Tips for securing Win2008 remote control security

  

In a slightly larger LAN operating environment, network administrators often use remote control to manage servers or important work hosts; although this control can improve network management efficiency, but remote control provides security. Threats are often easily overlooked by managers. In order to ensure the security of the server remote control operation, the Windows Server 2008 system has been specifically strengthened in this respect, and many new security functions have been introduced. However, some functions are not enabled by default, which requires us to act on our own. The system is properly configured to ensure remote control of the security of the Windows Server 2008 server system. 1. Only allow designated personnel to perform remote control. If any ordinary user is allowed to remotely control the Windows Server 2008 server system at will, then the security of the server system is definitely difficult to be effectively guaranteed. In view of this, we can make appropriate settings for the Windows Server 2008 server system, allowing only designated personnel to remotely control it through the remote desktop connection. Here are the specific setup steps: First open the Windows Server 2008 server system desktop & ldquo; start & rdquo; menu, from which to expand the "Program" & rdquo;, "Administrative Tools", "Server Manager" option, in the corresponding System Server Manager console window that appears later, click on the left child window In the grid, the "Server Management" node option, then select the "Server Summary" setting item under the target node branch, and then click "Configure Remote Desktop" to enter the setting dialog for remote control of Windows Server 2008 system. Box; Secondly, click the “Select User” button in the “Remote Desktop” dialog box of the settings dialog box to open the setting interface as shown in Figure 1. From this we can see that the Windows Server 2008 server system can be remotely located. Control all user accounts once you see When there is a strange user account or an untrusted user account, we can select it and click the “Delete” button to remove it from the system; then click the “Add” button in the corresponding settings interface. Open the User Account Settings dialog box, select and add the specified administrator user account, and then click the “OK” button to end the user account setting operation. As a result, the Windows Server 2008 server system will only allow the specified system in the future. The administrator performs remote management operations on it without allowing any other users to remotely control it.

Figure 1

2, refuse Administrator attack test with the traditional server operating systems, Windows Server 2008 server system will still use the Administrator account by default to complete the system login operation, because of In this way, the Administrator account is particularly vulnerable to exploitation by some illegal attackers. They attempt to log in to the server by cracking the password of the Administrator account and try to test it. In order to refuse an illegal attacker to use the Administrator account for attack testing, we can set up the Windows Server 2008 server system as follows: First click on the Windows Server 2008 server system desktop, click the "Start" "/“Run” command, in In the system running text box that pops up, enter the “Secpol.msc” parameter command and click the Enter key to open the local security group policy console window of the corresponding system. Secondly, on the left side of the local security group policy console window. Display the area, point the mouse to the “Security Settings” node option, and select ““Local Policies"/“Security Options> under the target node branch to find the target under the corresponding <;Security Options" branch Security Group Policy "Account: Rename System Administrator Account", and right-click the Group Policy option to execute the “Properties" command from the shortcut menu that appears, open “Account: Rename System Administrator account”Group Policy attribute setting pair Click the "Local Security Settings" tab in the dialog box to open the tab settings page shown in Figure 2, where we can change the name of the Administrator account to a name that is not easily guessed by others. For example, you can modify it to “guanliyuan”, and finally click the “OK” button to save the above settings, so that an illegal attacker attempts to attack the Windows Server 2008 server system through the Administrator account. Once successful, the security performance of the server system can be effectively guaranteed.

Figure 2

3, modify the telnet port security remote connection telnet command is a Windows Server 2008 server system default telnet program, because the program is integrated directly in the server system and It is convenient to use, so the network administrator often uses the program when managing the server. However, when using the telnet command to remotely control the server system, the control information is often transmitted in clear text on the network. Some malicious attackers can easily intercept control information such as account names and passwords. The telnet program's authentication method also has obvious weakness, that is, it is particularly vulnerable to attacks by others. Considering the telnet command for remote control of the Windows Server 2008 server system, the default network port is generally used automatically, and the port is almost familiar to everyone. To protect the security of the telnet remote connection, we only need Modify the default network port number of the program as follows to prevent others from using the telnet command to remotely control the server system: First click on the Windows Server 2008 server system desktop and click Start & rdquo;/“ ” command, in the pop-up system run text box, enter the “ cmd & rdquo; string command, click the Enter key, open the corresponding system DOS command line work window; Second, in the DOS window command line prompt, Enter the string command <;tlntadmn config port=2991” (where “2991” is the modified new port number), in order to prevent the newly set network port number from conflicting with the existing port number of the system, we must ensure that the input here The new port number cannot be set to Know the port number of the system service; after confirming that the above string command is entered correctly, click the Enter key, the port number used by the telnet command will automatically change to “2991”, and the network administrator must know the new port. The number can be used to remotely control the Windows Server 2008 server system using this program. Of course, we can not remotely modify the telnet port number of the Windows Server 2008 server system. We just need to open the DOS command line work window on the local client system and enter the string command at the command prompt of the window. “tlntadmn config server port=2991 -u xxx -p yyy ” (Server represents the host name or IP address of the remote server system, port=2991 is to be changed to the remote login port number, xxx is the username of the login server system, Yyy is the password corresponding to the user account. After clicking the Enter key, the telnet port number of the remote server system becomes “2991”. 4. Forcibly using complex passwords to prevent brute force cracking if the remote login password of the Windows Server 2008 server system When the setting is not complicated enough, the illegal remote control user may violently crack the login password. In fact, many network administrators often set the remote login password of the server system for easy memory. Simple, this is invisible The attacker provides the opportunity for brute force attack, and the security of the remote control operation is also seriously threatened. To do this, we can perform the following settings on the Windows Server 2008 server system to enable the password policy that comes with the system to force the user. You must set a more complicated password for the remote control account: First, click the “Start” "Start" In the tool list window, double-click the “Local Security Policy” icon in the mouse to open the local security settings dialog box of the corresponding system. Secondly, display the area on the left side of the setting dialog box, and select the account policy with the mouse. ” branch option, then select the “password policy" subkey under the target branch option, and display the area on the right side of the corresponding "password policy" sub-item, we will see six setting strategies for passwords. Option, double click on the "The password must match the complexity" Sexual requirements & quoquo; group policy options, open the target group policy attribute settings window shown in Figure 3; check whether the "already enabled" option is selected, if it is found that the option has not been selected, we should promptly Re-select it, and then click the "OK" button to save the above settings, so that the remote login password of the Windows Server 2008 server system is not complicated enough, the system will automatically pop up the relevant prompts;

Next, we will then click on “Force Password History”, “Last Password Length”, “Restore Password with Recoverable Encryption”, “Last Password Usage Period”, “ The minimum password usage period & rdquo; and other strategies to modify on-demand, and finally click the "OK" button to complete all settings, so that the remote login password can be forced to set up complex.

Figure 3

Copyright © Windows knowledge All Rights Reserved