Regardless of which aspect of security, mentioning security is to say that the security of the system, the security of the network, but today is mainly about the security of the DNS, I do not know if you pay attention to it? Ensure Windows Server 2003 The domain name system (DNS) security on the domain is a very basic requirement. Active Directory (AD) uses DNS to locate the resources required by domain controllers and other domain services (such as files, printers, mail, etc.). Since DNS is an integral part of the Active Directory domain system, it should be secure from the start.
When installing DNS on Windows Server 2003, do not modify the default settings of "Active Directory Integration DNS". Microsoft began offering this setting in 2000.
This means that the system only stores DNS data on the Dns server, and does not save or copy information about the domain controller and the global directory server. This not only improves the speed of operation, but also improves the operational efficiency of the three servers.
Encrypting the data transfer between the DNS server and the client (or other server) is also critical. DNS uses TCP/UDP port 53; by filtering this port at different points on your security perimeter, you can ensure that the Dns server only accepts authenticated connections.
In addition, this is also a good time to deploy IPSec to encrypt the data transmission between the DNS client and the server. Turning on IPSec ensures that communication between all clients and servers is confirmed and encrypted. This means that your client only communicates with authenticated servers and helps prevent requests from being spoofed or compromised.
After configuring the DNS server, continue to monitor the connection, just as you pay attention to other high-value targets in the enterprise. The Dns server requires the available bandwidth to serve the customer's request.
If you see a large number of network traffic on a source machine towards a DNS server, you may have suffered a "denial-of-service" (DoS). Cut the connection directly from the source, or disconnect the server's network connection until you investigate the problem. Remember that a successful DoS attack on the Dns server will directly cause the Active Directory to crash.
With the default settings (Dynamic Security Update), only authenticated clients can register and update portal information on the server. This can prevent an attacker from modifying your DNS portal information, thereby misleading customers into carefully crafted websites to steal important information such as financial information.
You can also use quotas to block client flood attacks on DNS. Clients can usually only register 10 records. By limiting the number of targets a single customer can register, you can prevent a client from doing DoS attacks on its own Dns server.
Note: Make sure you use different quotas for DHCP servers, domain controllers, and multi-homed servers. These servers may need to register hundreds of targets or users depending on the features they provide.
The DNS server will respond to any query request within an authorized zone. To hide your internal network architecture from the outside world, you usually need to set a separate namespace, which generally means that one DNS server is responsible for your internal DNS architecture, and the other DNS server is responsible for the external and Internet DNS architecture. By preventing external users from accessing the internal Dns server, you can prevent the disclosure of internal non-open resources.
Finally
Now you should know the importance of DNS, security is the first. Whether you are running a Windows network or a mixture of UNIX and Windows, DNS security should be at the heart of your network. Take steps to protect the DNS from external and internal attacks.
We all know that Win2003 system is a safer and more stable system, but you can not think of it as a
Since upgrading the system to Win8.1, every time you turn on the Internet connection must be used tw
We always hope to dig deep into the systems ability to make our computer run more quickly and effici
Remote desktop is an indispensable part of Win2003 system, it is connected with ActiveX control, som
Fun Win2003! Create a RAID trick
Win2003 Tip: Firewall Settings
Four steps to easily extract Win2003 system startup group
Tips to prevent Win2003 from being attacked by ARP
Exploring the mysterious world of Win2003 remote desktop
Policy with Win2003 Remote Desktop User Permissions
How to improve the security factor of Windows 2003 system
Distributing software, a magical Win2003 offload function
Application points of multi-WAN port routers
About the implementation of local group policy of win 2003 system
Briefly introduce the configuration method of the web server
About the configuration of printers and related servers in win 2003
Red police 2 Republic's Hui win7 can not full screen solution
Win7 Ipv6 no network access solution
How to recover deleted files in windows7 Recover deleted files tips
Microsoft Win10 SDK Developer Tools have been officially released with download address
Win7 file associated file and program "marriage" (1)
Linux FTP server build tutorial
How to uninstall program win10?
How to retrieve the recycle bin and sidebar
Failure that cannot be displayed when Vista browses the webpage
What should I do if the Windows 2008 LAN cannot discover shared resources?