Create a copper wall for the Win2003 server

Windows Server 2003 is one of the most popular server operating systems. Although it provides powerful network service functions and is easy to use, its security has been plagued by many network administrators. How to make full use of the various services provided by Windows Server 2003 to ensure the safe and stable operation of the server. Protect against viruses and hackers. The release of the Windows Server 2003 SP1 Chinese version of the patch package just solves this problem. It not only provides fixes for system vulnerabilities, but also adds many easy-to-use security features, such as the Security Configuration Wizard (SCW). Take advantage of the SCW feature's "Security Policy" to maximize server security, and the configuration process is very simple, let's look at it together! It is very clear that Windows Server 2003 system is to enhance its security. By default, many service components are not installed. To use it, you must install it manually. The function of SCW” is the same. Although you have successfully installed the patch package SP1, you also need to manually install the “Security Configuration Wizard (SCW)” component. After entering the "Control Panel", run “ Add or Remove Programs, and then switch to the "Add/Remove Windows Components" page. Next, select the “Security Configuration Wizard” option in the “Windows Components Wizard” dialog box, and finally click the “Next” button to complete the installation of the “SCW” component. The installation process is as simple as this, and then you can use the "SCW" to configure the security policy to enhance the security of the Windows Server 2003 server. Configure “Security Policy This is the original "Simple" In the Windows Server 2003 server, click “Start →Run”, execute the "SCW.exe” command in the Run dialog box, it will pop up &ldquo The Security Configuration Wizard & rdquo; dialog box begins your security policy configuration process. Of course, you can also go to the “Control Panel & Rarr; Management Tools” window and execute the “Security Configuration Wizard” shortcut to enable “SCW”. 1. Create a new “Security Policy” If you are using the “SCW” function for the first time, you must first create a new security policy for the Windows Server 2003 server. The security policy information is saved in a file formatted as XML. And its default storage location is "C:\\WINDOWS\\security\\msscw\\Policies”. Therefore, a Windows Server 2003 system can create multiple "security policy" files according to different needs, and can also modify the security policy file, but only one security policy can be applied at a time. In the "Welcome to the Security Configuration Wizard" dialog box, click the "Next" button to enter the "Configure Action" dialog box, because it is the first time to use "SCW", here to select “ create The new security policy & rdquo; single option, click on the "Next" button to start configuring the security policy. 2. Easily configure “roy" first enter the “Select Server” dialog box, enter the machine name or IP address of the Windows Server 2003 server to be securely configured in the "Server" column, click “Next” After the button, the Security Configuration Wizard will process the security configuration database. Then go to the "role-based service configuration" dialog box. In a role-based service configuration, you can configure Windows Server 2003 server roles, client roles, system services, applications, and management options. The so-called server "role" is actually a Windows Server 2003 server that provides various services, such as a file server, a print server, a DNS server, and a DHCP server. A Windows Server 2003 server can provide only one kind of server "role". , can also play a variety of server roles. After clicking the “Next” button, you will be taken to the “Select Server Role” dialog box. In this case, you need to check the role of your Windows Server 2003 server in the “Server Role List Box”. Note: In order to ensure the security of the server, just check the server role you need. Selecting the redundant server role option will increase the security risks of the Windows Server 2003 system. If the author's Windows Server 2003 server is only used as a file server, just select the "file server" option. Go to the “Select Client Features” tab to configure the “client function” supported by the Windows Server 2003 server. In fact, the client function of the Windows Server 2003 server is also well understood. The server provides various network services. At the same time, some client functions are required, such as Microsoft network client, DHCP client and FTP client. If necessary, check the client function you want in the list box. Similarly, for unwanted client function options, it is recommended that you deselect it. Next, go to the “Select Management and Other Options” dialog box. Here you can select the management and service functions provided by some Windows Server 2003 systems. The operation method is the same, just check the box in the list box. Management options are fine. After clicking "Next", you will also need to configure some additional services for Windows Server 2003 systems. These additional services are generally provided by third-party software. Then go to the "Unspecified service" dialog box, where "unspecified service" means that if this security policy file is applied to other Windows Server 2003 servers, some services provided in this server are not available. Listed in the security configuration database, then what state should these services not listed be running? Here you can specify their operating status, it is recommended that you select “ do not change the enable mode of this service & rdquo; single option. Finally, go to the “Confirm Service Changes” dialog box and finalize your configuration to complete the role-based service configuration. 3. Configuring Network Security This completes the role-based service configuration. However, the various services included in the Windows Server 2003 server provide service content through one or some ports. To ensure the security of the server, Windows Firewall does not open these service ports by default. The following can be used to open the ports required for each service through the "Network Security" configuration wizard. This guided configuration process is simpler, more convenient and safer than manually configuring the Windows Firewall. In the "Network Security" dialog box, you must open the selected server role, the management functions provided by the Windows Server 2003 system, and the ports used by the services provided by the third-party software. After clicking the “Next” button, open the desired port on the "Open Port and Allow Application" dialog box, such as the required "20 and 21" ports for the FTP server, & ld for the IIS service. ; 80 & rdquo; port, etc., here to remember "minimize" principle, as long as you select the port option to be open in the list box, and finally confirm the port configuration, here to pay attention: other ports that do not need to use, I suggest you Do not open, so as not to pose a security risk to the Windows Server 2003 server.
4. Registry Settings Windows Server 2003 servers provide a variety of services to users on the network, but user-server communications are likely to contain "unfriendly" access, such as hackers and virus attacks. How to ensure the security of the server and minimize the access of illegal users can be easily achieved through the “Registry Settings” wizard. Use the registry setup wizard to modify some special key values ​​in the Windows Server 2003 server registry to strictly restrict user access. Users can set the SMB security signature " The limit guarantees the safe operation of the Windows Server 2003 server and eliminates the hassle of manually modifying the registry. 5. Enable “Audit Policy  Smart network administrators use the logging feature to analyze the health of the server, so it is important to enable the auditing policy appropriately. The SCW feature also takes these into account, and it is easy to enable the auditing strategy with a wizard-based operation. In the "System Audit Policy" configuration dialog, you should choose the audit target reasonably. After all, too many events in the log record will affect the performance of the server. Therefore, users are advised to select the "Manage successful operation" option. Of course, if you have special needs, you can also choose other options. Such as "Do not review & rdquo; or "check successful or unsuccessful operations" option. 6. Enhancing IIS Security The IIS server is one of the most widely used services on the network and the most vulnerable service in Windows. How to ensure the safe operation of the IIS server, to maximize the protection from hackers and viruses, this is also a problem to be solved by the SCW function. Use the “Security Configuration Wizard” to easily enhance the security of the IIS server to ensure its stable and safe operation. In the "Internet Information Services" configuration dialog, use the configuration wizard to select the web service extension you want to enable, the virtual directory to maintain, and set the anonymous user's write access to the content file. This way the security of the IIS server is greatly enhanced. Tip: If your Windows Server 2003 server is not installed and running IIS services, the IIS Security Configuration section will not appear during SCW configuration. After completing the above steps, go to the Save Security Policy dialog box. First, give the name of the security policy you configured in the “Security Policy File Name” dialog box. Finally, in the “Apply Security Policy” dialog box. Select the "Apply now" option to have the configured security policy take effect immediately. Using SCW to enhance the security performance of Windows Server 2003 server is as simple as that. All parameter configuration is done through the wizard dialog box, eliminating the manual and cumbersome configuration process. SCW function is an effective combination of security and ease of use. point. If your Windows Server 2003 system already has the SP1 patch installed, try SCW! Note: Most of the information collected from the Internet is collected and used for study and research purposes only. If there is any infringement of your copyright, please write to us that the site will be corrected immediately.