1. Use win2000 security configuration tools to configure policies
Microsoft provides a set of security configuration and analysis tools based on MMC (Management Console). With these tools, you can easily configure your servers to meet your requirements. For details, refer to the Microsoft homepage:
Http://www.microsoft.com/windows2000/techi...y/sctoolset.asp
2. disable unnecessary services
Windows 2000 Terminal Services, IIS, and RAS can bring security vulnerabilities to your system. In order to be able to manage servers remotely and conveniently, Terminal Services on many machines are on. If you have enabled the Terminal Services, make sure that you have configured the Terminal Services correctly. Some malicious programs can also run quietly in the form of services. Pay attention to all the services enabled on the server and check them every day. The following are the default services installed at the C2 level:
Computer Browser service TCP/IP NetBIOS Helper
Microsoft DNS server Spooler
Ntlm ssp Server
RPC Locator WINS
RPC service Workstation
Netlogon Event log
3. disable unnecessary ports
Disabling ports means reducing the number of features. You need to make a decision on security and functionality. If the server is installed onFirewallBut never think you can rest assured. Use a port scanner to scan the ports opened by the system to determine which services are open, which is the first step for hackers to intrude into your system. The system32driversetcservices file contains a list of well-known ports and services for your reference. The specific method is:
Network neighbors> Properties> Local Connection> Properties> internet Protocol (TCP/IP)> Properties> advanced> Options> TCP/IP filtering> properties enable TCP/IP filtering and add the required tcp, udp protocol.
4. Open Audit Policy
Enabling security audit is the most basic Intrusion Detection Method for win2000. When someone attempts to intrude into your system in some ways (such as user passwords, Account Policies, unauthorized file access, etc.), they will be recorded by security review. Many administrators are unaware of system intrusion for several months until the system is damaged. The following reviews must be enabled, and others can be added as needed:
Policy Settings
System Login event review successful, failed
Account Management review successful, failed
Login event review successful, failed
Audit Object Access successful
Audit policy changed successfully, failed
Audit privilege usage successful, failed
System Event Review successful, failed
5. Enable Password Policy
Policy Settings
Password complexity must be enabled
Minimum Password Length: 6 Characters
Force password five times
Force password: 42 days
6. Enable Account Policy
Policy Settings
Reset Account lock counter for 20 minutes
Account lock time: 20 minutes
Account lock threshold three times
7. Set security record Access Permissions
The security record is unprotected by default. You can set it to be accessible only to the Administrator and system accounts.
8. store sensitive files in another file server
Although the server's hard disk capacity is very large, you should consider whether it is necessary to put some important user data (files, data tables, project files, etc) it is stored in another secure server and often backed up.
9. Do not allow the system to display the username of the Last login
By default, when the terminal service is connected to the server, the logon dialog box displays the account name for the last login, and the local Login Dialog Box is the same. This makes it easy for others to obtain some user names of the system for password speculation. You can modify the registry to prevent the user name that was last logged on from being displayed in the dialog box, specifically:
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonDontDisplayLastUserName
Change the key value of REG_SZ to 1.
10. Do not create a null connection.
By default, any user connects to the server through an empty connection, and then enumerates the account and guesses the password. We can modify the Registry to disable NULL connections:
The value of the Local_MachineSystemCurrentControlSetControlLSA-RestrictAnonymous is changed to "1.
11. download the latest patch from the Microsoft website.
Many network administrators do not have the habit of visiting secure sites, so that some vulnerabilities have been around for a long time, and server vulnerabilities are not enough to serve as targets. No one can guarantee that 2000 of the Code with millions of lines does not have any security vulnerabilities. They often visit Microsoft and some security sites to download the latest service pack and vulnerability patches, is the only way to ensure long-term security of servers.