Network security should be a key point of network management. How to build a secure enterprise network is an important task for every enterprise network management. Windows 2000 Advance Serve is one of the more popular server operating systems. But to safely configure Microsoft's operating system is not an easy task. Below I have my own work experience, talk about the security settings of the Windows 2000 Advance Serve network.
First, customize your own Windows 2000 Advance Serve
1. Version selection: Win2000 is available in various languages. For us, you can choose English or Simplified Chinese. I strongly recommend: If the language does not become an obstacle, please use the English version. You know, Microsoft's products are known as Bug & Patch, the Chinese version of the Bug is far more than the English version, and the patch will generally be at least half a month later (that is, the general Microsoft released the vulnerability after your machine There will be half a month in an unprotected condition).
2. Component installation: Win2000 performs a typical installation by default, but this installed system is fragile and not secure enough, according to security principles, minimum service + minimum permissions = maximum security. Please make a reasonable configuration according to the requirements of your own server.
3. The server is managed separately according to the purpose: that is, if you make servers with different functions according to various needs of the enterprise, in principle, one service server only provides separate services, such as domain controller, file server, backup server, WEB. Server, FTP server, etc.
Second, a reasonable installation of Windows 2000 Advance Serve
1. To install Windows 2000 Advance Server, it is recommended to have at least two CREATE partitions, one system partition, and one application partition.
2. The choice of order: Windows 2000 Advance Serve must be noted in the order of installation:
First of all, Windows 2000 Advance Serve has a vulnerability in the installation, after you enter the Administrator password, the system is established The sharing of ADMIN$, but did not protect it with the password you just entered, this situation continues until after you start again, during this time, anyone can enter your machine through ADMIN$; as long as the installation is complete The various services will run automatically. At this time, the server is full of vulnerabilities and is very easy to access. Therefore, before installing and configuring Win2000 Server completely, you must not connect the host to the network.
Secondly, the patch installation: the patch installation should be after all the applications are installed, because the patch often needs to replace/modify some system files. If the patch is installed before installing the application, the patch may not be installed. Play the desired effect.
Third, security configuration Win2000 Server
Even if the Win2000 SERVER is installed correctly, the system still has a lot of vulnerabilities, and further detailed configuration is needed.
1. PORT:PORT is the logical interface between the computer and the external network. The correct port configuration directly affects the security of the host. Generally speaking, it is safer to open only the port you need to use. The configuration method is in the network card attribute-TCP/Enable TCP/IP filtering in IP-Advanced-Options-TCP/IP Filtering.
2. IIS: IIS is the most vulnerable component of Microsoft's components, so the configuration of IIS is our focus:
First, DELTREE C: INETPUB, in the creat Inetpub outside the c drive, point the home directory in IIS Manager x:Inetpub;
Secondly, the default virtual directory for scripts such as IIS is deleted.
Third, application configuration: delete any unnecessary use in IIS Manager. Mapping, must refer to ASP, ASA and other file types that you really need to use, for example, you use stml, etc. (using server side include), in fact, 90% of the hosts have the above two mappings, In the IIS Manager, right click on Host -> Properties -> WWW Service Edit -> Home Directory Configuration -> Application Mapping to delete the mappings you don't need.
Finally, to be on the safe side, you can use the backup function of IIS to back up all the settings, so you can restore the security configuration of IIS at any time.
First, the role of the brief SNMP is the abbreviation of Simple Network Management Protocol, the Ch
Users who have used Windows XP know that there is a very intimate and practical function in Windows
It is well known that many applications of Windows not only have executable EXE files, but also need
Windows 2003 server is a brand new operating system, although it is server-based, but it also has it
Setting up a secure file server with Server2003
Configure Windows 2008 RC1 as Vista to use
Windows 2008 performance is higher than Vista
Active Directory Backup and Recovery (3)
Let Windows 2000 services run better
Customized and secure Win 2003 operating system (below)
How does Windows 8 quickly view system properties in Explorer?
Experts close the window into the Windows window has a trick
BT download full Raiders: How to effectively control P2P traffic
Win10 patch KB3119142 and then remind the installation solution
Windows 7 Ultimate system Bluetooth driver installation failure how to solve
Why does the Win10 Build 10565 Quick Preview version have an ISO image download address?
You ask me to answer: Deep analysis of Windows security mode
Windows XP will add five major feature anti-spyware software