Win 2000 built-in security commands to ensure system security

1, refused to start the unidentified service. One day, the server suddenly became "slowly responsive", what is going on? This phenomenon is mostly caused by an illegal attacker enabling a special network service in the server through the intrusion server system. If it is not stopped in time, the server system resources will soon be exhausted. In fact, by using the "net start" command built into the Windows 2000 Server system, you can clearly know which services are currently enabled in the system and prohibit unidentified services in time. First open the system's run dialog, then enter the "ldd; cmd" command in it, click the Enter key, the screen will be switched to the MS-DOS state. In the DOS command line, you can directly execute the "net start” command, then the system will automatically list the services that have been started (as shown in Figure 1); carefully check which services are unknown, and then Execute the “net stop server” command in the command line (where Server is a specific unknown service), and temporarily stop the unknown service. 2, forcibly specify the password policy To prevent the login server account from other criminals "stealing", you can use the "net accounts" command to force the login user to change the bad password usage habits. For example, “forced” passwords must be at least a few digits at a minimum, “forced” users must change their passwords periodically. For example, if the server login user is required to create an access account, the number of passwords is not less than 6 digits. You can directly enter the “Net Accounts /MinPWLen:6” command in the DOS command line, and click the Enter key to enter the password of the new account. The number will be "forced" by no less than 6 digits. If you want to "force" the user must change the password in a specified time, you can execute the following command "Net Accounts /minpwage:n” (where n is the specific number of days); for example, the user is required to be every 6 days To change the password once, just execute “Net Accounts /minpwage:6” If you want to specify that the user must change the password within a certain period of time, you can execute the "Net Accounts /minpwage:n1 /maxpwage:n2” command, where “n1” is the minimum number of days, “n2” how many days. 3, check who is connected in the dark if you suspect that your server has been sneaked by hackers "species" on the Trojans, or suspect that the server system has been infected with the virus, but there is no professional Trojan or virus killing tools at hand When you can use the Windows 2000 Server system's built-in network command "netstat", you can check who is secretly connecting to your server. The netstat command gives you a clear idea of ​​how the server is directly connected to the Internet, and the command can list all the connection information in the current server, including network interface information, network connection information, and routing table information. When you check the network connection by command method, you can directly enter the string of "netstat -a" in the DOS command. After clicking the Enter key, you will see in the network connection list shown in Figure 2 Who is connecting your server in secret. It is not difficult to see from the interface of Figure 2 that there is already an HTTP connection from the port of the port 4832 from the host of the 4932 port of the "61.51.100.13", and the host from the "48.83.185.252" host. In addition, if you find that there is an unknown port in the "Local address" column, such as the port 7626 of the glacial Trojan, it means that there are already Trojans in your server. At this point, you must disconnect the server from the Internet in time, and use the Trojan killing tool or virus killing tool to remove the Trojan from the server to ensure the security of the server. In short, with the "netstat" command, you can fully monitor the connection status of the server, thus achieving the purpose of controlling server security. 4, check the account abnormal situation Many hackers like to sneak the server system by "cloning" logged in account method. The method often used by these hackers is to activate a default account that is not frequently used in the server, and then use the professional tool to upgrade the default account “ At first glance, the default account is no different from usual, but after "upgrading", it has become the biggest security risk for the server. You can check the abnormality of the server account in time by using the <quo;net user” command. First execute the <quo;net user” command on the DOS command line, and then you will know which user accounts are included in the server. Then run the “net user username” command to see what permissions each user account belongs to. For example, to view the permissions of the Guest account, you can directly execute the “net user guest” command. In the pop-up interface, check whether the Guest account has become a member of the “administrator” group, if yes, In all likelihood, the server system has been attacked by hackers. At this point, you should not hesitate, just run the “net user guest /delete” command to delete the account. 5, hide the server In order to prevent hackers or other illegal attackers from easily searching for the name of the LAN server, you can use the "net config” command to temporarily hide the name of the server. As a result, illegal users on the LAN, even through the online neighbor window, can't find the server's "shadow", and the risk of the server being attacked by external attacks will be greatly reduced. To hide the name of the server with a command, you can directly enter "ld config server /hidden:yes" in the DOS command line (where server is the computer name of the server). After the carriage return, the computer name of the server will be from the network neighborhood. The window disappears automatically, so the hacker can't know what the name of the server is, let alone talk about how to attack it.