Windows system security Setting Method--Intermediate safety articles

Source: Internet
Author: User
Tags empty access microsoft website

  1. Using the Win2000 Security Configuration tool to configure the policy

Microsoft provides a set of security configuration and analysis tools based on MMC (management Console) that you can use to configure your server to meet your requirements. For details please refer to Microsoft Homepage:

  2. To turn off unnecessary services

Windows 2000 Terminal Services, IIS, and RAS can all bring security vulnerabilities to your system. In order to be able to remote Management Server, many machines Terminal Services are open, if you also open, to confirm that you have the correct configuration of Terminal Services. Some malicious programs can also be quietly run in a service way. Be aware of all the services that are open on the server, and check them for mid-term (daily). The following are the default services for C2-level installations:

Computer Browser Service TCP/IP NetBIOS Helper

Microsoft DNS Server Spooler


RPC Locator WINS

RPC Service Workstation

Netlogon Event Log

  3. To close unnecessary ports

Closing the port means reducing the functionality and requiring you to make a decision on security and functionality. If the server is behind a firewall, it will take less risk, but never think you can sit back and relax. Use the port scanner to scan the ports open by the system and determine which services are open to the first step in hacking your system. The system32driversetcservices file has a list of well-known ports and services available for reference. The specific methods are:

Network Places > Properties > Local Connections > Properties >internet Protocol (TCP/IP) > Properties > Advanced > Option >TCP/IP Filter the > property to open TCP/IP filtering, add the required tcp,udp, the protocol.

  4. Open Audit Policy

Opening security audit is the most basic intrusion detection method in Win2000. When someone tries to invade your system in some way (such as trying a user's password, changing the account policy, unauthorized file access, and so on), it will be logged by the security audit. Many administrators were unaware of the system being hacked for months until the system was compromised. The following audits are required to be open, and others can be added as needed:

Policy settings

Audit System Login Event succeeded, failed

Audit account management Success, failure

Audit Login Event Success, failure

Audit object Access succeeded

Audit policy Change succeeded, failed

Audit privilege use succeeded, failed

Audit system event succeeded, failed

  5. Open Password Password policy

Policy settings

Password complexity requirements Enabled

Minimum password length 6 bits

Enforce password history 5 times

Enforce password history 42 days

  6. Open Account Policy

Policy settings

Reset account lockout counter for 20 minutes

Account lockout time 20 minutes

Account lockout threshold value 3 times

  7. Setting access rights for Security records

The security record is not protected by default, and it is set to only Administrator and system accounts for access.

  8. Store sensitive files in a separate file server

Although the server's hard disk capacity is now large, you should also consider whether it is necessary to put some important user data (files, data sheets, project files, etc.) in another secure server, and often back up them.

  9. Do not allow the system to display the last login user name

By default, when Terminal Services is connected to the server, the Login dialog box displays the account that was last logged in, and the local login dialog box is the same. This makes it easy for others to get some user names for the system and then make a password guess. Modify the registry to not allow the dialog box to display the last login username, specifically:

Hklmsoftwaremicrosoftwindows Ntcurrentversionwinlogondontdisplaylastusername

Change the key value of the REG_SZ to 1.

  10. Prohibit the establishment of an empty connection

By default, any user who connects to the server through an empty connection, then enumerates the account number and guesses the password. We can disable the establishment of a null connection by modifying the registry:

The local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous value is changed to "1".

  11. Download the latest patches to the Microsoft website

Many network administrators do not have the habit of accessing the security site, so that some vulnerabilities have been a long time, but also put the server's loopholes do not supply others as a target. No one can guarantee that millions of lines of code 2000 do not have a bit of security vulnerabilities, frequent access to Microsoft and some security sites, download the latest service pack and bug patches, is the only way to ensure the long-term security of the server.

Zebian: Bean Technology Application

Related Article

Cloud Intelligence Leading the Digital Future

Alibaba Cloud ACtivate Online Conference, Nov. 20th & 21st, 2019 (UTC+08)

Register Now >

Starter Package

SSD Cloud server and data transfer for only $2.50 a month

Get Started >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.