Windows System Security Settings-intermediate security

Source: Internet
Author: User

1. Use win2000 security configuration tools to configure policies

Microsoft provides a set of security configuration and analysis tools based on MMC (Management Console). With these tools, you can easily configure your servers to meet your requirements. For details, refer to the Microsoft homepage:

Http://www.microsoft.com/windows2000/techi...y/sctoolset.asp

2. disable unnecessary services

Windows 2000 Terminal Services, IIS, and RAS can bring security vulnerabilities to your system. In order to be able to manage servers remotely and conveniently, Terminal Services on many machines are on. If you have enabled the Terminal Services, make sure that you have configured the Terminal Services correctly. Some malicious programs can also run quietly in the form of services. Pay attention to all the services enabled on the server and check them every day. The following are the default services installed at the C2 level:

Computer Browser service TCP/IP NetBIOS Helper

Microsoft DNS server Spooler

Ntlm ssp Server

RPC Locator WINS

RPC service Workstation

Netlogon Event log

3. disable unnecessary ports

Disabling ports means reducing the number of features. You need to make a decision on security and functionality. If the server is installed onFirewallBut never think you can rest assured. Use a port scanner to scan the ports opened by the system to determine which services are open, which is the first step for hackers to intrude into your system. The system32driversetcservices file contains a list of well-known ports and services for your reference. The specific method is:

Network neighbors> Properties> Local Connection> Properties> internet Protocol (TCP/IP)> Properties> advanced> Options> TCP/IP filtering> properties enable TCP/IP filtering and add the required tcp, udp protocol.

4. Open Audit Policy

Enabling security audit is the most basic Intrusion Detection Method for win2000. When someone attempts to intrude into your system in some ways (such as user passwords, Account Policies, unauthorized file access, etc.), they will be recorded by security review. Many administrators are unaware of system intrusion for several months until the system is damaged. The following reviews must be enabled, and others can be added as needed:

Policy Settings

System Login event review successful, failed

Account Management review successful, failed

Login event review successful, failed

Audit Object Access successful

Audit policy changed successfully, failed

Audit privilege usage successful, failed

System Event Review successful, failed

5. Enable Password Policy

Policy Settings

Password complexity must be enabled

Minimum Password Length: 6 Characters

Force password five times

Force password: 42 days

6. Enable Account Policy

Policy Settings

Reset Account lock counter for 20 minutes

Account lock time: 20 minutes

Account lock threshold three times

7. Set security record Access Permissions

The security record is unprotected by default. You can set it to be accessible only to the Administrator and system accounts.

8. store sensitive files in another file server

Although the server's hard disk capacity is very large, you should consider whether it is necessary to put some important user data (files, data tables, project files, etc) it is stored in another secure server and often backed up.

9. Do not allow the system to display the username of the Last login

By default, when the terminal service is connected to the server, the logon dialog box displays the account name for the last login, and the local Login Dialog Box is the same. This makes it easy for others to obtain some user names of the system for password speculation. You can modify the registry to prevent the user name that was last logged on from being displayed in the dialog box, specifically:

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonDontDisplayLastUserName

Change the key value of REG_SZ to 1.

10. Do not create a null connection.

By default, any user connects to the server through an empty connection, and then enumerates the account and guesses the password. We can modify the Registry to disable NULL connections:

The value of the Local_MachineSystemCurrentControlSetControlLSA-RestrictAnonymous is changed to "1.

11. download the latest patch from the Microsoft website.

Many network administrators do not have the habit of visiting secure sites, so that some vulnerabilities have been around for a long time, and server vulnerabilities are not enough to serve as targets. No one can guarantee that 2000 of the Code with millions of lines does not have any security vulnerabilities. They often visit Microsoft and some security sites to download the latest service pack and vulnerability patches, is the only way to ensure long-term security of servers.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.