Windows 2003 Server Security Hardening

Server relative to the other, security settings more difficult, then the server of the cow B, the hacker who encountered the cow B, there is no black not to go. Of course, for small sites, the general reinforcement on the line.

Because of the wide variety of security factors and different server settings, this section can simply introduce several aspects of security hardening.

1. Update system Patches

Updating patches is the most important step in security hardening.

2. Disable services that you do not need

The following services must be disabled: Server, Workstation, Telnet, Print Spooler, remote Registry, Routing and remote Access, TCP/IP NetBIOS Helper, Computer Browser

3. Remove Extra permissions

Because there are so many places to set up the system permissions, we can only publish the common ones.

• All packing directories retain only Administrators and system permissions.

· C:\Documents and Settings retain only Administrators and system permissions

· C:\WINDOWS, C:\WINDOWS\system32 only retain administrators and system, as well as user Read and Execute

· C:\WINDOWS\Temp only retains administrators and system, as well as read and write deletions from users and network service

· C:\WINDOWS\IIS Temporary compressed Files retain only Administrators and system, as well as read and write deletions from users and network service

· C:\WINDOWS\SYSTEM32\MSDTC only retains administrators and system, as well as read and write deletions from users and network service

· Some EXE software under C:\WINDOWS\ only retains administrators and system, such as Regedit.exe, Cmd.exe, Net.exe, Ne1.exe, Netstat.exe, At.exe, Attrib.exe, Cacls.exe, format.com

4. Unloading Dangerous components

regsvr32/u%systemroot%\system32\shell32.dll

Regsvr32/u%systemroot%\system32\wshom.ocx

5. Firewall settings

It is recommended to open only the ports you need, such as: 80, 3389

6. Software drop right setting

Common serv-u, SQL Server, MySQL, Apache, Tomcat and so on have security risks.

7. Installation of Safety Assistant software

There is no absolute security, only as far as possible to improve security, manual + software collocation, in order to maximize security.

Warm reminder: If you go to set the relevant parameters before, be sure to back up the site-related data, or configuration errors, resulting in related issues, the server business will not give you the responsibility, of course, if you do not understand, you can let the technology directly configuration, really do not understand, do not enter the server configuration, the consequences of serious. There is also an easy way to install the appropriate server software.

Source: Harajuku Wind HTTP://USER.QZONE.QQ.COM/3272818845/2

Windows 2003 Server Security Hardening