Recent server security problems and preventive measures

Dear users:

Recently, foreign hacker organizations published a batch of Windows high-risk vulnerabilities and batch utilization tools, which can be used to open the Windows server 135/137/139/445 port to execute arbitrary commands, causing a series of serious consequences including host blue screen, data intrusion and deletion. Microsoft has officially issued the vulnerability patch, but a large number of customers have not been repaired, which is a great risk. In order to better improve the security of servers and cloud hosts, please be sure to pay attention to the following information:

For the windows operating system server in use, please confirm whether the ports [135, 137, 139, 445] of the server are open. These ports are affected by this vulnerability and can easily lead to server intrusion. If the port is enabled, please note:

1. If you do not use these ports in your business, please log in to the login server as soon as possible and close these ports, such as stopping the relevant service, turning on the firewall or policy to block these ports.

2, if you have used SMB business agreement or more ports, Microsoft has announced and patches, https: / / blogs technet. microsoft. com msrc / 2017/04/14 / protecting - customers - and - evaluating - risk /. We strongly recommend that you log in to the server to install the latest patch for update Windows and restart your system for the patch to take effect. Or use the system's built-in windows update function to update the latest patch and restart.

3. Turn off the host smart card service to prevent RDP service from being attacked. The following is the specific setting method.
windows2008, 2012 setup method: run input gpedit.msc - > Computer configuration - > Management template - > windows components - > Smart card, then set all items in the Settings list with the Smart card keyword to Disabled.

windows2003 setup: Run the input gpedit.msc - > Computer configuration - > windows Settings - > Safety Settings - > Local policy - > Security options, interactive login: Requires the smart card to be set to disabled, and interactive login: The smart card removal operation is set to Lock the Workstation.

Upon receipt of this notice, please pay attention to it and confirm whether the windows server used has opened the above port. If so, please handle it immediately to ensure the security of your server.

In addition, in order to use the server more secure, more worry, we recommend you to install 1 server security dog, it is a set of server security protection and security management for a body of comprehensive server tools. Support Windows full range of operating system (Windows2003 / Windows2008 / Windows2012 32-64), Linux server operating system security protection software, directly from the driver layer shielding attack, protect the security of the server.