Is your website often hacked, or it becomes a hacker's "broiler" if you don't pay attention? For Web server servers, if you don't set security settings, it's easy for hackers to "eye" and be hacked at any time. Danger. What? You think the security settings are complicated? It doesn't matter, through the three methods of IIS server security settings we introduced, we can prevent attacks.
delete shared basic set patched
individual owners usually use Windows servers, but we leased or managed by the server often do not have specialized technical personnel to conduct security settings, so Some common basic vulnerabilities still exist. In fact, most of the vulnerability intrusion attacks can be prevented by simply installing a server patch.
After installing the server operating system, before the official opening, you should complete a variety of patch installation. The server patch installation method is similar to the XP system we use, so I won't go into details here.
do the basic patch install, more importantly, is to set up a port accessible, and usually the server only needs to open the necessary ports to provide Web services, other unnecessary ports can be prohibited. However, it is important to note that the remote port 3389 of the management server must not be disabled.
Deleting the default share is also a step that must be done. After the server is opened, it is likely to be infected by viruses or hackers, thereby further lifting the rights or deleting files, so we should try to close the file sharing. There are several ways to delete the default share. For example, you can use the net share c$ /delete command to turn off the default sharing function of the c drive.
assign permissions to prevent the virus Trojan invasion Good server permission settings
can reduce the harm to a minimum, if the permissions settings for each IIS site is different, it is difficult to hacker attacks by marginal notes The way to invade the entire server. Here is a brief introduction to the method of setting permissions.
in the system in accordance with user privileges is a way to divide, to manage users, you can open the "Start → Programs → Administrative Tools → Computer Management → Local Users and Groups" in the server, you can see Manage all system users and user groups in the server.
when the server partition needs to have all of the hard disk into NTFS partition, then you can set permissions for each partition for each user or group open. The method is to right click on the folder that needs to set permissions, select "Properties → Security", you can set the permissions of the file or folder.
For the website, you need to assign an IIS anonymous user to each website, so when the user accesses your website file, the permission is only the website directory, which can prevent other websites. Invaded.
Component management makes unsafe components disappear
The server supports many components by default, but these components will also become a hazard. The most dangerous components are wsh and shell, because they can run on the server hard disk. Exe programs, such as they can run privilege programs to enhance Serv-u privileges and even use Serv-u to run higher-privilege system programs.
uninstall most insecure components, the simplest way is to simply delete the appropriate program files.
Tip: In addition to these security settings, some of the details of the operation also need attention, such as not to browse the Web on the server, server to install antivirus software, install software to prevent ARP attacks and other security procedures.