Windows system >> Computer software Tutorial >> Server technology  >> About the server

Network administrators maintain anti-black skills in the server process

  
                  1. Patching
Microsoft's style is a small supplement for three days, a big supplement for five days, too many loopholes, a little better, use "Start - Windows Update" and then put all the patches Go in 2. Delete the default share
2.1 Delete the IPC$ share The default installation of Win2k is easy for the attacker to get the account list, even if the latest Service ack is installed. There is a default shared IPC$ in Win2k, and there are also such as admin$ C$ D$, etc., while IPC$ allows anonymous users (ie, unlogged users) to access, using this default share to get a list of users. How to prevent this, it is very simple in the "Administrative Tools\\Local Security Policy\\Security Settings\\Local Policies\\Security Options" "Additional restrictions on anonymous connections" can be modified to "do not allow enumeration of SAM accounts and shares." It can prevent most of these connections, but it's not finished. If you use NetHacker, you can get all the account names by using an existing account. Therefore, we still need another way to back it up, (1): Create a file startup.cmd, the content is the following line of command "net share ipc$ delete" (excluding quotes) (2): scheduled tasks in Windows Add a task to execute the above startup.cmd, and the schedule is "execute when the computer starts." Or put this file in "Start - Program - Start" and let him delete the ipc$ share as soon as it is started (3): Restart the server. 2.2 Delete the admin$ share to modify the registry: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parameters increase the AutoShareWks subkey (REG_DWORD), the key value is 0 2.3 Clear the default disk share (C$, D$, etc.) Modify the registry: HKEY_LOCAL_MACHINE \\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parametersAdd AutoShareServer subkey (REG_DWORD), key value is 0 3. Modify default user name
"Administrative Tools\\Local Security Policy\\Security Settings\\Local Policies\\Security Options "Rename the guest account in "" is to change the name of "guest" to abc or other name. The machine login name is also set to "abc" or other name, and then rename the system administrator account. "Also change it. Once I was bored, I used a stream of smack to scan my IP segment and found that the administrator name of the N Internet cafe server is the default Administrator and it is a simple password. If someone wants to get a meat machine, it is very simple. At this point, the server can be run safely and steadily, of course, don't forget to restart your server in a day or two. SQL Server Security Settings
First of all, close the default 1433 of sql (it seems to be this). It is OK to delete the TCP/IP protocol of sql. After deleting it, it cannot be used remotely. Things, sa set the password for the password is number plus letters, etc., I don't have to say more about the administrator. Don't forget to set the password. In the tcp /ip protocol, turn off all the useless port local connection status - attribute - tcp /ip protocol - advanced - option - tcp /ip filter - only allow tcp port open 80 (website port) open 21 (ftp port - can be opened or not) 55019 (miracle private service port) 44405 (miracle private service port) The above is for the use of the server directly without routing.
The use of routing see the following
mapping the following ports on the OK open 80 (website port) open 21 (ftp port - can be opened or not) 55019 (miracle private service port) 44405 (miracle private service port Of course, you have to set up the above. Oh, then the security problem of asp. Please use the fishserver tool. There is no such thing as using the asp vulnerability to change your data. This set of tools has a very convenient setting in the miracle of Dream 1.05.

About the server
Windows system
Ban web and other directories to execute exe, bat, com methods

                   Still being hacked for the site. Worried about being able to run executable files
What permissions do I need to join the domain?

                  Use the administrators account to join the computer to the domain. Can I use anoth
Serv-U8.0 adds the skills of anonymous users

Friends who are familiar with FTP know that anonymous users do not need to enter a username and pass
CA (Certificate Authority) Server Configuration Diagram Process

Test Topology: Test Content and Topology Description: Test Content: Independent Root CA Server and I
IIS logging time is not correct

When viewing the IIS website access log, it is found that the time recorded in the IIS log is incorr
Graphical tutorial for configuring Php+Mysql+zend under IIS

                  There are a lot of tutorials about PHP configuration under IIS on the Internet, bu
  • DNS server
  • FTP server
  • Web server
  • Proxy server
  • Mail server
  • Server synthesis
  • About the server

    • Let your Win XP "crash" also play personality

    Windows 8 version of QQ card dead Tencent out solution

    Five steps to pay attention to the website replacement server

    How to repair system win10? Win10 repair system graphic tutorial

    How to view the upgradeable version of Win10 installed

    Win10 sidebar can not be opened in some cases can not open how to solve

    Easily solve the common problems of the six major graphics cards

    How to merge hard disk partitions with Win7 system

    How to shield the smart arrangement function in Windows 7

    How to fix IP in Win10 without using third-party software?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved