Don't let Windows Server 2008 provoke security threats

With Windows Server 2008, we can easily build our own servers on the LAN to allow random access to regular workstations with other systems. Although the security performance of Windows Server 2008 system is much higher than that of other systems, in the LAN environment, Windows Server 2008 still has the possibility of being illegally accessed by other LAN workstations. To this end, we can take some measures in time to cleverly hide the Windows Server 2008 system to avoid the leakage of private information in the server system.

1. Turn off network discovery function

In the same working subnet, other workstation users can easily find Windows Server 2008 on the LAN through the “Network Neighborhood” function. The server host, so that illegal users can take the opportunity to peek at the various private information in the server. In order to prevent the Windows Server 2008 server host from being searched by the "My Network Places" function of other workstations, we can temporarily disable the network discovery function that comes with the server system. In this case, the "image" of the Windows Server 2008 server host will not appear. The "Network Neighborhood" window of other workstations, so the possibility of server host encountering illegal access is greatly reduced; now, we will work together to close the network discovery function of the server system:

First log in to the Windows Server 2008 server system with super administrator privileges, right-click the "Network" icon in the desktop of the system, and execute the "Properties" command in the shortcut menu to enter the network and sharing center window of the local server system. Here we will see a lot of parameter settings related to shared access;

In order to prevent our Windows Server 2008 server host from appearing in the "My Network Places" window of other workstations, we can share and Find "Network Discovery" under the "Discovery" list Set the item and use the mouse to click the drop-down button next to the setting item to open the setting page shown in Figure 1. Here, we will see that the server system will automatically turn off the network discovery function by default, if we find this function When it has been enabled, you only need to re-check the "Close Network Discovery" option, click the "Apply" button, and finally restart the server system, so that other workstations on the LAN cannot be found in the My Network Neighborhood window. The Windows Server 2008 server is hosted, so that server system security can be effectively guaranteed.

Figure 1

Some people might ask, if you turn off network discovery server system, the network administrator in the server system I can't find other common workstations in the LAN through the Network Neighborhood window, so how can we avoid this shortcoming? To avoid this shortcoming, we can first enable the network discovery function by re-checking the "Enable Network Discovery" item in the "Network Discovery" setting item in the network and sharing center list window of the server system. Make sure that the server system can see other workstations in the LAN through the Network Neighborhood window, but at this time other workstations can also see the server system through the Network Neighborhood window; at this time, we also need the relevant key values ​​of the registry in the server system. Modify it to prevent the normal workstation from searching the server host through the Network Neighborhood window. Here is the specific modification procedure:

First open the server system's "Start" menu, select the "Run" command from it, and pop up In the system running dialog box, enter the string command "regedit", click the Enter key, and enter the registry editing window of the server system;

Secondly, in the left pane of the editing window, The mouse is positioned on the registry branch option KEY_LOCAL_MACHINE, and then the score is selected in turn. Under the "SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parameters" sub-item, in the right pane of the corresponding "parameters" sub-item, re-create a double-byte key value "hidden" and the key value The value is set to "1", and finally restart the server system, so we can find that although the server system has enabled the network discovery function, other workstations on the LAN cannot see the server host through the online neighbor window. However, the server host can see other workstations on the LAN.

2, close the public folder

In the LAN working environment, other When the workstation accesses the Windows Server 2008 server host, even if the network administrator does not set the shared folder in the server system, other users can still see the "public" folder through the online neighbor window. This is because the Windows Server 2008 server system is By default, the "public" folder is still automatically set to a shared folder, so that some illegal users can still illegally attack the server system through this shared "channel", or peek into the privacy of the server system. information. In order to avoid the security threat of the server system, we only need to close the public folder function automatically enabled by the server system as follows:

First log in to the Windows Server 2008 server system with super administrator privileges. Right-click the "Network" icon in the system desktop and execute the "Properties" command in the shortcut menu to enter the network and sharing center management window of the local server system;

Figure 2

Secondly, find the "Network Discovery" setting item from the Network and Sharing Center Management window, and click the drop-down button next to the setting item to open it. As shown in the setup page shown in Figure 2; from the description of the page, we see that once the public folder function is enabled, other users on the LAN can easily see the "public" folder in the server system; At this point, we can select the "Disable Sharing" option and click the "Apply" button next to the option, which will turn off the public folder function in the server system.

In addition to public folders, other users on the LAN can access hidden shared folders on the server system by default. These hidden shared folders are often used by illegal attackers, which may result in A security threat to the server. In order to prevent this threat from happening, we also need to use the command "net share C$ /del" to delete all hidden shared folders in the server system. However, after restarting the server system, these hidden shared folders are automatically generated again; for this, we can write the command code such as "net share C$ /del" to the batch file, and then open the server. In the system's Group Policy Edit window, locate the User Configuration /Windows Settings /Scripts branch option. In the right pane of the corresponding Script branch option, double-click the Add option and then generate the previous one. The batch file is selected for import, and finally the server system is restarted, so that the hidden shared folder in the server system is automatically deleted after the system is successfully booted.

Of course, in order to ensure a more secure server system, we can completely stop all kinds of shared services in the server to completely block the shared security vulnerability. To completely shut down various shared services, we just need to select the "Start" /"Run" command in the server system, enter the "services.msc" command in the pop-up system run box, click the Enter key to open the system service List window, find the system service option "server", and double-click the option with the mouse to open the property setting window of the service, in which the startup type of the "server" service is set to "disabled", and then click "stop" Buttons, so the server system can automatically stop all shared services.

3, prohibit ping server

In general, network administrators often Use the ping command to test whether the target workstation in the LAN can communicate. However, in many cases, the command will be used by some illegal elements, so that the data will be sent to the Windows Server 2008 server system. In order to ensure the security of the server system, we need to Find a way to let the server system refuse others to ping the command.

First log in to the Windows Server 2008 server system with super administrator privileges, click the "Start" /"Programs" /"Server Manager" command in the system desktop, and then pop up in the Server Manager window. In the left display area, select the Configuration /Advanced Security Firewall option;

In the middle of the corresponding options, we can clearly see many firewall settings, such as inbound rule settings, Outbound rule settings, etc. Considering that someone else pings the server system when testing the internal system, we can click on the inbound rule setting option here;

Then in the "Actions" list Click the "New Rule" item, select the "Custom" option, "All Programs" option in the wizard settings page that pops up, and then set the protocol type to "ICMPv4" (as shown in Figure 3); >

FIG. 3

when we choose to connect claim screen conditions, we need to select "block connection" item, then set according to the actual situation of the The application environment of the rule, and then take a suitable name for the newly created rule. After completing the above settings, restart the server system, so that no user on the LAN can ping the server system.