Fourth, firewall, antivirus software installation
I have never seen Win2000/Nt server have installed anti-virus software to see, in fact, it is very important. Some good anti-virus software can not only kill some of the well-known viruses, but also killing a large number of Trojans and backdoors. In this case, Do not forget to regularly update the virus database, we recommend mcafree antivirus software + blackice firewall
five, SQL2000 SERV-U FTP security settings
SQL security
1.System Administrators role is best not more than two
2 if it is the best in local authentication configuration for Win will visit
3. Do not use the Sa account, to configure a super complex password
4. extended stored procedure to delete the following format:
use master
sp_dropextendedproc 'extended stored procedure name'
xp_cmdshell: is the best shortcut to enter the operating system, delete
stored procedures to access the registry, delete
Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue Xp_regenumvalues
Xp_regread Xp_regwrite Xp_regremovemultistring
OLE automatically stored procedure, do not delete
Sp_OACreate Sp_OADestroy Sp_OAGetErrorInfo Sp_OAGetProperty
Sp_OAMethod Sp_OASetProperty Sp_OAStop
5. hidden SQL Server, change the default port of 1433
right instance select Properties - General - Network Configuration, select TCP / IP protocol properties, choose to hide the SQL Server instance, and change the original default port of 1433
serv-u need to set the points under normal security:
select ; FTP_bounce What is FXP it? Generally, when using the FTP protocol for file transfer, FTP server to the client first issues a , the server received, use the command address information provided by the user to establish a connection with the user. In most cases, the process does not have any problem, but when the client is a malicious user may add the PORT command by a specific address information, so that the FTP server and other non-client machine to connect. Although the name of a malicious user may itself have direct access to a particular machine, but if you have access to the FTP server machine, then a malicious user can FTP server as an intermediary, is still able to finally achieve the target server. This is the FXP, also known as cross-server attacks. Selected after can prevent the occurrence of such situation.
six, IIS security settings
IIS-related settings:
delete the default virtual directory site created to stop the default web site, delete the corresponding file directory c: inetpub, configuration settings for all public sites, set up the relevant connection limit, bandwidth settings and performance settings and other settings. Configure the application mappings, remove all unnecessary application extensions, leaving only the asp, php, cgi, pl, aspx application extension. For php and cgi, isapi recommended way to resolve, with the exe resolution have an impact on the safety and performance. User program debugging set to send a text error message to the user. For the database, try using mdb extension, do not change the asp, IIS can be set in a mdb extension mapping, this map has nothing to do with a dll file as C: WINNTsystem32inetsrvssinc.dll to prevent the database is downloaded. Set the IIS log save directory, adjust the logging information. Is set to send a text error message. Modify the 403 error page,
mercurial vapor pas cher, to move to another page, to prevent detection of some scanners. Also, to hide the system information,
mercurial vapor, telnet to port 80 to prevent the disclosure of information to modify the system version of IIS banner information, you can use winhex manually modify or use related software such as banneredit changes.
site directory for the user, in this description that the user's FTP root directory of the file corresponding to three good, wwwroot,
louboutin pas cher, database, logfiles, were stored site files, database backup and the site of the log. If in the event of invasion of the user can set a specific site directory permissions, the directory where the pictures will only give out directory permissions, the program directory if you do not need to generate a file (such as the program generates html) does not grant write access. Because it is safe for scripting virtual host usually no way to do meticulous to the point, and more from the script only way to improve user access:
ASP's security settings:
; set off rights and service, the following needs to be done to prevent asp Trojan work, run the following command in the cmd window:
regsvr32 / u C: WINNT System32 wshom.ocx
del C: WINNT System32 wshom.ocx
regsvr32 / u C: WINNT system32 shell32.dll
del C: WINNT system32 shell32.dll
to the WScript.Shell, Shell.application, WScript.Network uninstall components , which can effectively prevent the asp Trojan to execute commands by wscript or shell.application see some of the systems and the use of Trojans sensitive information. Another method: the user to cancel the above users permissions to the file, restart IIS to take effect. However, this method is not recommended.
In addition, the FSO requires the user program on the server can not cancel out the component, just to mention the prevention of FSO, but it does not need to automatically open a virtual business space used on the server, only suitable for manual opening of the site. FSO can be targeted at the needs of the site and do not need to set up two groups FSO, FSO for the needs of the user group was given c: winntsystem32scrrun.dll file execute permissions, no do not give permission. Restart the server to take effect.
set for this combination of the above permissions, you will find Haiyang Trojans have lost a role here!
PHP security settings:
default installation of php need to pay attention to the following question:
; C: winnt php.ini to give users only read permissions. Needs to be done in the php.ini in the following settings:
Safe_mode = on
register_globals = Off
allow_url_fopen = Off
display_errors = Off
magic_quotes_gpc = On [default is on, but need to check again]
; open_basedir = web directory
disable_functions = passthru, exec, shell_exec, system, phpinfo, get_cfg_var, popen, chmod
default com.allow_dcom = true change to false [before the amendment to cancel the previous;]
MySQL security settings:
if enabled on the MySQL database server, MySQL database needs Note that security settings for:
delete all the default mysql user, leaving only the local root account, as the root user with a complex password. Give ordinary users access when updatedeletealertcreatedrop and limited to a specific database, in particular, to avoid the ordinary customers have access to the mysql database operations. Check the mysql.user table, to eliminate unnecessary user shutdown_priv, relo
ad_priv, process_priv and File_priv permissions, which may leak more information, including non-mysql server other information out. You can set a start for the mysql user, the user only has permissions for the mysql directory. Set the data install directory permissions to the database (mysql database stored in this directory data information). For the mysql installation directory to the users with read and execute permissions on the directory list.
Serv-u security issues:
install the latest version of the program as far as possible, avoid using the default installation directory, set up serv-u directory permissions where , a complex set administrator password. Modify the banner information serv-u to set the passive mode port range (4001-4003) in the local server settings related to security settings do include: anonymous password checking is disabled when the go-ahead scheduling, intercept connection within 30 seconds the user to intercept more than 3 times for 10 minutes. Domain is set to: Require complex passwords, directory use only lowercase letters,
abercrombie france, set to cancel allows the use of advanced MDTM command to change the file date.
change the start serv-u user: create a new user in the system, set up a more complex password, do not belong to any group. The installation directory will servu give the user full control permissions. The establishment of an FTP root directory, you need to give the user full control permissions to the directory,
abercrombie and fitch, because all ftp users to upload, delete, change the file are inherited privileges of the user, or can not manipulate files. Also need to give more than the directory's parent directory to the user's read permissions, otherwise they will appear when the connection 530 Not logged in, home directory does not exist. For example, when the test ftp root directory is d: soft, must give d disk read access to the user, in order to cancel d drive other security folder permissions inheritance. And general use of the default system does not start on these issues, because system generally have these privileges.
seven other
1. to hide important files / directories can be completely hidden to modify the registry: HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows Current-Version Explorer Advanced Folder Hi-dden SHOWALL Right-click :
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
new DWORD value named SynAttackProtect, a value of 2
EnablePMTUDiscovery REG_DWORD 0
NoNameReleaseOnDemand REG_DWORD 1
EnableDeadGWDetect REG_DWORD 0
KeepAliveTime REG_DWORD 300,000
PerformRouterDiscovery REG_DWORD 0
EnableICMPRedirects REG_DWORD 0
4. prohibition responds to an ICMP Router Advertisement message:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters Interfaces interface
New DWORD value named PerformRouterDiscovery value of 0
5. ICMP redirect packets to prevent attack:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
will EnableICMPRedirects value is set to 0
6 does not support the IGMP protocol:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
new DWORD value named IGMPLevel value of 0
7. Modify the Terminal Services port:
run regedit , find the [HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server Wds rdpwd Tds tcp], see the right PortNumber it? state in decimal port number you want to change it, such as 7126 and the like they do not conflict with the other can.
second at HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server WinStations RDP-Tcp, as above,
mercurial, remember to change the port number and the same as the above change on the line.
8 prohibits IPC null connection:
cracker can use the net use command to create an empty connection,
louboutin pas cher, then the invasion, as well as net view, nbtstat these are based on empty connection, prohibited air connection just fine. open the registry to find Local_Machine System CurrentControlSet Control LSA-RestrictAnonymous this value to such as:
TTL = 107 (WINNT);
TTL = 108 (win2000);
TTL = 127 or 128 (win9x);
TTL = 240 or 241 (linux);
TTL = 252 (solaris);
TTL = 240 (Irix);
fact, you can change yourself:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters: DefaultTTL REG_DWORD 0-0xff (0 - 255 decimal, the default value 128) into a mysterious figure, such as 258, so at least half a day on the little rookie halo, you will not necessarily give up the invasion of Oh.
10. delete the default share:
someone asked me a Power on all shared disk, change back after the restart, he is a shared how it is, which is 2K for the management to set the default shares to be canceled by modifying the registry the way it is: HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services LanmanServer Parameters: AutoShareServer type is REG_DWORD, the value to 0 to
11. prohibit the establishment of air link:
default, any user connected to the server to connect through the air, and then enumerate the account, password guessing We can modify the registry to prohibit the establishment of air link:
Local_Machine System CurrentControlSet Control LSA-RestrictAnonymous value to br> My Network Places - Properties - Local Area Connection - Properties-Internet Protocol (TCP / IP) Properties - Advanced-WINS panel-NetBIOS setting - disable TCP / IP on a NetBIOS. This cracker can not use the nbtstat command to read your NetBIOS information and network card MAC address.
13.
first prohibits all account security accounts, in addition to yourself, Oh and then rename the Administrator and I do it easily built another one Administrator account, but what rights did not kind, and then open Notepad, while Luanqiao, copy and paste into the administrator with the account
Although this seems somewhat contradictory, and above this point, but in fact is subject to the above rules. create a general account for receipt of the letter and permission to deal with some everyday things, and the other has Administrators permission account only when necessary use allows the administrator to use the htm to this content, automatically go to the wrong page.
15. Local Security Policy and Group Policy settings, if you set the local security policy settings are wrong, it can be restored to its default value
Open the% SystemRoot% Security folder, create a to find ; Run Analysis When prompted for a template, select Database Run, type Dcomcnfg.exe. Enter, click the Select Windows 2003 function in the growing, but due to congenital reasons, also there are many security risks, these risks if it does not not common in the attempts to prevent potential safety problems, and I hope can help you bring!
blocked automatically save hidden
Windows 2003 operating system error in the calling application, the system of Dr. Watson automatically some important debugging information saved for future maintenance of the system view, but this information is likely to be hackers Dr. Watson's hidden debug information is automatically saved, we can be achieved as follows:
1, open the Start menu, select command sub-window, double click the Auto value, the parameter settings in the pop-up window, its value is reset to Documents and Settings folder, All Users folder, Shared Documents folder, DrWatson folder, and finally in the corresponding DrWatson User.dmp file, Drwtsn32.log files deleted.
completion of the above settings, restart the system, you can automatically save the risk of blocking.
hidden
block the sharing of resources in order to transfer information between LAN users convenience, Windows Server 2003 system was very to the server system causing a great deal of insecurity; So, run out of file or print sharing, everyone will be sure to keep off yo to block the sharing of resources risks, here are the specific steps to turn off sharing:
1, perform the following control panel menu item shortcut menu, click Sharing br> block remote access hidden
on Windows2003 system, connection to remote network access, the system's Remote Desktop feature can connect to the network, enter the user name and password, by ordinary explicit content transmitted to the corresponding client-side connection; clear account in the transfer process, to achieve allows users to connect remotely to this computer Windows 2003 system provides us with Fast User Switching, the use of this feature we can easily log into the system; but enjoy this easy, the system also install hidden,
louboutin, for example, if the implementation of our system, may be treated as illegal the account currently logged on account, it would lock up, which is obviously not what we need; However, we can switch the following steps to block users, the resulting security risks:
In the Windows 2003 desktop, open the Start menu, the following control panel command, find the following Click br> Windows 2003 operating system to work even in normal circumstances, there may be hackers or other visitors to leak important confidential information, especially some important account information, perhaps we will never think to look,
abercrombie, that may be leakage of private information file, but hackers are actually very concerned about yo! Windows 2003 operating system page swap file, in fact, hide a number of important privacy information, which are dynamically generated, if not timely they are clear, it is likely to be a breakthrough for hackers; this end, we must follow the following method to make Windows 2003 operating system in the closed system, the system automatically generated when the work removed the page file all:
1, in Windows 2003 the the left side of the window area, use the mouse to click HKEY_local_machine system currentcontrolset control sessionmanager memory management key to find the right area ClearPageFileAtShutdown key and double click it, then open the settings window values ,
louboutin pas cher, re-edit the DWORD value to 相关的主题文章:
Hotel Miss humor guaranteed smile you could not ea Layer is not broken do not poke the mushrooms Guan The Mavericks have been looking for inside help because of Tyson Chandler's departure to the New York Knicks. They remain interested in Kyrylo Fesenko, ESPN reports, but since Yi will become the 15th player on the roster, they'd have to cut someone else to make room for the 7-1, 290-pound Ukranian big man.
