Windows 2003 Server Security Configuration complete article (1)

First, close unwanted ports

I'm more careful, I turn off the port first. It only opened 3389, 21, 80, 1433, some people have been saying what the default of 3389 unsafe, I do not deny, but the use of the way can only one of the poor lift blasting, you have changed the password set to 66, I guess he will break for several years, haha! Method: Local Connection--attribute--internet protocol (TCP/IP)--Advanced--Option--TCP/IP Filter--attribute--Put the tick on it and add the port you need. PS: Set the port needs to reboot!

Of course, you can also change the remote connection port method:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ system\ current ControlSet \ control \ Terminal Server\winstations\rdp-tcp]

"PortNumber" =dword:00002683

Save As. REG file Double click! Change to 9859, of course, you can also change the other port, directly open the address of the above registry, the value of the decimal input you want to the port can! Reboot in effect!

There is also a point, in the 2003 system, TCP/IP filtering in the port filtering function, the use of FTP server, only open 21 ports, in the FTP transmission, FTP-specific port mode and passive mode, in the data transmission, the need to dynamically open high-end port, Therefore, in the case of TCP/IP filtering, there is often a problem where the directory and data transfer cannot be listed after the connection. So the addition of Windows Connection Firewall on 2003 system can solve this problem very well, it is not recommended to use the TCP/IP filtering function of the NIC.

Do FTP download users look carefully, if you want to close unnecessary ports, in the \system32\drivers\etc\services have a list, Notepad can be opened. If lazy, the easiest way is to enable WIN2003 's own network firewall, and port changes. function can also!

Internet connection firewalls can effectively intercept illegal intrusion on Windows 2003 servers, prevent illegal remote hosts from scanning the servers, and improve the security of Windows 2003 servers. At the same time, can also effectively intercept the use of operating system vulnerabilities for port attacks, such as the Blaster worm virus. Enabling this firewall feature on a virtual router constructed with Windows 2003 can provide a good protection for the entire internal network.