Security settings Web site IIS server three tips

Is your website often hacked, or if you don't pay attention, it becomes a hacker's broiler" For web server servers, if you do not make security settings, it is very easy for hackers to "see" and be at risk of being compromised at any time. what? Do you think the security settings are complicated? It doesn't matter, through the three methods of the iis server security settings we introduced, we can prevent attacks.

Basic settings to patch and delete shared

Personal webmasters usually use windows servers, but we do not have a dedicated technician to set up security through rented or hosted servers, so Some common basic vulnerabilities still exist. In fact, most of the vulnerability intrusion attacks can be prevented by simply installing a server patch.

After the server is installed with the operating system, you should complete the installation of various patches before it is officially enabled. The server patch installation method is similar to the xp system we use, so I won't go into details here.

A basic patch installation is made. More importantly, the accessible port is set. Usually, the server only needs to open the necessary ports for providing web services, and other unnecessary ports can be disabled. However, it is important to note that the remote port 3389 of the management server must not be disabled.

Deleting the default share is also a step that must be done. After the server is opened, it is likely to be infected by viruses or hackers, thereby further lifting the rights or deleting files, so we should try to close the file sharing. There are several ways to delete the default share. For example, you can use the net share c$ /delete command to turn off the default sharing function of the c drive.

Privilege allocation to prevent virus Trojans from intruding

Good server privilege settings can minimize the harm. If the permissions settings of each iis site are different, it is very difficult for hackers to attack by side attack. The way to invade the entire server. Here is a brief introduction to the method of setting permissions.

In the system, the permissions are divided according to the user's way. To manage users, you can open the "start → program → management tools & rarr; computer management & rarr; local users and groups in the server. ;, you can see all the system users and user groups in the management server.

When partitioning a server, you need to divide all the hard disks into ntfs partitions, and then you can set the permissions that each partition has open to each user or group. The method is to right click on the folder that needs to set permissions, select “properties → security & rdquo;, you can set the permissions of the file or folder.

For websites, you need to assign an iis anonymous user to each website, so that when users access your website files, they have the most permissions only for the website directory, which can prevent other websites. Intrusive component management makes unsafe components disappear

The server supports many components by default, but these components can also become a hazard. The most dangerous components are wsh and shell because they can run the server. The exe programs on the hard disk, such as they can run privilege programs to enhance serv-u privileges and even use serv-u to run higher-privileged system programs.

The easiest way to uninstall the least secure components is to delete the corresponding program files directly. In addition to the above security settings, the details of some operations need to pay attention to, such as not browsing the web on the server, installing anti-virus software on the server, installing security programs such as anti-arp attack software.