Some security Settings for win2003 server of lottery
- 2020-05-15 02:35:39
- OfStack
The following content is taken from the use help of a lottery program, which provides help when the program USES a separate server. Roughly looked at 1, some things worth learning, especially to do a collection
1 change the remote desktop system's default port 3389 to XXXX
SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp, PortNumber, XXXX
SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp, PortNumber, XXXX
2 enable the firewall of windows system and open the following ports:
21 ftp
25 emails
80 http
110 the mail
143 the mail
3389 fake remote desktop, user confusing attacker
XXXX remote desktop port
3 in the network component, set the TCP/IP port filter to enable only the above ports.
Add 1 super administrator account.
5. Rename administrator users to XXXXXXXX with the same password through the gpedit.msc group policy tool
At the same time, a new administrator fake superuser account was created, and a 100-bit password was set up. This user does not belong to any group and does not have any permissions, and is used to confuse attackers, commonly known as "trap account".
6 rename the Guest guest account to XXXXXXXX, please delete it from the Guests group. A 100-bit password is set.
7 enable the NEIBIOS protocol in TCP/IP with TCP/IP disabled in the network component.
8 set the password of SQLServer sa user and create one user for each database to access the database. Set SQLServer's integrated system user option to disallow to improve data security.
To prevent passwords from being used by DUMP, turn off Remote regisitery services in the service.
Modify the registry to prevent SYN flooding
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, SynAttackProtect, 2
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, EnablePMTUDiscovery, 0
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, NoNameReleaseOnDemand, 1
Modify the registry to disable dead gateway monitoring technology
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, EnableDeadGWDetect, 0
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, KeepAliveTime, 300000
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, PerformRouterDiscovery, 0
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, EnableICMPRedirects, 0
Modify registry to disable response to ICMP routing notification message
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces, interface, PerformRouterDiscovery, 0
Modify the registry to prevent attacks on ICMP redirected messages
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, EnableICMPRedirects, 0
Modify the registry so that the system does not support the IGMP protocol
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, IGMPLevel, 0
15. Modify the registry to disable IPC empty connections (limit IPC$default sharing)
System\CurrentControlSet\Control\LSA, RestrictAnonymous, 1
Modify the registry so that the system does not support routing
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, IPEnableRouter, 0
17 change the TTL value (the hacker can roughly judge your operating system based on the TTL value returned by ping, e.g. TTL=107(WINNT); TTL = 108 (win2000); (win9x TTL = 127 or 128); (linux TTL = 240 or 241); TTL = 252 (solaris); TTL = 240 (Irix);
HKEY_LOCAL_MACHINE\ : DefaultTTL REG_xff 0-0xff (0-255 in base 10, 128 by default) is changed to a strange number, such as 258, which will at least make the rookie dizzy for a long time. You are not sure to give up the invasion
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, DefaultTTL, 200
18 change registry to remove system default share (C$, D$...)
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, AutoShareServer, 0
Modify the registry to disable ADMIN$default sharing
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, AutoShareWks, 0
Modify the registry to disable the display of the last logged in user name when logging in
SOFTWARE\Microsoft\WindowsNT\CurrentVersion\winlogon, Don't Display Last User Name, 1