windows主机安全设置（国外英文资料）.doc

windows主机安全设置（国外英文资料） [original] Windows host security Settings Article title: [original] Windows host security setting top code can be released at: 2005-08-02 21:07 [original] Windows host security Settings Article author: canned code [E.S.T.] Information source: the evil octal information security team () The principle of article We will do the corresponding measures from the various parts of the invader invasion Step by step the Windows system. Reinforce the Windows system. There are several aspects to it 1. The port limits 2. Set the ACL Turn off services or components 4. The packet filter 5. Audit We are now starting with the first step of the invader. 1. The scan This is the first step for an intruder, such as searching for a compromised service. Corresponding measures: port restrictions All of the following rules need to be mirrored, otherwise they will not be able to connect All we need to do is open the port required by the service Download information 2. The main thing here is to filter some of the illegal requests through URLSCAN Corresponding measures: filter the corresponding package We set up the DenyExtensions field in URLSCAN.ini through the security URLSCAN To prevent the execution of a certain ending file 3. Upload a file The intruders upload WEBSHELL, the right software, run the CMD instructions, and so on. Corresponding measures: remove the corresponding service and function and set ACL permissions If you have a condition you dont use FSO. Logout the associated DLL with the regsvr32 / uc: / Windows/system32 / scrrun.dll. If you need to use it. Create a user user for each site The corresponding directory for each site. Read only to this user, write, execute, and give the administrators full authority Install antivirus software. Kill the malicious code uploaded in real time. Personal recommendation for MCAFEE or kaspersky If you use MCAFEE, you can prevent all adding and modifying files from the WINDOWS directory. 4. WebShell After the intruder has