Windows 2003 Server Security Configuration complete article (2)

Second, close the unwanted services to open the appropriate audit policy

I have closed the following services

Computer Browser maintains the latest list of computers on the network and provides this list

Task Scheduler allows a program to run at a specified time

NET SEND and Alarm service messages between the Messenger transport client and the server

Distributed file System: LAN management shared files, no need to disable

Distributed linktracking client: For LAN update connection information, no need to disable

Error Reporting Service: Prohibit sending errors report

Microsoft serch: Provides fast word search without the need to disable

Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable

Printspooler: If there are no printers to disable

Remote Registry: Disable the registry from being modified remotely

Remote Desktop help session Manager: No distance assistance

Remote NET command does not list user group if workstation is closed

Prohibit unnecessary services, although these may not be used by attackers, but in accordance with security rules and standards, superfluous things do not need to open, reduce a hidden danger.

In "Network Connections", delete all the unwanted protocols and services, install only basic Internet Protocol (TCP/IP), and install the QoS Packet Scheduler in addition to the bandwidth flow service. In Advanced TCP/IP Settings--"NetBIOS" setting disables NetBIOS (S) on TCP/IP. In the advanced option, use Internet Connection Firewall, which is a firewall with Windows 2003, not in the 2000 system, although not functional, but can screen ports, so that has basically reached an IPSec function.

Enter Gpedit.msc carriage return in the run, open Group Policy Editor, select Computer Configuration-windows Settings-security Settings-Audit policy when creating an audit project, it should be noted that if there are too many items to be audited, the more events are generated, the more difficult it is to find a serious event. Of course, if the audit is too small, it will also affect your discovery of serious Events, you need to make a choice between the two depending on the situation.

The recommended items to audit are:

Logon events

Account Login Events

System events

Policy changes

Object access

Directory service Access

Privileged use

Third, close the default shared null connection

People all over the world know, I will not say more!