(Origins Section: Network Security
Compressed file format: text content
Attachment source: shared by others
Operation mode: Windows mode
Is it verified by yourself: yes
Attachment nature: free
Specifics: Great documentation on server security settings
Table of contents
First, install Win200x security overview---3
1. File system selection of hard disk partition--3
①Use multiple partitions to manage different content separately--3
②Select NTFS file system--3
③Use the file encryption system EFS-3
2. Component customization--3
3. Time to access the network--3
4. Account security management (modified)--3
5. Uninstall useless component modules--4
2. Basic system settings---4
1. Install various patches--4
2. Partition content scheme--4
3. Protocol Management--4
4. Block all the following unneeded services -- 4
5. Delete OS/2 and POSIX subsystems: 5
6. Account and Password Policy--6
7. Set file and directory permissions--6
8. Correction of some entries in the registry -- 6
9. Enable TCP/IP filtering--7
10. Move some important files and add access control--7
11. Download the Hisecweb.inf security template to configure the system -- 7
12. Alternatives to other tools on the server--8
13. Set up the trap script -- 8
14. Cancel some risk file extensions--8
15. Close port 445 -- 8
16. Close DirectDraw-8
17. Prohibit the generation of dumpfile and the automatic removal of the page file--8
18. Prohibit booting the system from floppy disks and CDRom--8
19. Lock access to the registry -- 9
20. Consider using IPSec to enhance the security of IP packets -- 9
21. Consider using smart cards to replace passwords -- 9
22. Hide the server--9
? ? Improve the security of FSO in Win2003--9
3. IIS security settings---11
1. Close and delete the default site--11
2. Build your own site, not in a partition with the system--11
3. Delete some directories of IIS--11
4. Delete unnecessary IIS mappings and extensions--11
5. Disable the parent path (some child pages that use relative paths may not be opened) --12
6. Set access control permissions on the virtual directory -- 12
7. Enable logging --13
8. Backup IIS configuration--13
9. Fix IIS flag --13
10. Redefine error message -- 14
? ? Improve the security of FSO in Win2003--14
4. Data and Backup Management---16
1. backup--16
2. Set file sharing permissions--16
3. Avoid filename fraud--16
4. Security Summary of Access Database--16
5. Prevention of MSSQL Injection Attacks--18
6. Basic security policy of MSSQLServer--18
7. Use layer filtering to prevent URL intrusion/intrusion--21
8. Protection against attacks by PHP Trojans--22
5. Other auxiliary safety measures---23
1. Install reliable antivirus software and upgrade immediately;--23
2. Install a network firewall that may be powerful and sensitive to configuration--23
3. Correct the date of all files in the system directory and program directory--23
4. On another computer in the network -- 23
5. Security issues for the use of existing free codes -- 24
6. Generation and use of file lists, command lists and service lists--24
6. Simple settings to prevent small traffic d/dos attacks---24
Seven, usually security check---26
1. Log view -- 26
2. View list -- 27
3. View abnormal files--27
4. Boot with CD-ROM PE system from time to time--27
5. View backup -- 27
6. Update rules--27
7. Regularly update the secret--27
8. Check the upgrade status of system security patches--27
9. Find WEBSHELL-27
10. Review file and directory permissions--27
11. Check the upgrade status of using programs and systems--27
12. View IP filtering policy--27
This post was last modified at 2008-7-2815:36 by Te Ai Ant])