,
Office Professional 2007 Key
5, concealed SQL Server, change the default port 1433
xp_cmdshell: is the top method to entry the operating system, delete
URLScan.ini file folder, and then add the debug verb in UserAllowVerbs segment, observe that this section is case-sensitive.
Run, type Dcomcnfg.exe. Enter, click the Open the
for that nearby computer, right-click Select
distinct
Be aware :3-6 objects I use Server2000 is set, not examined on the 2003 is functioning. But 1 factor is specific for some time I didn't discover another facet of Vice.
6, configure IIS solutions:
If you ever configured any challenges, you are able to add / Remove Plans to remove UrlScan.
seven, employing UrlScan
1, the procedure will seize the existing server or recorded, save it for later comparison to determine if you can find unfamiliar plans.
Track record Intelligent Transfer Support (BITS) Server Extensions;
three, the Guest account Disable and change the name and description, then enter a complicated password,
Office 2007 Download, needless to say, now there is certainly a DelGuest instrument, perhaps you could also utilize it to eliminate the Guest account, but I have not tried.
4, enter the run kind gpedit.msc to open Group Coverage Editor, choose Pc Configuration-Windows Configurations - Security Settings - Account coverage - account lockout coverage, the account is set to
five, inside the Security Settings - Neighborhood Policies - Security Selections will likely be,
Office Pro 2007 Key, allocation of rights will likely be In case you are making use of Asp.internet nonetheless keep Aspnet account.
seven, to generate a Person account, working system, should you would like to run privileged commands employing the Runas command.
3rd, network support protection management
four, open the proper audit coverage
add - name to Internet Filter - Click Add - type in the description Internet server - any IP source tackle is set to handle - the location deal with as my IP tackle - protocol type is set to Tcp - IP protocol port the first set from any port, this port 80 second - Click on Complete - Click on Okay.
when you go by this operation, the proposed modifications to every do a test server, if you'll find complications it is easy to right away undo the alter. The In case you alter even more than the quantity of objects, only to find difficulties, it's difficult to ascertain exactly where the problem is 1 step on the.
right-click
successful account logon events Failure
PrintSpooler: If no printer might be disabled
1, from C $, D $, ADMIN $ share class for the default
set the worth to EnableICMPRedirects is 0
[page]
HKEY_LOCAL_MACHINE Program CurrentControlSet Expert services Tcpip Parameters
technique occasion good results or failure
2nd, setup and manage accounts
new DWORD worth named PerformRouterDiscovery value of 0
could be entirely hidden to modify the registry:
3, to avoid SYN flood attacks
three, set up of IIS, IIS only install the required parts (for example FTP and disable undesirable SMTP expert services). By default, IIS services is not installed inside the Add / Eliminate Win Elements, choose p> Web Specifics Companies Manager;
3, the filter operation within the management solutions for the following click on Add - the next phase - enter the identify of preventing - the next stage - choose to block - the following action - total - near the management of IP filter lists and filter operation window
6, if you're using 2000 you can actually use iislockdown to safeguard IIS, IE6.0 running in the 2003 version doesn't require.
Run, type gpedit.msc within the carriage, open the Group Policy Editor, select the personal computer Configuration-Windows Settings - Security Settings - audit coverage audit task produced to notice that in the event the audit of the project an excessive amount of, the more events which are generated, then the serious activities to be able to acquire the additional tough program, if too few audit may also impact you get significant incident, with this situation you must make a option among the two.
recommended to review the project is:
one, Technique Administrators purpose is preferred not far more than two
stored procedure to entry the registry, delete Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue Xp_regenumvalues ; Xp_regread Xp_regwrite Xp_regremovemultistring
logon events good results and failure
1, very best to decrease the construction of your program administrator account, change the default administrator account identify (Administrator) and description, password, finest digital plus uppercase and lowercase letters as well as numbers on the Shift essential combination, the most effective duration of not much less than 14 bits.
two, make a brand new account named Administrator of your trap, to set the minimum permissions, after which casually enter the very best mixture of not less than 20-bit password
the World Huge Internet services.
If you're making use of FrontPage prolonged Internet web page and then examine: FrontPage 2002 Server Extensions
right-click the instance select Properties - Basic - Network Configuration, pick TCP / IP protocol properties Knowing SQL Server instance, and change the original default 1433 port.
2, if your device is most beneficial to login authentication configuration for the Win
Remote Desktop Help Session Supervisor: Prohibition of Remote Assistance
privilege use Failure
Object Access ; failure
Directory Support Accessibility Failure
three, shut down unwanted companies, The subsequent will be the suggested option
public paperwork;
open the registry , HKEY_LOCAL_MACHINE Technique CurrentControlSet Services lanmanserver parameters, inside the perfect window, the new Dword worth title to AutoShareServer value to 0
UrlScan is an ISAPI filter, it handed in the HTTP packet evaluation and to refuse any suspicious visitors. The latest version is two.five, if it truly is 2000Server need to set up edition 1.0 or two.0. Obtain handle see page the website link is not
coverage change success or failure
HKEY_LOCAL_MACHINE System CurrentControlSet Companies Tcpip Parameters
Error reporting service: send an error report prohibited
new DWORD value named IGMPLevel 0
If there is no special needs can make use of the default configuration UrlScan.
six, IP safety coverage in the appropriate window, right-click the new packet filter, click about the assignment, do not restart , IPSec can be efficient.
1, set up the technique needs at least two partitions, partition formats are NTFS format
3, do not use Sa account, to configure a super complex password
Download: VB.Web followers
seven, configure Sql Server
one, Administrative Equipment - Neighborhood Protection Policy - Right-click IP Security Policies - Manage IP filter lists and filter steps - within the management of IP filter lists selections clicks
HKEY_LOCAL_MACHINE Technique CurrentControlSet Services Tcpip Parameters
9, it is suggested
Remote Registry: Prevent remote modification of your registry
2, raise the NetBios and TCP / IP protocol bindings
right-click My Network Locations - Properties - Right-click Nearby Location Connection - Properties - Double-click World wide web Protocol - High-Wins-disable TCP / IP around the NETBIOS
five. to prevent ICMP redirect messages attacks
new DWORD value named SynAttackProtect, a worth of 2
4. Prohibition Discover response to ICMP routing messages
7, disable DCOM:
2, then inside the management of IP filter lists options clicks
HKEY_LOCAL_MACHINE Method CurrentControlSet Expert services Tcpip Parameters Interfaces interface
five, at the opening of the new IP Safety Policy Properties window, select Add - the next step - don't specify a tunnel - the next phase - all network connections - the next stage - in IP filter record, pick the brand new Internet Filter - the next step - a filter operation inside the Pick License - Subsequent - Finish - The IP filter record, select the new filter to prevent - the next phase - - Choose the filter motion to stop - the next step - complete - Okay
add - name to all inbound Filter - Click Add - Enter in the description all inbound filtering - set the supply handle of any IP address - the destination deal with as my IP handle - any protocol kind set - click on Next - Finish - Click on Okay.
Distributed File System: LAN management of shared files, without having getting to disable
10, run the server information the present program and open the port
8, if only the server, not another operations, using IPSec
6. don't help the IGMP protocol
two, within the case of disconnected from your network installed in 2003 system
5, alter the IIS log path
1, do not make use of the default Web web-site, when you use the IIS directory should really be separated using the system disk.
two, delete the Inetpub directory developed by IIS by default (in setting up the method tray).
3, delete the virtual directory beneath the method tray,
Office 2010 Pro Plus Key, which include: _vti_bin, IISSamples, Scripts, IIShelp, IISAdmin, IIShelp, MSADC.
four, remove pointless IIS extension mapping.
right-click Primarily. Shtml,. Shtm,. Stm
Laptop or computer Browser: upkeep of network laptop or computer updates, disable
Distributed linktracking consumer : update the connection data for your LAN, without getting to disable
OLE Automation Stored Procedures, don't delete Sp_OACreate Sp_OADestroy Sp_OAGetErrorInfo Sp_OAGetProperty Sp_OAMethod Sp_OASetProperty Sp_OAStop
four, MSSQL and it wants to set up the software and then Update.
5, utilizing the Microsoft supplied MBSA (Microsoft Baseline Protection Analyzer) tool to review the computer's protection configuration, and identify lacking patches and updates. Obtain: Begin to see the end of the hyperlink web page
Microsoft Serch: to give quickly phrase search, don't disable
eight, making use of WIS (Internet Injection Scanner) instrument around the whole Internet web-site SQL Injection vulnerability scans.
but if you run ASP.Web about the server program, and you should open the debug% WINDIR% System32 Inetsrv URLscan
If your page uses a non-ASCII code, you are going to must AllowHighBitCharacters Option segment, set the worth one
the modifications created to the URLScan.ini file, you should restart IIS solutions to take impact, fast approach to run, sort iisreset
4, delete the subsequent extended stored process format: use grasp sp_dropextendedproc ' extended saved procedure title '
five other security-related configurations
1, conceal imperative files / folders
In the event you page is. asp web page you must eliminate DenyExtensions. asp-related content.
2, seize the current open ports or recorded, stored for later on comparison to see if open not known port. Of course, in the event you can tell each and every method,
Buy Windows 7, and port this action could be omitted.
an, Windows Server2003 installation
four, right-click IP Protection Policies - Make IP Safety Policy - the next step - the title of the input data packet filters - the next stage - to cancel the default activation response principle - Next - End
NTLMSecuritysupportprovide: telnet support and Microsoft Serch use, don't disable