1. Home > programming >

Server Security Settings_Elementary

Elementary Security  
1. Physical Security
The server should be placed in an isolated room where a monitor is installed, and the monitor should keep video recordings for more than 15 days. In addition, the case, keyboard, and computer desk drawer must be locked to ensure that others cannot use the computer even if they enter the room. The keys must be kept in another safe place.  
2. Stop the guest account
Deactivate the guest account in the computer management user, and do not allow the guest account to log in to the system at any time. To be on the safe side, it is best to add a complex password to the guest. You can open the notepad, enter a long string containing special characters, numbers, and letters in it, and copy it in as the password of the guest account.  
3. Limit the number of unnecessary users
Remove all duplicateuser accounts, test accounts, shared accounts, general department accounts, etc. The user group policy sets the corresponding permissions, and frequently checks the system accounts and deletes accounts that are no longer in use. These accounts are often the breakthrough points for hackers to invade the system. The more accounts in the system, the more likely the hackers to obtain the rights of legitimate users. For domestic nt/2000 hosts, if there are more than 10 system accounts, one or two weak password accounts can generally be found. I once found out that 180 of the 197 accounts on a host were weak password accounts.  
4. Create two administrator accounts
Although this point seems to be inconsistent with the above point, it actually obeys the above rules. Create an account with general authority to receive letters and process some common things, and another account with Administrators authority is used only when needed. Administrators can use the "RunAS" command to perform some tasks that require privileges to facilitate management.  
5. Rename the system administrator account
Everyone knows that the administrator account of Windows 2000 cannot be disabled, which means that others can try the password of this account over and over again. Rename the Administrator account can effectively prevent this. Of course, please do not use a name like Admin. Changing it means no change. Try to disguise it as a normal user, for example, change it to guestone.  
6. Create a trap account
What is a trap account? Look!>Create a local account named "Administrator", set its authority to the lowest level, and add A super complex password with more than 10 digits. This can keep those Scriptss busy for a period of time, and can use this to detect their intrusion attempts. Or do some tricks on its loginscripts. Hey, enough damage!
7. Change the permissions of shared files from the "everyone" group to "authorized users"
"everyone" in win2000 means anyone who has the right to access your network Users can access these shared information. Do not set the user sharing files to the "everyone" group at any time. Including print sharing, the default attribute is in the "everyone" group, so don't forget to change it.  
8. Use secure passwords
A good password is very important to a network, but it is the easiest to ignore. What has been said above may already explain this point. When some company administrators create accounts, they often use company names, computer names, or other things that they can guess as user names, and then set the passwords of these accounts to N simple, such as "welcome" "iloveyou" "Letmein" or the same as the username, etc. Such an account should require the user to change to a complex password when logging in for the first time, and be careful to change the password frequently. When discussing this issue with people at IRC a few days ago, we defined a good password: a password that cannot be cracked during the security period is a good password. In other words, if someone gets your password file, you must spend It takes 43 days or longer to crack, and your password policy is that you must change your password in 42 days.  
9. Setting a screen saver password
It is simple and necessary. Setting a screen saver password is also a barrier to prevent insiders from damaging the server. Be careful not to use OpenGL and some complex screen savers, waste system resources, just make him a black screen. Another point is that it is best to add a screen protector password to the machines used by all system users.  
10. Use NTFS format partitions
Change all partitions of the server to NTFS format. NTFS file system is much safer than FAT, FAT32 file system. Needless to say, everyone must have NTFS servers.
11. Run anti-virus software
I have never seen a Win2000/Nt server with anti-virus software installed. In fact, this is very important. Some good anti-virus software can not only kill some famous viruses, but also a large number of Trojan horses and backdoor programs. In this case, the famous Trojan horses used by "hackers" are useless. Don’t forget to update the virus database frequently 
12. Ensure the safety of the backup disk
Once the system data is damaged, the backup disk will be the only way for you to restore the data. After backing up the data, keep the backup disk in a safe place. Never back up your data on the same server. In that case, it's better not to back up. Content recommendation: free high-definition PNG material download

This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/programming/82403.html

Contact Us

Online consultation:click here to give a message