Windows 2003 server Security Settings method

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

My server has been a long-term hacker attacks, the special few days to do some useful security summed up to facilitate later inspection, hoping to thoroughly understand the hacker attack, special thanks to "cold rainy Night" some tips.

Windows 2003 server Security Settings method

0. Get rid of weak passwords and enhance your username and password.

1. Server firewall settings, such as: Ice Shield firewall +mcafee, I use Skynet free firewall +mcafee.

2. Turn off unused ports, such as 445 ports, 139 ports, 135 ports, 3389 ports.

3. Modify 3389 for other remote ports. (range from 1024 to 65535, and cannot conflict)

4. Disable ASP unsafe components, such as: Shell.Application, Wscript.Shell, Wscript.Network, FSO, ADODB.stream, in addition to the FSO may be used.

5.IIS security settings and Web site default directory cannot be used.

The 6.sql password is set.

7. Modify the 1521 port password, mainly for Oracle.

8.net Delete and Net1 (if you do not use the case), so that hackers can not add users.

9. Delete FTP, TFTP (if you do not use the case), so that hackers can not pass the horse.

10. Directly disable Cmd.exe, set the ban ping function.

11. Set the Group Policy.

12. Cancel some print network sharing services.

13. Permission settings, remove everyone in C disk permissions.

Remove access to all users in C disk, add IIS_WPG access rights, add IIS_WPG access rights [. NET private], add IIS_WPG access rights [installed MacFee software private], add users access rights, Remove all dangerous folders under Windows C, remove access to system dangerous files, and leave only administrative group members.

14. Install genuine system and software as far as possible, if and I have installed the Serv, please make manual safety setting, (note ser-u 6.0 The following version and 6.0 above set method is different)

15. Switch to dynamic IP to prevent hacker scan, because I server reason, not set this security operation.

Write this article hope to play the role of a lot of people to publish server security and personal PC security articles.

Reprint please indicate wealth Pig blog http://www.caifuzhu.com Thank you. Welcome to testify and communication, qq:10261733

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.