Protecting against Windows Server 2008 security threats

Windows Server 2008 systems, we can easily build your own servers on the LAN to allow random access to regular workstations with other systems installed. Although the security performance of Windows Server 2008 system is much higher than that of other systems, in the LAN environment, Windows Server 2008 still has the possibility of being illegally accessed by other LAN workstations. To this end, we can take some measures in time to cleverly hide the Windows Server 2008 system to avoid the leakage of private information in the server system.

1. Turn off network discovery function

In the same working subnet, other workstation users can easily find Windows in LAN through the “My Network Neighborhood” function. Server 2008 server host, so that illegal users can take the opportunity to peek at the various private information in the server. In order to prevent the Windows Server 2008 server host from being searched by other workstations' "My Network Places" function, we can temporarily disable the network discovery function that comes with the server system. In this case, the Windows Server 2008 server host "Shadow" It won't appear in the "My Network Places" window of other workstations, so the possibility of illegal access to the server host is greatly reduced; now, let's take a look at how to turn off the network discovery function of the server system:

First log in to the Windows Server 2008 server system with super administrator privileges, right-click on the "Network" icon in the desktop of the system, and execute the "Properties" command in the shortcut menu. Go to the Network and Sharing Center window of the local server system, here we will see a lot of parameter settings related to shared access;

In order to prevent your own Windows Server 2008 server host from appearing on other workstations In the neighborhood, we can share and send in the window ” Under the list, find the "Network Discovery" setting item, and click the drop-down button next to the setting item with the mouse to open the setting page shown in Figure 1. Here, we will see that the server system will be in the default state. Automatically turn off network discovery. If we find that this feature has been enabled, we only need to re-check the "Close Network Discovery" option, click the "Apply" button, and finally restart the server system. Other workstations on the LAN will not be able to find the Windows Server 2008 server host from their My Network Places window, so that server system security can be effectively guaranteed.

Figure 1

Someone may ask, if the network discovery function of the server system is turned off, the network administrator cannot find other ordinary workstations in the LAN through the online neighbor window in the server system. So, how can we avoid this shortcoming? To avoid this shortcoming, we can first re-check the "Network Discovery" setting in the Network and Sharing Center list window of the server system. Enable the Network Discovery project to enable the network discovery feature, which will ensure that the server system can see other workstations on the LAN through the Network Neighborhood window, but other workstations can also see the server system through the Network Neighborhood window. At this time, we also need to modify the relevant key values ​​of the registry in the server system to prevent the ordinary workstation from searching the server host through the network neighbor window. The following is the specific modification steps:

First open The server system's "Start" menu, from which you select "Run" & rdquo; In the pop-up system running dialog box, enter the string command <;regedit”, click the Enter key to enter the registry editing window of the server system;

Secondly displayed on the left side of the editing window In the pane, locate the mouse on the registry branch option KEY_LOCAL_MACHINE, and then select the “SYSTEMCurrentControlSetServiceslanmanserverparameters” subkey under the branch option, and recreate a double in the right pane of the corresponding "parameters" Byte key value “hidden”, and set the value of the key value to "1", and finally restart the server system, so that we can find that although the server system has opened the network discovery function, but the local area network Other workstations in the network do not see the server host through the Network Neighborhood window, but the server host can see other workstations on the LAN.

2, the public folder is closed

In the LAN working environment, when other workstations access the Windows Server 2008 server host, the network administrator does not set the shared folder in the server system, other Users can still see the “public” folder through the online neighbor window. This is because the Windows Server 2008 server system will automatically set the “public” folder to a shared folder by default. Some illegal users can still illegally attack the server system through this sharing "channel", or peek at the private information in the server system. In order to avoid the security threat of the server system, we just need to close the public folder function automatically enabled by the server system as follows:

First log in to the Windows Server 2008 server system with super administrator privileges. Right-click the “Network” icon in the system desktop and execute the “Properties” command in the shortcut menu to enter the network and sharing center management window of the local server system;

Figure 2

Second from the Network and Sharing Center management window to find the "Network Discovery" setting item, and click the drop-down button next to the setting item to open the setting page shown in Figure 2; from this page In the description, we saw that once the public folder function is enabled, other users on the LAN can easily see the “public” folder in the server system; at this time, we can select “disable sharing”. ;options, then click the “apply” button next to the option to turn off the public folder feature on the server system A.

In addition to the public folder, other users on the LAN can access the hidden shared folders in the server system by default. These hidden shared folders are often used by illegal attackers, which may result in A security threat to the server. In order to prevent this threat from happening, we also need to use commands such as "net share C$ /del” to delete all hidden shared folders on the server system. However, after restarting the server system, these hidden shared folders are automatically generated; for this, we can write the command code such as "net share C$ /del" to the batch file, and then open In the group policy editing window of the server system, find the "user configuration"/“Windows settings">;script” branch option, in the right pane of the corresponding "script" branch option, double click “ Add the & rdquo; option, then the previously generated batch file is selected to import, and finally restart the server system, so that the hidden shared folder in the server system will be automatically deleted after the system is successfully booted.