Windows Server2003 is currently the most mature network server platform, security relative to Windows 2000 has greatly improved, but the 2003 default security configuration is not necessarily suitable for our needs, so we have to according to the actual situation to Win2003 a full security configuration. To tell the truth, security configuration is a more difficult network technology, permission configuration is too strict, many programs can not run, permission configuration is too loose, and very easy to be hacker intrusion, as a network administrator, really very headache, so I combined with these years of network security management experience, Summarize the following methods to improve the security of our servers.
The first recruit: the correct partition file system format, choose a stable operating system installation disk
In order to improve security, the server's file system format must be divided into NTFS (new technology file system) format, it is more than FAT16, FAT32 security, space utilization is greatly improved, we can configure file security, disk quotas, EPS file encryption. If you have already broken into FAT32 format, you can convert FAT32 to NTFS format using the convert drive letter/fs:ntfs/v. Proper installation of Windows 2003 server, you can upgrade directly on the Internet, we install as far as possible only to install the components we must use, after the installation of the latest patch, to upgrade to the latest version of the Internet! Ensure that the operating system itself is free of vulnerabilities.
The second trick: correctly set the security of the disk, specifically as follows (virtual machine security settings, we take the ASP program as an example) Focus:
1, the system disk permissions set
C: Partition section:
C:\
Administrators all (this folder, subfolders and files)
CREATOR OWNER All (Files only)
System all (this folder, subfolders, and files)
IIS_WPG create File/write data (only this folder)
IIS_WPG (this folder, subfolders, and files)
Traverse Folder/Run file
List Folder/Read data
Read properties
Creating folders/Additional Data
Read permissions
C:\Documents and Settings
Administrators all (this folder, subfolders and files)
Power Users (this folder, subfolders, and files)
Read and run
Listing folder directories
Read
System all (this folder, subfolders, and files)
C:\Program Files
Administrators all (this folder, subfolders and files)
CREATOR owner all (Files only)
IIS_WPG (this folder, subfolders, and files)
Read and run
Listing folder directories
Read
Power Users (this folder, subfolders, and files)
Modify Permissions
System all (this folder, subfolders, and files)
TERMINAL SERVER USER (this folder, subfolders, and files)
Modify Permissions