| Back to logs list
22125067 2010 年 08 月 06 日 12:46 Reading (loading. ..) Comments (0) Category: Audio Digital
The first step:
one,
timberland boots, first off do not need to be careful to compare the port
, first off the port. Only held 3389 21 80 1433 (MYSQL) Some people have been saying that the 3389 default unsafe, do not deny this, but only one way to use a burst of exhaustion, you change the account
the password is set to fifteen six, estimated he has to break several years, ha ha! way: Local Area Connection - Properties - Internet Protocol (TCP / IP) - Advanced - Options --TCP/IP screening - Properties - marked the hook and then add the ports you need to. PS one: After setting the port to restart!
Course you can also change the method of the remote port:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server WinStations RDP- Tcp]
the input port you want to! restart effect!
Another point system in 2003, with the TCP / IP filtering in the port filtering, when using the Ftp server, only open port 21, during FTP transmission time, FTP Port Mode and Passive unique pattern during data transmission, the need to open a dynamic high port, so the use of TCP / IP filtering cases, often after a connection can not be listed on the directory and data transmission problems. Therefore, the increase in 2003 on a windows system to connect the firewall to solve this problem well, so not recommended to use the network card TCP / IP filtering. FTP download the user does carefully point of view, the table I said, I blame the writing is rubbish ... If you want to turn off unnecessary ports, in system32 drivers etc services in the list, notepad to can open. If the lazy, the simplest way is to enable WIN2003 itself with the network firewall, and make the port change. Feature can also! Internet Connection Firewall can effectively intercept the illegal invasion of Windows 2003 server, the server to prevent illegal remote host scanning, to improve the security of windows 2003 server. It also can block the port using the operating system vulnerabilities to attack the virus, such as Blaster and other worms. If you are using windows 2003 on the construction of the virtual router firewall to enable this feature, the entire internal network can play a very good protection.
Second, turn off unneeded services to open the appropriate audit policy
closed the following services
Computer Browser maintain a list of computers on the network and provide the latest list of
Task scheduler allows program to run at a specified time
Routing and Remote Access on the LAN and WAN environments to provide routing services for business management
Removable storage removable media, drivers and libraries
Remote Registry Service allows remote registry manipulation
Print Spooler file loaded into memory for later printing. Friends can not disable the printer to use the
IPSEC Policy Agent Management IP security policy and start ISAKMP / OakleyIKE) and the IP security driver
Distributed Link Tracking Client files on the network when the NTFS volume to move the domain to send notification
Com + Event System automatically published to provide event subscription notification
Alerter COM components selected users and computers of administrative alerts
Error Reporting Service to collect, store and report exceptions to the Microsoft application Transfer
Messenger between the client and server and alarm services NET SEND message
Telnet allows remote users to log on to this computer and run the program
put off unnecessary services are prohibited, although these do not necessarily have to be exploited by attackers on, but in accordance with safety rules and standards, the extra things there is no need to open, to reduce a risk.
in the . In the Advanced tcp / ip settings where - In the advanced options, use the Enter gpedit.msc in the run
enter, open the Group Policy Editor, select Computer Configuration-Windows Settings - Security Settings - audit policy audit project created to note is that if too many items the audit, the generated events the more, then serious events in order to find the more difficult course, if too little can affect your audit found serious incidents, in this case you need to make a choice between the two.
recommended to review the project is:
account logon events success and failure logon events Success Failure Success Failure
system event success or failure
policy changes
directory object access failure Service access failed privilege use failure
three disk permissions
1. system disk permissions
C: partition parts:
c:
administrators all (the folder, subfolders and files)
CREATOR OWNER full (only the sub-files and documents)
system full (This folder, subfolders and files)
IIS_WPG Create Files / Write Data ( Only the folder)
IIS_WPG (This folder, subfolders and files)
Traverse Folder / run the file
List Folder / Read Data Read Attributes
created
Folders / Append Data
read access
c: Documents and Settings
administrators all (this folder, subfolders and files)
Power Users (This folder, subfolders and file)
read and run
List Folder Contents Read
SYSTEM
all (this folder, subfolders and files)
C: Program Files
administrators All (This folder, subfolders and files)
CREATOR OWNER Full (only sub-files and documents)
IIS_WPG (This folder, subfolders and files)
read and run
List Folder Contents
read
Power Users (This folder, subfolders and files)
all modify permissions
SYSTEM (This folder, subfolders and files)
TERMINAL SERVER USER (this folder, subfolders and files)
modify the permissions
2. Web site and virtual machine permissions settings (such as site E disk)
Note: We assume that all sites in the E drive wwwsite directory for each virtual machine and create a guest user, the user name vhost1 ... vhostn and create a webuser group, all the vhost user group which all joined the webuser to facilitate management.
E:
Administrators all (this folder, subfolders and files)
E: wwwsite
Administrators all (this folder, subfolders and files)
system all (This folder, subfolders and files)
service in full (This folder, subfolders and files)
E: wwwsite vhost1
Administrators all (this folder, subfolders and file)
system all (this folder, subfolders and files)
vhost1 all (this folder, subfolders and files)
3.
data backup data backup disk drive best specify only a specific user permissions to it are fully operational. Such as the F drive for data backup disk, we only specify an administrator has full operational authority to it.
4. permissions elsewhere
find the c drive of these files, the security settings that only certain administrators have full authority to operate.
following these files only allow administrators access
net.exe
net1.exet
cmd.exe
tftp.exe
netstat.exe
regedit.exe
at . exe
attrib.exe
cacls.exe
format.com
5. delete c: inetpub directory, and delete unnecessary iis mapping, the establishment of the trap account, change the description.
IV, firewall, antivirus software installation
seen Win2000/Nt never seen a server anti-virus software installed, in fact, it is very important. Some good anti-virus software can not only kill some well-known viruses, but also killing a large number of Trojans and backdoors. In this case, Do not forget to regularly update the virus database, we recommend mcafree antivirus software + blackice firewall
five, SQL2000 SERV-U FTP security settings
SQL security
1.System Administrators role is best not more than two
2. If this is the best will in the local authentication configuration for the Win login
3. Do not use Sa account, to configure a super complex password
4. extended stored procedure to remove the following format:
use master
sp_dropextendedproc 'extended stored procedure name'
xp_cmdshell: is the best way to access the operating system delete
stored procedure to access the registry, delete
Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue Xp_regenumvalues
Xp_regread Xp_regwrite Xp_regremovemultistring
OLE Automation Stored Procedures, do not delete
Sp_OACreate Sp_OADestroy Sp_OAGetErrorInfo Sp_OAGetProperty
Sp_OAMethod Sp_OASetProperty Sp_OAStop
5. hide the SQL Server, change the default port 1433, right-click the instance of the selected attributes
- General - Network Configuration, select TCP / IP protocol properties, select the hidden SQL Server instance, and change the original default port
serv-u 1433 Some general security requirements set under:
select the FXP What is it? Generally, when using the FTP protocol for file transfer, the FTP server to the client first sends a server is received, use the command address information provided by the user to establish a connection with the user. In most cases, this process will not be any problems, but when the client is when a malicious user may be added by the PORT command to a specific address information, so that other non-FTP server and client machine to establish a connection. Although this name is not entitled to a malicious user may directly access a specific machine, but if you have access to the FTP server machine, then a malicious user to Ftp server as you can and still be able to eventually achieve the target server. This is the FXP, also known as cross-server attacks. Selected to prevent such a situation after.
six, IIS security settings
IIS related settings:
delete the default site created virtual directory, and stop the default web site, delete the corresponding file directory c: inetpub, configure all sites public settings, set the number of restrictions related to the connection, bandwidth settings and performance settings and other settings. Configure the application mapping, remove all unnecessary application extension, leaving only the asp, php, cgi, pl, aspx application extension. For php and cgi, isapi recommended analytical methods, with the exe and performance analysis have an impact on safety. Set debug the user program sends a text error message to the user. For the database, as far as possible mdb suffix, do not need to change the asp, IIS can be set in a mdb extension mapping, this mapping uses an independent dll files such as C: WINNTsystem32inetsrvssinc.dll to prevent the database to be downloaded. Save the log directory IIS settings, adjust the logging information. Is set to send a text error message. Modify the 403 error page, to turn to another page, to prevent detection of some of the scanner. Also, to hide system information, telnet to port 80 to prevent the disclosure of the information system can be modified versions of IIS the banner information, you can use winhex manually modify or use of relevant software such as banneredit changes.
the directory where the user site, in this description that the user's FTP root directory of the file corresponding to the three best, wwwroot, database, logfiles, were stored site files, database backup and the site of the log. If in the event of invasion may be the site for the user to set specific permissions on the directory, the directory where images will only give out directory permissions, the program directory if you do not generate files (such as procedures for generating html) does not give written permission. Because it is a virtual host can not usually do the scripting security point of nuanced, more methods can only enhance the user permissions from a script:
ASP's security settings:
set off rights and service, the following needs to be done to prevent asp Trojan work in the cmd window, run the following command:
regsvr32 / u C: WINNT System32 wshom.ocx
del C: WINNT System32 wshom.ocx
regsvr32 / u C: WINNT system32 shell32.dll
del C: WINNT system32 shell32.dll
to the WScript.Shell, Shell.application, WScript.Network component uninstalled, can effectively prevent Trojan asp wscript or shell.application execute a command by using the Trojan to see some system and sensitive information. Another method: cancel more users file permissions of the user to restart the IIS to take effect. However, this method is not recommended.
In addition, the user program need to use the FSO, the server can not cancel out the component, just to mention the FSO of the guard, but does not require open space in the automatic use of virtual business server, only suitable for manual opening of the site. FSO and do not need to FSO for the site set up two groups of users who need FSO group was given c: winntsystem32scrrun.dll file execute permission, without the do not give permission. Restart the server to take effect.
set for such permission with the above settings, you will find Haiyang Trojans have lost a role here!
PHP security settings:
default installation of php need to have the following Problems:
C: winnt php.ini only give users read access to. There needs to be done in php.ini the following setting:
Safe_mode = on
register_globals = Off
allow_url_fopen = Off
display_errors = Off
magic_quotes_gpc = On [default is on, but need to check it again]
open_basedir = web directory
disable_functions = passthru, exec, shell_exec, system, phpinfo, get_cfg_var, popen, chmod
com.allow_dcom = true change the default setting is false [before the amendment to cancel the previous;]
MySQL security settings:
If the server is enabled on the MySQL database, MySQL database, the security settings need to pay attention to:
delete all the default mysql user, leaving only the local root account for the root user with a complex password. Give normal user rights updatedeletealertcreatedrop time, and limited to a specific database, in particular, to avoid the ordinary customer has the mysql database operations permissions. Check mysql.user table, eliminating unnecessary user shutdown_priv, relo
ad_priv, process_priv and File_priv permissions that may leak more information, including non-mysql server other information out. Can set a start mysql user, mysql directory the user has permissions only. Installation directory of the data set the permissions database (mysql database,
cheap timberland boots, this directory holds the data information.) For the mysql installation directory to the users with read, list directories and execute permissions.
Serv-u security issues:
using the latest version of the installer as far as possible, avoid using the default installation directory, set up serv-u directory where the permissions, set administrator password of a complex . Modify the information serv-u of the banner, set the passive mode port range (4001-4003) on the local server settings related to security settings do: include checking anonymous password, disable the go-ahead when scheduling, block connection within 30 seconds the user to intercept more than 3 times 10 minutes. Domain is set to: require complex passwords, the directory using only lower case letters, set to cancel allows the use of advanced MDTM command to change file date.
change the start serv-u user: create a new user in the system, set up a more complicated password, do not belong to any group. The installation directory will be servu give the user full control permissions. A FTP root directory, you need to give the user Full Control permissions to the directory, because all the ftp users to upload, delete, change the file are inherited permissions of the user, or can not manipulate the file. In addition to the directory above the needs of the parent directory to the user's read access, or otherwise in connection when 530 Not logged in, home directory does not exist. For example, when the test ftp root directory is d: soft, must give d disk read access to the user, in order to secure abolition of d drive other folders inherit the permissions. And general use the default system startup there is no such problem because the system generally have these permissions.
seven other
1. hide important files / directories can be completely hidden to modify the registry: HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows Current-Version Explorer Advanced Folder Hi-dden SHOWALL Right-click the :
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
new DWORD value named SynAttackProtect, is 2
EnablePMTUDiscovery REG_DWORD 0
NoNameReleaseOnDemand REG_DWORD 1
EnableDeadGWDetect REG_DWORD 0
KeepAliveTime REG_DWORD 300,000
PerformRouterDiscovery REG_DWORD 0
EnableICMPRedirects REG_DWORD 0
4. Prohibition Notice response to ICMP routing messages:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters Interfaces interface
New DWORD value named PerformRouterDiscovery value of 0
5. to prevent ICMP redirect attack packets:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
will EnableICMPRedirects value to 0
6. do not support the IGMP protocol:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters
new DWORD value named IGMPLevel value of 0
7. change terminal service port:
run regedit find the [HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server Wds rdpwd Tds tcp], see the right PortNumber it? state in decimal port number you want to change it, like for example 7126 as long as you can not with other conflicts.
second at HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server WinStations RDP-Tcp, as above, remember to change the port number and the same as the above changes on the line.
8. against IPC null:
cracker can use the net use command to build on the connection, and then the invasion, as well as net view, nBTstat these are based on air connections, air connections like the ban. Open the Registry, find the Local_Machine System CurrentControlSet Control LSA-RestrictAnonymous this value to such as:
TTL = 107 (WINNT);
TTL = 108 (win2000);
TTL = 127 or 128 (win9x);
TTL = 240 or 241 (linux);
TTL = 252 (solaris);
TTL = 240 (Irix);
fact you can change yourself:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters: DefaultTTL REG_DWORD 0-0xff (0 - 255 decimal, the default value 128) into a mysterious figure, such as 258, at least for a half day the little rookie halo, you will not necessarily give up Oh invasion.
10. delete the default share:
been asked for a boot to share all the disk, change it back after the restart, he is a sharing of how the matter, which is 2K for the management to set the default sharing mode must be canceled by modifying the registry is: HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services LanmanServer Parameters: AutoShareServer type is REG_DWORD value to 0 you can put
11. prohibits the establishment of air connection:
default, any user connected to the server through the air connection, and then enumerate the accounts, password guessing. We can modify the registry to prohibit the establishment of an empty connection:
Local_Machine System CurrentControlSet Control LSA-RestrictAnonymous value to > My Network Places - Properties - Local Area Connection - Properties-Internet Protocol (TCP / IP) Properties - Advanced-WINS panel-NetBIOS settings - Disable TCP / IP on a NetBIOS. this cracker can not use the nBTstat NetBIOS commands to read your information and the MAC address of the card.
13. Account Security
first prohibits all accounts, in addition to yourself, huh, huh. and then renamed the Administrator. smoothly and built a Administrator account,
mens timberland boots, but what kind of rights do not, Then open Notepad, while Luanqiao, copy and paste into the
Although this seems somewhat contradictory, and above this point, but the fact is subject to the above rules. permissions to create a general account used to prepared to receive and deal with everyday things, and the other an account with Administrators privileges only when needed when used. to allow administrators to use the This is wrong automatically to home.
15. Local Security Policy and Group Policy settings, if you set the local security policy set when the wrong, it can be restored to its default value
Open% SystemRoot% Security folder, create a . sdb console, the Database database , a successful reconstruction of the security database.
16. disable DCOM:
run, type Dcomcnfg.exe. Enter, click the . For the local computer, right-click
Step:
Although the function of windows 2003 continually increased, but due to congenital reasons, it also has many safety problems, if not to these hazards, will bring the whole system may be unnecessary trouble; Here the writer describes the common Windows2003 not attempts to prevent safety hazards, and I hope you can bring to help!
blocked automatically save hidden
windows 2003 operating system error in the calling application, the system of Dr. Watson will automatically some important debugging information will be saved for future maintenance of system view, but the information is likely to be hackers on the case, a variety of important debug information will be thoroughly exposed, in order to stop Dr. Watson hidden debugging information is automatically saved, we can be achieved as follows:
1, open the Start menu, select Run Microsoft WindowsdowsNT CurrentVersion AeDebug branch of the right key in the corresponding sub-AeDebug window, double-click the Auto value with the mouse, the parameter settings in the pop-up window will reset its value > 3, the open system, Windows Explorer window, and in which expand Documents and Settings folder, All Users folder, Shared Documents folder, DrWatson folder, and finally in the corresponding DrWatson User.dmp file, Drwtsn32. delete log files.
completed the above settings, click to restart the system, can automatically save the hidden dangers of the block.
hidden
blocked the sharing of resources in order to LAN users to transmit information between convenience, Windows Server 2003 system is a asking for trouble, risks in order to block the sharing of resources, the following is off sharing the specific steps:
1, following the implementation of the control panel menu item
3, in the interface to cancel Hackers attack systems naturally less You can enter a network connection, the user name and password, the content transmitted through ordinary clear connection to the corresponding client side; in clear text account transfer process, and automatically into the to eliminate this security risk,
timberland uk, we can approach to following the system implementation of the Control Panel command, from the pop-up drop-down menu, select br>
4, the label appears in the following pages, will
block users switch hidden
windows 2003 system provides us with the Fast User Switching, the use of this feature we can easily log into the system; But to enjoy this comfortable, system also has installed hidden dangers, such as our implementation of the system if the as a computer system to a violent block user switching, resulting in potential safety problems:
in the windows 2003 desktop, open the Start menu,
womens timberland boots, Control Panel,
timberland kids, the following command to find the following Management the.
statement: I am writing not. only in the other sites to see write well. So that to share
blocked page exchange risks
Windows 2003 operating system, even in normal circumstances, there may be hackers or other visitors to leak important confidential information, especially some important account information. Perhaps we never thought to look at those who may be leakage of private information file, but hackers are actually very concerned about yo! Windows 2003 operating system pagefile, in fact, a number of important privacy to hide information that is generated in a dynamic, if not timely them clear to the invasion of hackers is likely to be a breakthrough; this end, we must follow the following method to make windows 2003 operating system in the closed system, the system automatically generated when the work of all delete the page file:
1, in windows 2003 the In the left area of the window, right click HKEY_local_machine system currentcontrolset control sessionmanager memory management key to find the right area ClearPageFileAtShutdown key and double-click of the mouse, the value set in the following window open , re-edit the DWORD value to
Was ist so toll Pandora Armbänder
Linear Mode
