WINDOWS 2003 Security Settings (camouflage article) _win server

First change the TTL value
ttl=107 (WINNT);
TTL=108 (Win2000);
ttl=127 or 128 (Win9x);
ttl=240 or 241 (Linux);
ttl=252 (Solaris);
ttl=240 (Irix);
You can actually change it yourself: Hkey_local_machine\system\currentcontrolset\services\tcpip\parameters:defaultttl REG_DWORD 0-0xff ( 0-255 Decimal, default value 128) changed to a baffling number like 258
Delete Default Share
Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters:autoshareserver type is Reg_ To change the value of the DWORD to 0

prohibit the establishment of an empty connection
The local_machine\system\currentcontrolset\control\lsa-restrictanonymous value is changed to "1"
Create a notepad and fill in the following code. Save as *.bat and add to startup Project
NET share C $/del
NET share d$/del
NET share e$/del
NET share f$/del
NET share ipc$/del
NET share admin$/del
IIS Site Settings:
1, the IIS directory and data and system disk separate, saved in the dedicated disk space.
2. Enable Parent Path
3. Delete any unmapped mappings that are not required in IIS Manager (keep the necessary mappings such as ASP)
4. HTTP404 Object not found error page is redirected to a custom HTM file via URL in IIS
5, Web site permissions settings (recommended)
Read permission
Write not allowed
Script source access is not allowed
Directory browsing recommended shutdown
Log access recommended shutdown
Index Resource recommended shutdown
Perform recommended selection "script only"
6, the proposed use of the expanded log file format, Daily Record customer IP address, username, server port, method, Uri Word root, HTTP status, user agent, and review log every day. (It is best not to use the default directory, it is recommended to replace a log path, and to set access to the log, allowing only administrators and system for full Control).
7. Program Security:
1 involves the user name and password of the program is best encapsulated in the server side, as little as possible in the ASP file, involving the database connection with the user name and password should be given the minimum authority;
2 need to verify the ASP page, you can track the file name of the previous page, only from the previous page to enter the session to read this page. 3 Prevent ASP homepage. inc File leakage problem;
4) to prevent the UE and other editors to generate Some.asp.bak file leakage problem.
6, IIS permissions to set the idea
? To create a system user for each independent individual to protect, such as a Web site or a virtual directory, so that the site has the unique ability to set permissions on the system.
Fill in the user name you just created in the IIS site properties or virtual directory properties → directory security → Anonymous access and authentication control → edit → anonymous access → edit.
? Set all partitions to prohibit this user from accessing, and the folder settings that correspond to the home directory of the site just now allow this user access (to remove inherited parent permissions and to add the hyper-tube and system groups).
7, uninstall the most unsafe components
The easiest way to do this is to remove the appropriate program files after you uninstall them directly. Save the following code as one. BAT file, (WIN2000 for example, if 2003 is used, the system folder should be C:\WINDOWS\)
Regsvr32/u C:\WINDOWS\System32\wshom.ocx
Del C:\WINDOWS\System32\wshom.ocx
Regsvr32/u C:\WINDOWS\system32\shell32.dll
Del C:\WINNT\WINDOWS\shell32.dll
Then run it, Wscript.Shell, Shell.Application, and Wscript.Network will be unloaded. You may be prompted not to delete the file, do not worry about it, restart the server, you will find that all three prompts "x security".