Basic WEB server security settings in windwos2003 settings mode

Web security is one of the most common services provided by the system, but the security of web server still has these vulnerabilities, which makes people very annoyed. Now Xiaobian will introduce how to realize the security of web server under win2003. Settings. 1. Install the patch After installing the operating system, complete the patch installation before hosting. After configuring the network, win2003 is best to install SP1, then click Start → Windows Update to install all the critical updates. 2, install anti-virus software Recommended two anti-virus software, one is Rising, one is Norton, Rising kill Trojan is better than Norton, but there is a problem with Rising will be ASP dynamic can not access, then need to be repaired The specific steps are: Turn off all real-time monitoring of anti-virus software, script monitoring.输入 Enter the following commands in the Dos command line and press Enter (Enter) ) key: regsvr32 jscript.dll (command function: fix Java dynamic link library) regsvr32 vbscript.dll (command function: fix VB dynamic link library) ╰═══════════════╯╰═ ══════════════╯ The characteristics of the ASP Trojan are that you can avoid the anti-virus software by some means, so not all anti-virus software can kill all Trojans. 3, set port protection and fire 2003 port shielding can be solved by its own firewall, more flexible, desktop & mdash; > network neighborhood & mdash; > (right click) attribute & mdash; > local connection & mdash; > ) Attribute —>Advanced—> (checked) Internet Connection Firewall —>Set the service port to be used on the server. For example: a WEB server, WEB (80), FTP (21) Service and Remote Desktop Management (3389) In the "FTP server", "WEB server (HTTP)", "Remote Desktop" in front of the check mark to provide the service port is not inside, you can also click “ Add ” ammonium button to add, the specific parameters can refer to the original parameters in the system. Then click OK. Note: If you are managing this server remotely, first determine if the remotely managed port is selected or added. Permission Settings Principle of Permission Settings Most of the time in Windows, the permissions are divided by user (group). In the [Start → Programs & Rarr; Management Tools & Rarr; Computer Management & Rarr; Local Users and Groups] management system users and user groups. NTFS permissions settings, remember all partitions are divided into NTFS partitions when partitioning, and then you can determine the permissions each partition is open to each user. [File (clip) right click → attribute → security] Manage NTFS file (clip) permissions here. IIS anonymous users, each IIS site or virtual directory, can set an anonymous access user (now called it "IIS anonymous user", when the user accesses the site's .ASP file, this .ASP file The privilege is the privilege that this IIS anonymous user has. Disk Permissions The system disk and all disks only give the Administrators group and SYSTEM full control. The system disk \\Documents and S ettings directory only gives the Administrators group and SYSTEM full control permissions. The system disk \\Documents and S ettings\\All Users directory is only for the Administrators group. And SYSTEM full control permissions System disk \\Inetpub directory and all directories below, files only give the Administrators group and SYSTEM full control permissions System disk \\Windows\\System32\\cacls.exe, cmd.exe, net.exe, net1.exe file Only give full control to the Administrators group and SYSTEM 4. Disable unnecessary services Start menu —>Administrative Tools—>Service Print Spooler Remote Registry TCP/IP NetBIOS Helper Server The above is the default startup on Windows Server 2003 systems. Disabled in the service, the default disabled service does not start if there is no special need. Rename or uninstall unsafe components Do the above permission settings, FSO, XML, strem have no access to their own folders or site permissions, are no longer unsafe components. The most dangerous components are WSH and Shell, because it can run programs such as EXEs on your hard disk. For example, it can run a promotion program to improve SERV-U privileges and even use SERVU to run higher-privileged system programs. Careful decision to uninstall a component component is for application, not for insecurity, all components have its use, so before uninstalling a component, you must confirm that this component is not required by your website program Or even if it is removed, it will not be general. Otherwise, you can only keep this component and work on your ASP program itself to prevent others from coming in, rather than preventing others from coming in after SHELL. 5, uninstall the most insecure components The easiest way is to delete the corresponding program files after uninstalling directly. Save the following code as a .BAT file regsvr32/u C:\\WINDOWS\\System32\\wshom.ocx del C:\\WINDOWS\\System32\\wshom.ocx regsvr32/u C:\\WINDOWS\\system32\\shell32.dll del C: \\WINDOWS\\system32\\shell32.dll Then run it, WScript.Shell, Shell.application, WScript.Network will be uninstalled. You may be prompted to delete the file, leave it alone, restart the server, you will find that all three prompt "&"quo;;times; security". Renamed Unsafe Components It is important to note that the name of the component and Clsid must be completely changed. The following uses Shell.application as an example to introduce the method. Open the Registry Editor [Start → Run & Rarr; regedit Enter], then [Edit & Rarr; Find & Rarr; Fill in Shell.application & Rar; Find Next], use this method to find two registry entries: <; -C279-11CE-A49E-444553540000}” and “Shell.application”. To ensure that nothing is lost, export these two registry keys and save them as .reg files. For example, we want to make such a change. 13709620-C279-11CE-A49E-444553540000 Renamed 13709620-C279-11CE-A49E-444553540001 Shell.application Renamed Shell.application_ajiang Then, just put the contents of the .reg file just exported as above Replace the corresponding relationship, and then import the modified .reg file into the registry (double-click), after importing the renamed registry key, don't forget to delete the original two items. One thing to note here is that there are only ten numbers in Clsid and six letters in ABCDEF. The following is the modified code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\\CLSID\\{13709620-C279-11CE-A49E-444553540001}] @="Shell Automation Service" [HKEY_CLASSES_ROOT\\CLSID\\{13709620-C279-11CE-A49E -444553540001}\\InProcServer32] @="C:\\\\WINNT\\\\system32\\\\shell32.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\\CLSID\\{13709620-C279-11CE-A49E-444553540001}\\ ProgID] @="Shell.Application_ajiang.1" [HKEY_CLASSES_ROOT\\CLSID\\{13709620-C279-11CE-A49E-444553540001}\\TypeLib] @="{50a7e9b0-70ef-11d1-b75a-00a0c90564fe}" [HKEY_CLASSES_ROOT \\CLSID\\{13709620-C279-11CE-A49E-444553540001}\\Version] @="1.1" [HKEY_CLASSES_ROOT\\CLSID\\{13709620-C279-11CE-A49E-444553540001}\\VersionIndependentProgID] @="Shell.Application_ajiang" ; [HKEY_CLASSES_ROOT\\Shell.Application_ajiang] @="Shell Automation Service" [ ,null,null,3],HKEY_CLASSES_ROOT\\Shell.Application_ajiang\\CLSID] @="{13709620-C279-11CE-A49E-444553540001}" [HKEY_CLASSES_ROOT\\Shell.Application_ajiang\\CurVer] @="Shell.Application_ajiang.1" You can save this as Run a .reg file and try it out. 6. Prevent listing of user groups and system processes Use getobject("windows") to get a list of system users and system processes. This list may be exploited by hackers. We should hide them by: [start → program &rarr Management Tools → Services], find the Workstation, stop it, disable it. Preventing Serv-U privilege escalation After logging out of the Shell component, the possibility of the hacker running the promotion tool is very small, but other scripting languages ​​such as prel also have shell capabilities, just in case, set it up as well. Open ServUDaemon.exe with Ultraedit to find Ascii:LocalAdministrator, and #l@$ak#.lk;0@P, and modify it to other characters of equal length. ServUAdmin.exe also handles the same. Also pay attention to the permissions of the folder where Serv-U is located. Do not let IIS anonymous users have the permission to read. Otherwise, if someone goes away from the modified file, you can analyze your administrator name and password. Common methods and prevention of exploiting ASP exploits In general, these programs have upload functions. Hackers always aim at forums and other programs, and pass ASP Trojans. Even if permissions are set, Trojans can control all files on the current site. If the forum administrator closes the upload function, the hacker will find a way to get the super password. For example, if you use the web forum and the database forgets to change the name, you can directly download your database, and then find the forum administrator password is not far away. It is. As a forum administrator, we must first check our ASP program and make the necessary settings to prevent the site from being hacked. These cumbersome code looks a lot, but they only enable web server security settings to protect the system and protect your privacy.