Sharing settings win2003 anti-trojan permission experience

& ldquo; Trojans & rdquo; program is currently a more popular virus file, unlike the general virus, it will not self-propagation, and does not "deliberately" to infect other files By providing its own camouflage to attract users to download and execute, it provides the Trojan horse with a portal to open the computer of the cultivator, so that the creator can arbitrarily destroy, steal the files of the cultivator, and even remotely manipulate the computer of the cultivator. Because of the power of this virus, for this reason, there are many articles about anti-trojan virus on the Internet. Today, Xiaobian has compiled some methods for setting up anti-trojan permission under Windows 2003.

First, the system installation

1, according to the Windows2003 installation CD prompts to install, by default 2003 did not install IIS6.0 in the system.

2, IIS6.0 installation

Start menu & mdash; > Control Panel & mdash; > Add or remove programs & mdash; > Add /remove Windows components

Application ———ASP.NET (optional)

| ——Enable Network COM+ Access (Required)

| ——Internet Information Services (IIS)———Internet Information Service Manager (required)

| ——public files (required)

| ——World Wide Web Service———Active Server pages (required)

| ——Internet Data Connector (optional)

| ——WebDAV Publishing (optional)

| ——World Wide Web Service (required)

| —— include files on the server side (optional)

Then click OK —>Next install. (See Appendix 1 for details.)

3. Update the system patch

Click the Start menu—>All Programs—>Windows Update

Follow the prompts to patch installation.

4, backup system

Use Ghost backup system.

5, install commonly used software

For example: anti-virus software, decompression software, etc.; after installation, configure anti-virus software, scan system vulnerabilities, use Ghost to back up the system again after installation.

6, first open the unneeded port, open the firewall to import the IPSEC policy

In the "network connection", delete the unwanted protocols and services, only the basics are installed here. The Internet Protocol (TCP/IP), with the addition of the QoS Packet Scheduler due to the control of the Bandwidth Traffic Service. In the advanced tcp/ip settings --"NetBIOS"Set "Disable NetBIOS(S)" on tcp/IP. In the advanced options, use "Internet Connection Firewall", which is the firewall that comes with Windows 2003. It does not have the functions in the 2000 system. Although it has no function, it can shield the port, so that it has basically reached an IPSec function.

Modify 3389 Remote Connection Port

Modify Registry.

Start--Run--regedit

Expand HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/

TERMINAL SERVER/WDS/RDPWD/TDS/TCP

Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)

HKEY_LOCAL_MACHINE /SYSTEM/CURRENTCONTROLSET/CONTROL/TERMINAL SERVER/

WINSTATIONS/RDP-TCP/

Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)< Br>

Note: Don't forget to add 10000 port to WINDOWS2003's own firewall

Modify the server. Restart the server. The settings take effect.

Second, user security settings

1. Disable the Guest account

Disable the Guest account in the computer-managed user. To be on the safe side, it is best to add a complex password to the Guest. You can open Notepad, enter a string of long strings containing special characters, numbers, and letters, and copy it as the password of the Guest user.

2. Restrict unnecessary users

Remove all Duplicate User users, test users, shared users, and more. User Group Policy sets the appropriate permissions, and often checks the users of the system to delete users who are no longer in use. These users are often the breakthrough point for hackers to invade the system. 3, rename the system Administrator account

As we all know, the Windows 2003 Administrator user can not be disabled, which means that others can try this user's password over and over again. Try to disguise it as a normal user, such as Guesycludx.

4, create a trap user

What is a trap user? Create a local user named "Administrator", set its permissions to the lowest, nothing can not do That kind, plus a super complex password of more than 10 digits. This will allow those Hackers to be busy for a while to discover their intrusion attempts.

5, change the permissions of the shared file from the Everyone group to the authorized user

Do not set the user of the shared file to the "Everyone" group at any time, including print sharing, default properties It is the "Everyone" group, you must not forget to change.

6. Open User Policy

Use the user policy to set the reset user lock counter time to 20 minutes, the user lock time to 20 minutes, and the user lock threshold to 3 times. (This item is optional)

7. Do not let the system display the last login user name

By default, the last login user name will be displayed in the login dialog. This makes it easy for others to get some usernames from the system and make password guesses. Modify the registry to prevent the last login user name from appearing in the dialog box. The method is: open the registry editor and find the registry "HKLM\\Software\\ Microsoft\\Windows T\\CurrentVersion\\Winlogon\\Dont-DisplayLastUserName”, change the key value of REG_SZ to 1.

Password Security Settings

1. Use Secure Passwords

When creating an account, some company administrators often use the company name and computer name as the user name, and then put these The user's password is set too simple, such as “welcome” and so on. Therefore, pay attention to the complexity of the password, but also remember to change the password frequently.

2, set the screen saver password

This is a very simple and necessary operation. Setting a screen saver password is also a barrier to prevent internal personnel from damaging the server.

3, open password policy

Note the application of password policy, such as enabling password complexity requirements, set the minimum password length to 6 digits, set the mandatory password history to 5 times, the time is 42 days .

4, consider using a smart card instead of a password

For passwords, security administrators are always in a dilemma, password settings are easy to be attacked by hackers, password settings are complex and easy to forget. Using a smart card instead of a complex password is a good solution if conditions permit. Previous123Next page Total 3 pages