7 strokes to do Windows Server security

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Come in the frequency of network security incidents, enough to cause our attention to network security, personal webmaster site security can not be ignored. Not only the site to be impregnable, the server should be indestructible, otherwise the server will become your site security "short board."

When it comes to Windows security, this article lists some Windows Server security tips that can help you build a relatively secure server.

First, do not install unnecessary software

The server can not be like its own computer what software is installed, such as your server just put an ASP site, then only need IIS and firewall and other security software. If it is not necessary to install the software such as Serv, because many server software often appear a variety of loopholes, which will give "intruders" leave an opportunity.

Second, timely update the patch

Always focus on the latest patches and choose the necessary fixes. Some software vulnerabilities also need to be fixed, so as to maximize the security of the server. If you feel that you can use 360 to make selective updates, install 360 security guards and then enter the bug fix.

Third, do not use weak password

Weak passwords This low-level error, has been the reason for the invasion has a large share, but this is very easy to avoid. We set the password when the best number, letters, symbols mixed use, the length of more than equal to 6 digits, do not use birthdays, names and other related passwords.

If not afraid of trouble, you can use Baidu random password generator, generate random password.

Iv. closing unnecessary ports and services

Use the netstat command to view open ports, such as the discovery of unnecessary ports that can be closed using IP Security policy. The detected ports can be closed as long as they are not available, or they can be shielded by firewall software. Service shutdown some can not be used, if the Windows service is not understood as much as possible to check the relevant information to close.

V. Modify 3389 default ports

Open the registry to modify the following two registry entries:

1.hkey_local_machine/system/currentcontrolset/control/terminal server/wds/rdpwd/tds/tcp

2.hkey_local_machine/system/currentcontrolset/control/terminal server/winstations/rdp-tcp/

The settings need to use decimal, and then set to the required port. The following figure:

Vi. Restricting directory Permissions

1. It is recommended to set up independent users for each website

2. Set up each Disk Administrator, System has Full Control permissions

3. Set up documents and settings and all subdirectories administrator, System has full control rights

4. Set up Cacls.exe, Cmd.exe, Net.exe, Net1.exe, Ftp.exe, Tftp.exe, Telnet.exe, Netstat.exe, Regedit.exe, At.exe, Attrib.exe, Format.com, del file administrator, System has Full control

5.C disk below Inetpub directory if it is not necessary to recommend deletion

VII. Installation of security software

It is recommended to install anti-virus software, firewall each one, the firewall must have to prevent the CC, ARP, SQL injection functions. The purpose of installing antivirus software is to prevent the upload of virus Trojan, the use of the administrator's negligence to perform so that the server is controlled. The purpose of installing a firewall is to prevent network attacks, and you can avoid unnecessary attacks.

Doing the above seven strokes can prevent some common server intrusions, making the sites on the server more secure. Web site security can be viewed in another Web security article I wrote "Four Ways to make your site more secure." This article by the smart phone List (http://www.miuiw.com/) original contribution, please respect the author's intellectual labor results, reproduced please retain the copyright and links.