Computer Shop News
The Windows 2000 Server operating system is an operating system widely used on PC servers. This paper analyzes the security risks of the operating system during installation and operation, and proposes corresponding preventive measures to improve system security and anti-virus attack capabilities.
Keywords: operating system security risks
As we all know, Microsoft's Windows 2000 Server operating system is recognized by the majority of users because of its convenient operation and powerful functions. More and more applications The system runs on the Windows 2000 Server operating system. In daily work, some administrators do not pay attention to security precautions when installing and configuring the operating system, resulting in the end of the system installation, and computer viruses are also invaded into the operating system. How to build a secure operating system is a concern of security managers.
I. Analysis of operating system security risks
(1) Installation hidden dangers
When installing Windows 2000 Server operating system on one server, there are mainly the following hidden dangers:
1. Install the server into the network. The Windows 2000 Server operating system has a security vulnerability during installation. When the Administrator password is entered, the system automatically establishes the sharing of ADMIN$, but does not protect it with the password just entered. This situation continues until after it is started again. In the meantime, anyone can enter the machine through ADMIN$; at the same time, as soon as the installation is over, the various services will run automatically, and the server is full of vulnerabilities, and the computer virus is very easy to invade. Therefore, it is very wrong to install the server into the network.
2. The operating system shares a disk partition with the application system. When the operating system is installed, installing the operating system and the application system on the same disk partition will cause the attacker to obtain the access rights of the application system through the operating system vulnerability, which may affect the safe operation of the application system.
3. Install in FAT32 file format. The FAT32 file format does not restrict user access to files, which can lead to insecure systems.
4. Use the default installation. When the operating system is installed by default, some components with security risks, such as IIS, DHCP, and DNS, are installed automatically, which causes a security hole after the system is installed.
5, the system patch installation is not timely and not comprehensive. After the system is installed, the system patch is not installed in time, resulting in virus intrusion.
(2) Hidden dangers
During the system operation, there are mainly the following hidden dangers:
1. Default sharing. After the system is running, some hidden shares are automatically created. One is C$ D$ E$ root shared directory for each partition. The second is the shared directory for ADMIN$ remote management. The third is IPC$ empty connection. The fourth is NetLogon sharing. Fifth, other systems share by default, such as: FAX$, PRINT$ sharing, etc. These default shares bring a great hidden danger to the safe operation of the system.
2. Default service. After the system is running, many services with security risks are automatically started, such as Telnet services, DHCP Client, DNS Client, Print spooler, Remote Registry services, SNMPServices, Terminal Services, and so on. These services can be disabled if they are not needed in actual work.
3. Security policy. After the system is running, by default, the system's security policy is not activated, which reduces the system's operational security.
4. Administrator account. After the system is running, the Administrator user's account cannot be deactivated, which means that the attacker can try to guess the password of the account over and over again. In addition, setting a simple user account password also brings hidden dangers to the operation of the system.
5, page file. A page file is a hidden file used to store portions of programs and data files that are not loaded into memory. The page file may contain some sensitive information, which may cause system information to leak.
6. Share files. By default, everyone has full control over the newly created file share, which is very dangerous and should restrict access to shared files.
7, Dump file. The Dump file is a useful resource for finding problems when the system crashes and blue screens. However, it can also provide the attacker with some sensitive information, such as the password of some applications, causing information leakage.
8, WEB service. The IIS service and FTP service that comes with the system itself have security risks, which may cause the system to be attacked. Second, security countermeasures
(1) Installation measures
When performing system installation, take the following countermeasures:
1. In complete installation, Before configuring the operating system and installing system patches for the system, do not connect the machine to the network.
2. When installing the operating system, it is recommended to divide at least three disk partitions. The first partition is used to install the operating system, the second partition is for IIS, FTP, and various applications, and the third partition is for important data and log files.
3. Install the operating system in NTFS file format to ensure the security of files and control user access rights to files.
4. When installing system components, do not use the default installation, delete the IIS, DHCP, DNS and other services selected by default.
5, after installing the operating system, you should first install the application system on it, and then install the system patch. The installation system patch must be comprehensive.
(2) Operation Countermeasures
When the system is running, take the following countermeasures:
1. Turn off the system default share
Method 1: Use batch processing The file automatically deletes the share after the system is started. It is preferred to enter the <quo;Net Share” command at the Cmd prompt to view all shared directories that the system automatically runs. Then create a batch file SHAREDEL.BAT, put the batch file into the scheduled task, set to run every time you boot. The contents of the file are as follows:
NET SHARE C$ /DELETE
NET SHARE D$ /DELETE
NET SHARE E$ /DELETE
……
NET SHARE IPC$ /DELETE
NET SHARE ADMIN$ /DELETE
Method 2: Modify the system registry to disable the default sharing function. Create a new double-byte entry "Local share" in Local_Machine\\ System\\ CurrentControlSet\\Services\\Lanmanserver\\parameters with the value "“0”".
2. Delete unnecessary unwanted network protocols
Delete NWLink NetBIOS protocol in network protocol, NWLink IPX/SPX/NetBIOS protocol, NeBEUI PROtocol protocol and services, etc., only keep TCP/IP network communication protocol.
3. Turn off unnecessary security risks
Users can turn off the security risks that the system shown in Table 1 automatically runs according to the actual situation.
Table 1 Service Tables to Be Closed 4. Enable Security Policy
Security policies include the following five aspects:
(1) Account lockout policy. Set the account lockout threshold, and lock the account after 5 invalid logins.
(2) Password policy. First, the password must meet the complexity requirements, that is, the password must include letters, numbers, and special characters, such as: +_()*&^%$#@!?><”:{ on the up key } and other special characters. Second, the server password length is set to at least 8 characters. The third is the longest retention period of the password. Generally set to 1 to 3 months, ie 30-90 days. The fourth is the minimum password retention period: 3 days. The fourth is mandatory password history: 0 remembered passwords. The fifth is to “use passwords for all users in the domain to store passwords” and disable them.
(3) Audit strategy. It is turned off by default when it is installed. Activating this function is beneficial for the administrator to master the state of the machine and facilitate the intrusion detection of the system. You can learn from the log whether the machine is being attacked by brute force, illegal file access, and so on. Turning on security auditing is the most basic method of intrusion detection in the system. When an attacker attempts to invade a user's system in some way (such as attempting a user's password, changing an account policy, unauthorized file access, etc.), it is recorded by a security audit. Avoid being unable to detect in time that the system has been compromised and the system has been damaged. It is recommended to review at least three events, login events, account login events, and account management.
(4) & ldquo; User Rights Assignment & rdquo;. In "User Rights Assignment", set the "force shutdown from remote system" permission to prevent anyone from having this permission to prevent hackers from shutting down the system remotely.
(5)<quo;Security Options”. In the "Security Options" option, the "Additional Restrictions on Anonymous Connections" will be changed to "Allow the enumeration of SAM accounts and shares". You can also disable the establishment of an empty connection by modifying the value in the registry, changing the value of Local_Machine \\System\\CurrentControlSet\\Control \\LSA-RestrictAnonymous to “1”. If there is no such key value in the LSA directory, you can create a new double-byte value named "restrictanonymous", the value is "1", hexadecimal. This can effectively prevent the use of IPC$ empty connections to enumerate SAM accounts and shared resources, resulting in the disclosure of system information.
5, strengthen the management of the Administrator account and the Guest account
Rename the Administrator account, create a trap account named "Administrator", the password is more than 10 complex passwords , its permissions are set to the lowest, that is: set it to not belong to any group, and through security audit, to find the attacker's invasion attempt
of Windows 2000/XP Although the stability of Windows 2000/XP system based on NT architecture has bee
You have implemented IPsec to protect communications within your corporate LAN. Although you have ca
A new performance detection tool is included in the Windows Server 2008 operating system: Windows Pe
Everyone must remember the system restore function of Windows XP, but it can only resto
Windows 2003 reminds Microsoft: In the next two years, it will show its strengths
Several common faults in Windows Server 2003
Win2008 R2 Domain Controller: Careful Planning of RODC
Easy to implement infrared communication support in Windows 2003
Using Win2008's own tools to monitor system reliability
Win2003 server optimization settings
Windows 2008 desktop icon changes
How to configure and manage Win2003 system services
Windows 2003 system also play picture collection screensaver
Detailed Win2000 webpage can not be opened to solve
Examples explain the Windows 2003 partition capacity enhancement function
How to create a virtual network card in the Win8 system
Does Windows 7 have a requirement for a computer CPU?
Win10 mobile version install Android apk application tutorial
After reinstalling the system, the boot prompt can not load file solution
Thunder Wireless Sharing Assistant Installation Tutorial
Win7 system to create a wireless router graphic tutorial
Three-step setup allows multi-core CPUs in Win 7 to perform at their maximum performance
Surface Pro listing date has been determined
How to view system startup items tips by command
Windows XP operating system often encounters network failure analysis (4)