Hold your position - the power of Win 2000 built-in security commands

  

There are no tools such as anti-virus software, firewall and Trojan removal program, how do you defend the server? In fact, as a server operating system, Windows 2000 Server itself has built-in commands for maintaining network security. As long as you can use them skillfully, it can also effectively protect the security of the server. Let's take a look at the power of small commands and maintain network security!

1. Rejecting the start of an unspecified service

One day, the server suddenly became "unresponsive". What is going on? This phenomenon is mostly caused by an illegal attacker enabling a special network service in the server through the intrusion server system. If it is not stopped in time, the server system resources will soon be exhausted.

In fact, by using the "net start" command built into the Windows 2000 Server system, you can clearly know which services are currently enabled in the system and prohibit unidentified services in time. First open the system's run dialog, then enter the "cmd" command in it, click the Enter key, the screen will be switched to the MS-DOS state. In the DOS command line, you can directly execute the "net start" command, and then the system will automatically list the currently started services (as shown in Figure 1); carefully check which services are unknown, and then in the command Execute the "net stop server" command in the line (where Server is a specific unknown service), and temporarily stop the unknown service.

2, forcibly specify password policy

To prevent the account of the login server from being "stealed" by other criminals, you can use the "net accounts" command to force the login user to change badly. Password usage habits. For example, the number of "forced" passwords must be at least a few digits, and "forced" users must change their passwords periodically.

For example, if the server login user is required to create an access account, the number of passwords is not less than 6 digits. You can directly enter the "Net Accounts /MinPWLen:6" command in the DOS command line and click the Enter key. The number of passwords for the new account will be "forced" by no less than 6 digits.

If you want to "force" the user to change the password in a specified time, you can execute the following command "Net Accounts /minpwage:n" (where n is the specific number of days); for example, ask the user every 6 If you want to change your password once a day, just execute "Net Accounts /minpwage:6". If you want to specify that the user must change the password within a certain period of time, you can execute the "Net Accounts /minpwage:n1 /maxpwage:n2" command, where "n1" is the minimum number of days and "n2" is the maximum number of days.

3, check who is connected in the dark

If you suspect that your server has been sneaked into a Trojan horse program by hackers, or suspect that the server system has been infected with the virus, but at hand When you don't have a professional Trojan or virus killing tool, you can use the built-in network command "netstat" in Windows 2000 Server to check who is connecting to your server.

The netstat command allows you to clearly understand how the server is directly connected to the Internet, and the command can list all connection information in the current server in detail, including network interface information, network connection information, and routing. Table information, etc.

Copyright © Windows knowledge All Rights Reserved