/microsoft.net"/g iis_wpg:c/e echo "Add IIS_WPG access rights [MacFee software exclusive]" cacls "%systemdrive%/program files/network Associates"/g iis_wpg:r/e echo "Add access rights for users" cacls "%systemroot%/temp"/g users:c/e Goto NEXT3 : NEXT3 ECHO. ECHO. ECHO. ------------------------------------------------------------------------ ECHo prohibits unnecessary services, press CTRL + C if you want to exit ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ------------------------------------------------------------------------ choice/t 30/c yn/d y if errorlevel 2 goto NEXT4 if errorlevel 1 goto next31 : next31 echo Windows Registry Editor Version 5.00 >tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslanmanworkstation] >>tempservices.reg echo "Start" =d<a href= "http://www.it165.net/edu/ebg/" target= "_blank" class= "Keylink" >word</a>:0 0000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesalerter] >>tempservices.reg echo "Start" =d<a href= "http://www.it165.net/edu/ebg/" target= "_blank" class= "Keylink" >word</a>:0 0000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesbrowser] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesdfs] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesscheduler] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslmhosts] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicestlntsvr] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [hkey_local_machinesystemcurrentcontrolsetservicesremoteaccess] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesntmssvc] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesremoteregistry] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicestrkwks] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesersvc] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesmessenger] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetlogon] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetlogon] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetdde] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESNETDDEDSDM] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg REGEDIT/S Tempservices.reg ECHO. Goto NEXT4 : NEXT4 ECHO. ECHO. ------------------------------------------------------------------------- ECHo prevents human intrusion and attack. If you want to quit, press CTRL + C ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ------------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT5 if errorlevel 1 goto next41 : next41 echo Windows Registry Editor Version 5.00 >tempskyddos.reg
echo [Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters] >>tempskyddos.reg
echo "EnableDeadGWDetect" =dword:00000000 >>tempskyddos.reg
echo "Enableicmpredirects" =dword:00000000 >>tempskyddos.reg
echo "PerformRouterDiscovery" =dword:00000000 >>tempskyddos.reg
echo "NoNameReleaseOnDemand" =dword:00000001 >>tempskyddos.reg
echo "KeepAliveTime" =dword:000493e0 >>tempskyddos.reg
echo "EnablePMTUDiscovery" =dword:00000000 >>tempskyddos.reg
echo "SynAttackProtect" =dword:00000002 >>tempskyddos.reg
echo "TcpMaxHalfOpen" =dword:00000064 >>tempskyddos.reg
echo "TcpMaxHalfOpenRetried" =dword:00000050 >>tempskyddos.reg
echo "TcpMaxConnectResponseRetransmissions" =dword:00000001 >>tempskyddos.reg
echo "TcpMaxDataRetransmissions" =dword:00000003 >>tempskyddos.reg
echo "TCPMaxPortsExhausted" =dword:00000005 >>tempskyddos.reg
echo "DisableIPSourceRouting" =dword:0000002 >>tempskyddos.reg
echo "TcpTimedWaitDelay" =dword:0000001e >>tempskyddos.reg
echo "EnableSecurityFilters" =dword:00000001 >>tempskyddos.reg
echo "TcpNumConnections" =dword:000007d0 >>tempskyddos.reg
echo "Tcpmaxsendfree" =dword:000007d0 >>tempskyddos.reg
echo "IGMPLevel" =dword:00000000 >>tempskyddos.reg
echo "DefaultTTL" =dword:00000016 >>tempskyddos.reg echo Delete ipc$ (Internet Process Connection) is a resource that shares a named pipe echo [Hkey_local_machinesystemcurrentcontrolsetcontrollsa] >>tempskyddos.reg echo "RestrictAnonymous" =dword:00000001 >>tempskyddos.reg Echo [Hkey_local_ Machinesystemcurrentcontrolsetservicestcpipparametersinterfacesinterfaces] >>tempskyddos.reg Echo PerformRouterDiscovery "=dword:00000000 >>tempskyddos.reg Echo [Hkey_local_ Machinesystemcurrentcontrolsetservicesnetbtparameters] >>tempskyddos.reg echo "BacklogIncrement" =dword : 00000003 >>tempskyddos.reg Echo "Maxconnbacklog" =dword:000003e8 >>tempskyddos.reg Echo [HKEY_ Local_machinesystemcurrentcontrolsetservicesafdparameters] >>tempskyddos.reg Echo EnableDynamicBacklog "=dword:00000001 >>tempskyddos.reg Echo" MinimumDynamicBacklog "=dword:00000014 >>tempskyddos.reg echo "MaximumDynamicBacklog" =dword:00002e20 >>tempskyddos.reg Echo "DynamicBacklogGrowthDelta" =dword : 0000000a >>tempskyddos.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters] >>tempskyddos.reg echo "AutoShareServer" =dword:00000000 >>tempskyddos.reg REGEDIT/S Tempskyddos.reg ECHO. ECHO. Goto NEXT5 : NEXT5 ECHO. ECHO. ------------------------------------------------------------------------ ECHo prevents ASP Trojans from running dismount Wscript.Shell, Shell.Application, wscript.network ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ----------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT6 if errorlevel 1 goto next51 : Next51 echo Windows Registry Editor Version 5.00 >tempdel.reg echo [-hkey_classes_rootshell.application] >>tempdel.reg echo [-hkey_classes_rootshell.application.1] >>tempdel.reg echo [-hkey_classes_rootclsid{13709620-c279-11ce-a49e-444553540000}] >>tempdel.reg echo [-hkey_classes_rootadodb.commandclsid] >>tempdel.reg echo [-HKEY_CLASSES_ROOTCLSID{00000566-0000-0010-8000-00AA006D2EA4}] >>tempdel.reg REGEDIT/S Tempdel.reg Regsvr32/u%systemroot%system32wshom.ocx del/f/q%systemroot%system32wshom.ocx Regsvr32/u%systemroot%system32shell32.dll del/f/q%systemroot%system32shell32.dll RMDIR/Q/S Temp ECHO. Goto NEXT6 : Next6 ECHO. ECHO. ECHO. --------------------------------------------------------------------- The ECHo setting has completed a reboot before it can take effect. ECHO yes=reboot Server No=exit (this Second default for y) ECHO. ---------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto end if errorlevel 1 goto reboot : Reboot SHUTDOWN/R/T 0 : End If EXIST temp (rmdir/s/q temp|exit) Else exit
|