Improve the security of the operating system and IIS

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

       with the gradual deepening of campus network construction and application, more and more schools have established their own Web servers. As the most popular Web server platform, IIS (Internet Information Server) plays an important role in the campus network. Therefore, it is particularly important to understand how to enhance the security of IIS by creating a Web server with a high security performance.
??
?? Ensure system security
??
?? Because IIS is built on the Windows nt/2000 operating system, security should also be based on system security, so ensuring that the security of the system is the basis of IIS security, and for this reason, we have to do the following things.
??
?? 1. Use the NTFS file system
??
?? NTFS systems should be used in NT systems, NTFS can manage files and directories, and FAT file systems can provide only shared-level security and, by default, all users can see with each new share created, which is not conducive to system security. Unlike FAT file systems, under NTFS files, a new share can be created to guarantee system security by modifying permissions.
??
?? 2. Turn off default sharing
??
?? In Windows 2000, there is a "default share", this is when installing the server, the system installation partition is automatically shared, although access to it also requires superuser password, but this is a potential security risk, from the server security considerations, it is best to close this "default sharing" to ensure system security. Click Start/Run, enter "Regedit" in the Run window, open Registry Editor, and expand Hkey_ local_machine\system\currentcontrolset\lanmanworkstation\ Parameters ", create a Double-byte value named" Autoshare-wks "in the right window, set its value to 0, so that you can completely turn off default sharing.
??
?? 3. Set user password
??
?? Users must set the password, the user's password as far as possible with the number and letter size mixed passwords, but also need to constantly modify passwords, blocking failed login attempts, and set strict account life time. You should avoid setting a simple password, and the user's password should not be associated with the username as much as possible.
??
?? Secure IIS itself
??
?? In order to ensure that the system has high security, but also to ensure the security of IIS, the main note the following things:
??
? 1. Try to avoid installing IIS on the primary domain controller in the network. Because IIS is installed, the IUSR_computername anonymous account is generated on the installed computer. This account is added to the domain user group to provide access to the domain user group to each anonymous user who accesses the Web server, not only to ensure IIS security, but also to the primary domain controller.
??
?? 2, limit the directory permissions of the site. There are many scripts that are likely to cause security risks, so you should strictly restrict permissions such as execution, writing, and so on when setting directory permissions for Web sites in IIS.
??
?? 3, often to Microsoft's site to download the patch of IIS, to ensure the latest version of IIS.
??
?? As long as security awareness, often pay attention to the system and IIS settings, IIS will be a more secure server platform, can provide us with security and stability of services.

         article source: http:www.gdhack.com