Windows Ops Tips

Dual network isolation technology, to achieve the internal and external network of enterprises and institutions of information security protection.

Video conferencing system is divided into: Software video conferencing system and hardware video conferencing system.
Software Video Conferencing system is a video communication systembased on server +pc architecture, MCU (Multi control Unit).

Video Conferencing Networking mode: one is IP Network mode, one is E1 line network mode

Server security guard Policy:

1. Close any ports that you do not need, first close all, and then open the desired. Netstat–na

2. To turn off unnecessary services

3. Delete the default share

4. Prohibit remote enumeration of local accounts and shares

5. turn on log auditing to view log files regularly Open Local Security Policy command /secpol.msc

The data volume recognition technology has important application in the corresponding network virus, the network intrusion detection and the network management and so on. At present, the main network traffic recognition technology is mainly DPI,DFI.

MRTG the software that records network device disconnected traffic
when the network share is limited, you can use Serv_u to build an FTP server to solve the local Area network resource sharing problem.

ITSS Information Technology Service standard

Telnet Management Server, changing The window server's telnet disconnect command:

Tlntadmnconfig Port =3000

Encrypting cloud-assisted file sharing security

Mobile Desktop Folder - Desktop folder - Properties - location.

Switch power failure causes the switch to restart automatically, causing intermittent disconnection

Intermittent printer failure, possibly due to unauthorized user modification of the client A MAC or IP causes a conflict.

a routed forwarder in a DNS server sets different DNS resolutions.

Operating System "Protector" the software is similar to a hardware restore card, and simply restarts the computer, and it is as usual.

BYOD (bring Your Own device) refers to bringing your own device to work

monitoring software for the database: Greensql provides a free monitoring system for SQL Server

The main technical means of data leakage protection are three kinds: encryption, file Rights Management ( DRM), data loss protection DLP.

Linux Partitioning software,parted partition compiler

Application Logrotate Tool Management log files,rsyslogd record system messages

Mastering Virtual Memory Statistics with Vmstat

use top to list the most-owned processes

Use ACS Authentication, interface open dot1x authentication. Control the switch's interface switch.

CMCC Relay, bringing the moving CMCC into the studio. Turn on WISP( Select the WAN media as wireless). CMCC can only be connected through client mode, that is, when the WDS state, the router is equivalent to a wireless AP.

Policy Routing of source addresses is implemented through message redirection. Redirection feature: Redirection command configuration is valid for rules that are permit in the access list, and is not valid for deny.

Changing the routing entry AD value Implementation, dynamic selection of routes.

disk Format Conversion command:convert x ( drive letter ) :/fs:ntfs

Settings " TCP/IP filtering port, restricting users to the Internet.

how to pull out a malicious program port:Netstat–ano >list.txt listens to all ports used by this machine.

Tasklist >list2.txt Save the program and process that is running on the local system to the List2.txt file

Close The RPC(remote Procedure call) service deactivated the 135 Port

shutting down The NetBIOS protocol disables the 137 UDP Port primarily for NetBIOS name Services

139 Port, provides file and printer sharing, and Unix Samba Services

using portslock to control user computer ports

by setting IP Filter table for computer-related management

WEB Server Defense Product WAF (webapplication firewall)

ipc$ intrusion steps:

1. port scans, such as Discovery 139,445

2. in the DOS Input:net use \\server ' passwd '/user: ' username '

3. use the Netletmein tool to view a list of users in a computer system

4. use the brbok Dictionary Builder tool to produce password set data, and then use the Smbcrack Password enumeration tool to brute force user passwords,DOS windows,smbcrack server Administrator X:\aaa.dic, where X:\aaa.dic is a file generated through the Brbook dictionary.

Prevent Ipc$ Intrusion Method:

1. Deactivate all default shares

@echo off

Net Share C $/delete

Net Share d$/delete

Net Share e$/delete

Net Share admin$/delete

....... Save the above code as a "bat" file, and then add the boot entry.

1. prohibit the establishment ipc$ NULL Connection

2. Complex password

3. To close the 445,139 port via the registry

ARP Attack and protection:

ARP attack:

1. WinPcap.exe and WinArpAttacker.exe combination. WinPcap is a packet-capture analysis tool, andWinarpattacker is a comprehensive ARP attack tool.

2. Winpcap.exe and Netfuke combination .

3. Winpcap.exe and "Cyber Law enforcement officer"

4. Winpcap.exe and Cain&abel. Cain&abel is a comprehensive tool to crack passwords.

ARP Protection:

1. switch Upper Port pair bindings for MAC and IP addresses

2. Manual Configuration IP and other information.

3. On the client-to-gateway binding of IP address and MAC address

IPS intrusion Prevention system, Sky clear IPs.

Clear the cookie tool in the browser , IECookiesView , but only the buffer information in IE browser can be cleared.

To prevent viruses from modifying registry information, you can often back up the registry

OpenVAS software, security scan.

APT is an advanced persistent threat,

A "puddle-type" attack, usually referring to an attacker's network activity through the current popular social engineering analysis

Rules, looking for vulnerabilities and weaknesses in websites that are frequently visited by attackers, using a variety of technical means to compromise sites that are trusted by attackers, and to embed attack code or Trojan horses.

set up a NTP(time synchronization) server, which facilitates the unification of the log time of the device.

VOI(virtual osinfrastructure) virtualized operating system infrastructure.

set up a hidden account for Windows to sign in to the dark door. (not understand)

The BDBZM tool implements a dual-protection file that is capable of segmenting and disguising files.

Use Palimpsest graphical management of Linux disks.

When passing When the Http protocol is transmitted, the transmission speed may be slow due to the small send buffer of the Winsock.

SDN(software definednetwork) software defines the network.

The SDN Network architecture model provides an idea for freeing software from hardware platforms. One is that control and data coupling

Second, the network intelligence and control logic concentration. The third is the abstract infrastructure of the underlying network.

DFS Distributed File System deployment

CDN the full name is Content Delivery Network , which is the content distribution network

Content Distribution Network (CDN) is a new Network content Service system, which is based on IP Network, providing content distribution and services based on content access and application efficiency requirements, quality requirements, and content order. From a broad perspective,theCDN represents a network- based and high-quality, high-efficiency, with distinctive network order of Web application service mode.

Content Distribution Network(CDN)is a strategic deployment of the overall system, includingDistributed Storage,Load Balancing, redirection of network requests, and content management4Elements , while content management and a global networkTraffic Management(traffic Management)is aCDNthe core of the problem. By the proximity of the user andServerthe judgment of the load,CDNensure that content is serviced by users ' requests in an extremely efficient manner.

Cache Server (Cache Serveris a highly integrated hardware and software professional server, mainly to do cache acceleration services, generally deployed at the edge of the network. Depending on the acceleration object, it is divided into client acceleration and server acceleration, and client accelerationCachedeploy at the network exit, cache frequently accessed content locally, improve response speed and save bandwidth; server acceleration,Cachedeployed on the server front-end asWebserver's front-mounted machine, improvingWebserver performance, speed of access. If more than oneCacheaccelerating servers and distributing them across geographies requires an effective mechanism to manageCacheNetwork, which directs the user to the nearest access, the global load balancer traffic, which isCDNThe basic idea of content transmission network.

Enterprise resource Planning and Integration:

The general process of resource planning: Understanding operational application scenarios; Load analysis; software resource planning; hardware resource planning

• Software service layer, mainly including operating system, and configuration of all software

• Compute resource Tiers, primarily for CPU , Memory, X86 infrastructure, such as hardware resources, with funding decisions

• Storage resource tiers, which are primarily managed for storage resources.

manage the mail system, open source software SpamAssassin.

This article from "Banging blog" blog, declined reprint!

Windows Ops Tips