First, the System information
View System version |
Windows Server 2008 R2 Enterprise |
Use |
VPN server |
View Host Name |
|
View network Configuration |
|
Second, antivirus software management
2.1 Kill Soft Installation
Purpose of Operation |
Prevent Trojan and Virus harm program |
Check method |
Check to see if the system kill soft service is started. |
Reinforcement method |
Install antivirus software, turn on real-time monitoring, set appropriate monitoring level, and set password for kill soft. |
Whether to implement |
|
Note |
|
3.1 Patch Installation
Purpose of Operation |
Install system patches, patch vulnerabilities |
Check method |
Scan using the leak-sweeping tool. |
Reinforcement method |
Use tools to automate patching. |
Whether to implement |
|
Note |
|
Four, the account password
4.1 Optimization Account
Purpose of Operation |
Reduce system useless account, reduce risk |
Check method |
"Win+r" button Up "Run"->compmgmt.msc (Computer Management)-> Local Users and groups to see if there are no unused accounts, the system account is the correct group and the Guest account is locked |
Reinforcement method |
Use the net user Username/del command to delete an account Use the "NET user username/active:no" command to lock an account |
Whether to implement |
|
Note |
Check the registry to prevent shadow accounts. |
4.2 Password Policy
Purpose of Operation |
Increase password complexity and locking strategy to reduce the likelihood of brute force cracking |
Check method |
The "Win+r" key calls up the "run"->secpol.msc (local Security Policy)-> security settings |
Reinforcement method |
1, account strategy-> password Policy Passwords must meet complexity requirements: enable Minimum password length: 8 characters Minimum password Age: 0 days Maximum password Age: 90 days Enforce password history: a remember Password To store passwords with reversible encryption: disabled 2, Account set-> account lockout policy Account lockout time: 30 minutes Account lockout threshold: 5 times Invalid Login Reset account lockout counter: 30 minutes 3, Local policy-> security options Interactive logon: Do not display the last username: Enabled |
Whether to implement |
|
Note |
The "Win+r" key calls up "run"->gpupdate/force takes effect immediately |
V. Network Services
5.1 Optimization Service
Purpose of Operation |
Turn off unwanted services and reduce risk |
Check method |
The "Win+r" key calls up "run"->services.msc |
Reinforcement method |
The following services are changed manually COM + Event System DHCP Client Diagnostic Policy Service Distributed Transaction Coordinator DNS Client Distributed Link Tracking Client Remote Registry Print Spooler Server (can be closed without file sharing) Shell Hardware Detection TCP/IP NetBIOS Helper Windows Update |
Whether to implement |
|
Note |
Disabling services requires caution, especially for remote computers |
5.2 Turn off sharing
Purpose of Operation |
Turn off default sharing |
Check method |
"Win+r" button Up "Run"->cmd.exe->net share, view share |
Reinforcement method |
Turn off default shares such as c$,d$ "Win+r" Key Call "Run"->regedit-> find Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters, New AutoShareServer (REG_DWORD) with a key value of 0 |
Whether to implement |
|
Note |
|
5.3 Network restrictions
Purpose of Operation |
Network access Restrictions |
Check method |
The "Win+r" key calls up "run"->secpol.msc-> security Settings-> Local policy-> security options |
Reinforcement method |
Network access: Do not allow anonymous enumeration of SAM accounts: Enabled Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled Network access: Apply Everyone permissions to anonymous users: Disabled Account: Local account with null password allows only console logon: Enabled |
Whether to implement |
|
Note |
The "Win+r" key calls up "run"->gpupdate/force takes effect immediately |
6.1 Using NTFS
Purpose of Operation |
Enhance file system security |
Check method |
To see if each system drive uses the NTFS file system |
Reinforcement method |
It is recommended that you use the NTFS file system to convert commands: Convert < drive letter:/fs:ntfs |
Whether to implement |
|
Note |
|
6.2 Check Everyone permissions
Purpose of Operation |
Enhance Everyone permissions |
Check method |
Right-mouse system drive (disk)-> "Properties"-> "security" to see if each system drive root is set to everyone has all permissions |
Reinforcement method |
Remove everyone's permissions or cancel everyone's write permission |
Whether to implement |
|
Note |
|
6.3 Restricting command permissions
Purpose of Operation |
Restricting permissions on partial commands |
Check method |
Use the cacls command or the resource Manager to view the following file permissions |
Reinforcement method |
It is recommended that you restrict the following commands to only system, administrator groups %systemroot%\system32\cmd.exe %SystemRoot%\System32\regsvr32.exe %systemroot%\system32\tftp.exe %systemroot%\system32\ftp.exe %systemroot%\system32\telnet.exe %systemroot%\system32\net.exe %systemroot%\system32\net1.exe %SYSTEMROOT%\SYSTEM32\cscript.exe %systemroot%\system32\wscript.exe %systemroot%\system32\regedit.exe %systemroot%\system32\regedt32.exe %systemroot%\system32\cacls.exe %systemroot%\system32\command.com %systemroot%\system32\at.exe |
Whether to implement |
|
Note |
May affect business system uptime |
7.1 Enhanced Log
Purpose of Operation |
Increase log size to avoid logging incomplete due to too small log file capacity |
Check method |
The "Win+r" key calls up the "run"->eventvwr.msc-> "Windows log"-> view the properties of the application security system |
Reinforcement method |
Recommended settings: Log upper Limit size: 20480 KB |
Whether to implement |
|
Note |
|
7.2 Enhanced Audits
Purpose of Operation |
Audit system events for troubleshooting when future failures occur |
Check method |
"Win+r" key to bring up "run"->secpol.msc-> security Settings-> Local policy-> Audit policy |
Reinforcement method |
Recommended settings: Audit Policy changes: successful Audit logon events: Success, failure Audit object access: Successful Audit process tracking: success, failure Audit directory service access: Success, failure Audit system events: success, failure Audit account logon events: Success, failure Audit account Management: Success, failure |
Whether to implement |
|
Note |
The "Win+r" key calls up "run"->gpupdate/force takes effect immediately |
Note: This template is from Baidu down, I made the appropriate changes.