Windows 2003 Server Security Hardening

Source: Internet
Author: User

Server relative to the other, security settings more difficult, then the server of the cow B, the hacker who encountered the cow B, there is no black not to go. Of course, for small sites, the general reinforcement on the line.

Because of the wide variety of security factors and different server settings, this section can simply introduce several aspects of security hardening.

1. Update system Patches

Updating patches is the most important step in security hardening.

2. Disable services that you do not need

The following services must be disabled: Server, Workstation, Telnet, Print Spooler, remote Registry, Routing and remote Access, TCP/IP NetBIOS Helper, Computer Browser

3. Remove Extra permissions

Because there are so many places to set up the system permissions, we can only publish the common ones.

• All packing directories retain only Administrators and system permissions.

· C:\Documents and Settings retain only Administrators and system permissions

· C:\WINDOWS, C:\WINDOWS\system32 only retain administrators and system, as well as user Read and Execute

· C:\WINDOWS\Temp only retains administrators and system, as well as read and write deletions from users and network service

· C:\WINDOWS\IIS Temporary compressed Files retain only Administrators and system, as well as read and write deletions from users and network service

· C:\WINDOWS\SYSTEM32\MSDTC only retains administrators and system, as well as read and write deletions from users and network service

· Some EXE software under C:\WINDOWS\ only retains administrators and system, such as Regedit.exe, Cmd.exe, Net.exe, Ne1.exe, Netstat.exe, At.exe, Attrib.exe, Cacls.exe, format.com

4. Unloading Dangerous components

regsvr32/u%systemroot%\system32\shell32.dll

Regsvr32/u%systemroot%\system32\wshom.ocx

5. Firewall settings

It is recommended to open only the ports you need, such as: 80, 3389

6. Software drop right setting

Common serv-u, SQL Server, MySQL, Apache, Tomcat and so on have security risks.

7. Installation of Safety Assistant software

There is no absolute security, only as far as possible to improve security, manual + software collocation, in order to maximize security.

Warm reminder: If you go to set the relevant parameters before, be sure to back up the site-related data, or configuration errors, resulting in related issues, the server business will not give you the responsibility, of course, if you do not understand, you can let the technology directly configuration, really do not understand, do not enter the server configuration, the consequences of serious. There is also an easy way to install the appropriate server software.

Source: Harajuku Wind HTTP://USER.QZONE.QQ.COM/3272818845/2

Windows 2003 Server Security Hardening

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.