2024年4月11日发(作者:)

iis配置安全策略(IIS configuration security policy)

Web server security settings and application WEB server

settings

First, this is about some of the settings of IIS, because of

using Win2K server version in the other brother, I will not,

at the same time before I manage the server only when two months

here, never touched like is, even in the commissioning of the

machine is not. As a result of a lot of friends ask IIS settings,

I will write out my accumulated two months of experience, please

don't laugh at me. There is a shortage of places to point out.

Well, not many words, here we go!

Two, first of all, we open audit strategy

Opening security audit is the most basic method of intrusion

detection in win2000. When someone tries to invade your system

in some ways (such as trying user passwords, changing account

policies, unauthorized access to files, etc.), it will be

recorded by security audits. Many administrators have been

hacked into the system for months without knowing until the

system is broken. The following audits must be opened, and

others can be added as needed:

Policy setting

In turn

Success, failure

fail

Success, failure

fail

fail

Success, failure

fail

fail

Skill attack, failure

Close unnecessary ports

Closing ports means reducing functionality, and you need to

make a little bit of a decision on security and functionality.

If the server is installed behind the firewall, the risk will

be less, but never think you can sit back and relax. Using the

port scanner to scan the open ports of the system and determine

which services are open is the first step in hacking your system.

The reference table of the well-known ports and services in the

system32driversetcservices file is available for

reference. The concrete method is:

Online neighbor > property > local connection >

property >internet protocol (tcp/ip) > attribute > Advanced >

option >tcp/ip Filter > attribute open tcp/ip filter, add TCP,

UDP, protocol.