Windows Advance serve security settings

Network security should be a focus of network management, how to build a secure enterprise network, is the important work of each enterprise management, Windows Advance serve is one of the more popular server operating system, but to secure the configuration of Microsoft's operating system, it is not an easy task. I'll talk about the security settings for Windows Advance serve network for my own work experience.

First, customize your own Windows Advance Serve

1. Version of the choice: Win2000 have a variety of languages, for us, you can choose the English version or Simplified Chinese version, I strongly recommend: in the case of language does not become an obstacle, please be sure to use the English version. You know, Microsoft's products are known as Bugs & Patch, the Chinese version of the bug far more than the English version, and the patch is usually late at least half a month (that is, the general Microsoft released a loophole after your machine will be in unprotected condition for half a month).

2. Component installation: Win2000 is typically installed by default, but this installation system is fragile, insecure, and according to security principles, minimal service + minimum permissions = maximum security. Please make a reasonable configuration according to the requirements of your own server.

3. Separate management of the server according to the purpose: that is to say, if you make different functions according to the various needs of the enterprise, in principle, a service server provides only separate services, such as domain controllers, file servers, backup servers, Web servers, FTP servers, and so on.

II. reasonable installation of Windows Advance Serve

1. Installing Windows Advance Serve, we recommend that you create at least two partitions, one system partition, one application partition.

2. Sequential selection: Windows Advance serve there are several orders in the installation that must be noted:

First of all, Windows Advance serve has a vulnerability to install, after you enter the administrator password, the system has established a admin$ share, but did not use the password you have just entered to protect it, this situation continues until you start again, During this time, anyone can enter your machine through admin$, as long as the installation is completed, the various services will automatically run, and at this time the server is covered with loopholes, very easy to enter, therefore, in the fully installed and configured Win2000 server, must not connect the host network.

Second, the installation of patches: patches should be installed after all applications installed, because the patch is often to replace/modify some system files, if the first installation of the patch and then install the application may cause the patch can not play a due effect.

Third, security configuration Win2000 Server

Even if the Win2000 SERVER is installed correctly, the system still has a lot of vulnerabilities and needs to be carefully configured.

1. Port:port is a logical interface between the computer and the external network, the port configuration is correct or not directly affect the security of the host, in general, only open you need to use the port will be more secure, the configuration is in the network card properties-tcp/ip-Advanced-option-TCP/IP filter enabled tcp/ IP filtering.

2. Iis:iis is one of the most vulnerable parts of Microsoft's components, so the configuration of IIS is our focus:

First, deltree C:\INETPUB, outside the C disk creat inetpub the main directory to x:\Inetpub in IIS Manager;

Second, the IIS installation when the default of what scripts virtual directories are deleted

Third, application configuration: Remove any unwanted mappings that are required in IIS Manager, and must refer to ASP, ASA, and other file types you really need to use, such as stml (using server side include), actually 90% Host has the above two mappings enough, in IIS Manager, right-click the host-> Property->www service Edit-> Home directory configuration-> application mapping, remove the mappings you don't need.

Finally, to be on the safe side, you can use the backup function of IIS to back up all the settings you just set up, so you can restore the security configuration of IIS at any time.

Zebian: Bean Technology Application