Let Windows Server 2008 system security take it to the next level

Compared with the traditional operating system, the most attractive part of the Win2008 system may be its superior security features. It does take advantage of many new security features, and we can easily and fully implement the local system. Protection. However, this does not mean that the security performance of the Win2008 system is impeccable. Some details can still threaten the security of the Win2008 system. To this end, we also need to pay more attention to some security details in order to make the Win2008 system more secure. !

1. Refused to modify firewall security rules

We know that the new advanced security firewall function of Win2008 system allows users to define security rules according to actual needs, thus achieving more flexible security. Protection purposes; however, the firewall has some obvious shortcomings. Some of the settings we have made and the security rules we created are almost directly stored in the local Win2008 system registry. Illegal attackers only need to write simple attack script code. It is easy to modify the contents of the corresponding system registry to modify the firewall security rules, so that it can easily cross the limitations of the advanced security firewall. So how can we refuse an illegal attacker to change the limit of the advanced security firewall function by modifying the relevant key values ​​in the system registry? In fact, it is very simple, we only need to prohibit the illegal attacker from modifying the relevant system registry through the following settings. The key value is OK:

First open the "Start" menu in the Win2008 system desktop, click the "Run" command from the middle, in the pop-up system run dialog box, enter the string command "regedit", single After hitting the car key, open the registry control window of the corresponding system;

Next, at the left side of the control window, place the mouse on the HKEY_LOCAL_MACHINE node branch and expand SYSTEM\\ControlSet001 from the target branch. The Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules registry sub-item (shown in Figure 1) saves many firewall security rules and setting parameters in the right-side display area corresponding to the registry subkey;

Obviously, if an illegal attacker has access to the FirewallRules registry subkey, then it Feel free to modify the security rules and settings parameters under the branch, and in the default state any ordinary user can access the target branch; for this, we must limit the Everyone account to access the FirewallRules registry sub-item, to do To do this, we must first select the FirewallRules registry subkey, right-click the registry subkey, and execute the "Permissions" command in the shortcut menu to open the permissions setting dialog box of the target registry subkey;

Click the "Add" button in the dialog box to open the user account selection dialog box, select the "Everyone" account and add it, then select the "Everyone" account and the corresponding account. The "Full Control" permission is adjusted to "Reject", and then the "Apply" button is clicked. As a result, the illegal attacker can not arbitrarily modify the security rules and setting parameters of the Win2008 system advanced security firewall in the future, then the security performance of the Win2008 system is also It is more secure.
Previous 12 3 4 5 Next Read more