Win2003 IIS security configuration five-part (a)

Server security has always been a concern for the management of server personnel and website personnel, then if you have a win2003 server, what kind of settings we can guarantee Basically safe? This is the problem we should pay attention to. TC has found several methods from the Internet for everyone to use as a reference to compare.

First, the system installation 1, according to the Windows2003 installation CD prompts to install, by default 2003 did not install IIS6.0 in the system. 2, IIS6.0 installation Start menu & mdash; > Control Panel & mdash; > Add or remove programs & mdash; > Add /remove Windows components Application — — & mdash; ASP.NET (optional) | ——Enable Network COM+ Access (Required) | ——Internet Information Services (IIS)———Internet Information Service Manager (required) | ——public files (required) | ——World Wide Web Service———Active Server pages (required) | ——Internet Data Connector (optional) | ——WebDAV release (optional) | ——World Wide Web Service (required) | —— include files on the server side (optional) and click OK —> Next to install. (See Appendix 1 for details.) If you want to install PHP, you can install PHP and MySQL components, and test it by the way. Installing the PHP component to support IIS 3. Update the system patch Click the Start menu —>All Programs—>Windows Update Follow the prompts to install the patch. 4, backup system Use GHOST backup system. 5, install commonly used software For example: anti-virus software, decompression software, etc.; after installation, configure anti-virus software, scan system vulnerabilities, use GHOST to back up the system again after installation. 6. Close the unneeded port and enable the firewall to import the IPSEC policy. In the "Network Connection", delete the unnecessary protocols and services. Only the basic Internet protocol (TCP/IP) is installed here. Bandwidth traffic service with additional QoS package planner installed. In the advanced tcp/ip settings – NetBIOS”Set" disable NetBIOS(s) on tcp/IP". In the advanced options, use “Internet Connection Firewall> This is the firewall that comes with Windows 2003. It has no functions in the 2000 system. Although it has no function, it can shield the port. This has basically achieved an IPSec function. Modify the 3389 remote connection port Modify the registry. Start – run – regedit and expand HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/TERMINAL SERVER/WDS/RDPWD/TDS/TCP. The right value of PortNumber is changed to the port number you want to use. Note that using decimal (example 10000) HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/TERMINAL SERVER/WINSTATIONS/RDP-TCP/The port number in the right key value is changed to the port number you want to use. Note the use of decimal (example 10000) Note: Don't forget In the WINDOWS2003's own firewall to + 10000 port modified. Restart the server. The settings take effect.