windows 2003服务器安全配置

九月 11th, 2009 Posted in Windows | 阅读次数: 293 次

制作:高进波
时间:2009-09-11

1.关闭NetBIOS 139端口
本地连接属性->TCP/IP属性->高级->WINS->禁用TCP/IP上的NETBIOS

2.彻底禁用139,445端口
开始->运行:services.msc,在服务管理器中将server停止.
445端口修改注册表regedit->HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NETBT\Parameters下建一个DWORD键值SMBDeviceEnabled值为0,然后重启电脑

3.设置系统盘权限(NTFS)
右击盘符->属性->安全 只保留administrators和system组

4.服务和端口
运行services.msc,禁用所有不需要的服务
TCP/IP高级属性->筛选,只开放对外的端口

5.禁用普通用户远程桌面
在本地安全策略->安全选项中禁止除administrators组外的所有用户登录远程桌面

6.去掉cmd,net,telnet,netstat,ftp,format的所有权限

7.设置帐户,密码,访问控制策略

8.使用IPSec services(IP安全策略)
可实行:IP,协议,安全,连接的配置
举例:
1)限制所有外来的PING响应
2)禁止所有IP对本地1433端口连接
3)指定信任的IP所有数据通过

具体操作:
1)管理工具->本地安全策略->IP安全策略
2)点右键”创建IP安全策略”->下一步->名称”限制1433-PING策略”,描述”Power by hugwww 2009-09-11″->下一步->下一步->下一步->是->完成
3)添加->下一步->下一步->…是
4)添加->名称”禁止PING”
5)添加->下一步->源地址:任何IP地址”->下一步->目标地址:”我的IP地址”->下一步->选择协议类型”ICMP”->下一步->完成
6)添加一个阻止动作

注:此文档同样适合于windows 2008,win7

完成!

随机日志


This entry was posted on 星期五, 九月 11th, 2009 at 22:20 and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “windows 2003服务器安全配置”

  1. Panic Attacks Treatment Says:

    五月 3rd, 2011 at 05:41

    Recent Favourite Websites…

    [...]while the sites I link to below are completely unrelated to mine, I think they are worth a read, so go and have a look http://www.panicattackstreatmentcure.net/links/…...


  2. Related Resources Says:

    五月 10th, 2011 at 09:05

    Interesting Article…

    [...]some interesting sites worth visitng. We recommend all our readers go and check these out[...]……


  3. Resources Says:

    五月 15th, 2011 at 01:56

    Interesting Posts…

    [...]some other related resources on the web that are worth viewing on this subject include[...]…


  4. Resources Says:

    五月 26th, 2011 at 00:25

    Related Websites…

    [...]some other related resources on the web that are worth viewing on this subject include[...]…


留下您的脚印