Trojan virus is inaccessible to win 2003 system and also anti-trojan

With the advancement of technology, not only the level of computers we use has increased, but also the Trojan virus has become pervasive, for the safety of computers, how to prevent Trojans in win 2003 system Reference? A lot of the network on the security settings of WIN2003 and do some hands-on practice, combined with these security settings articles, I hope to help everyone, and there are deficiencies, please give pointers, and then To make up, thank you!

First, the system installation

1, according to the Windows2003 installation CD prompts to install, by default 2003 did not install IIS6.0 in the system.

2, IIS6.0 installation

Start menu & mdash; > Control Panel & mdash; > Add or remove programs & mdash; > Add /remove Windows components

Application ———ASP.NET (optional)

| ——Enable Network COM+ Access (Required)

| ——Internet Information Services (IIS)———Internet Information Service Manager (required)

| ——public files (required)

| ——World Wide Web Service———Active Server pages (required)

| ——Internet Data Connector (optional)

| ——WebDAV Publishing (optional)

| ——World Wide Web Service (required)

| —— include files on the server side (optional)

Then click OK —>Next install. (See Appendix 1 for details.)

3. Update the system patch

Click the Start menu—>All Programs—>Windows Update

Follow the prompts to patch installation.

4, backup system

Use Ghost backup system.

5, install commonly used software

For example: anti-virus software, decompression software, etc.; after installation, configure anti-virus software, scan system vulnerabilities, use Ghost to back up the system again after installation.

6, first open the unneeded port, open the firewall to import the IPSEC policy

In the "network connection", delete the unwanted protocols and services, only the basics are installed here. The Internet Protocol (TCP/IP), with the addition of the QoS Packet Scheduler due to the control of the Bandwidth Traffic Service. In the advanced tcp/ip settings --"NetBIOS"Set "Disable NetBIOS(S)" on tcp/IP. In the advanced options, use "Internet Connection Firewall", which is the firewall that comes with Windows 2003. It does not have the functions in the 2000 system. Although it has no function, it can shield the port, so that it has basically reached an IPSec function.

Modify 3389 Remote Connection Port

Modify Registry.

Start--Run--regedit

Expand HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/

TERMINAL SERVER/WDS/RDPWD/TDS/TCP

Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)

HKEY_LOCAL_MACHINE /SYSTEM/CURRENTCONTROLSET/CONTROL/TERMINAL SERVER/

WINSTATIONS/RDP-TCP/

Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)< Br>

Note: Don't forget to bring the 10000 port on the WINDOWS2003 firewall.

The modification is completed. Restart the server. The settings take effect.