Free Advertising Forums | Free Advertising Board | Post Free Ads Forum | Free Advertising Forums Directory | Best Free Advertising Methods | Advertising Forums

| Back to logs list

135462 2008 年 11 月 23 日 19:28 Reading (loading. ..) Comments (0) Category: Technology Category
Here I use the example, it will be a standard virtual host.

System: Windows2003

Service: [IIS] [SERV-U] [IMAIL] [SQL SERVER 2000] [php] [MYSQL]

Description: To demonstrate, bound up service, we can screen based on the actual situation, and so reduce

1. WINDOWS local security policy port restrictions

A. For our example, need to open the following ports

outside -> Local 80

outside -> Local 20

outside -> Local 21

outside -> use some of the local PASV Port

outside -> Local 25

outside -> Local 110

outside -> Local 3389

and then follow the specific circumstances, open the SQL SERVER and MYSQL

outside the port -> Local 1433

outside -> Local 3306

B. is open from the inside out and then need to open ports

in accordance with the actual situation, if no mail service, do not open the following two rules

local -> outside the 53 TCP, UDP

local -> external 25

light of specific conditions, if the need to access web pages on the server, try not to open the following ports

local -> external 80

C. In addition to be explicitly allowed to stop,coach handbags, this is the safety rules outside the key

-> local all protocols to prevent

2. User Account

A. renamed the administrator, example to root

B . Cancel all outside root for all users except administrators attribute

Remote Control -> enable remote control and

Terminal Services Configuration Files -> Allow log on to Terminal Server

C. will be renamed as the administrator and change the guest password

D. In addition to the administrator root, IUSER and IWAM and the ASPNET user, but disable all other users, including SQL DEBUG and TERMINAL USER so

3. directory permissions

rights of all letters, all read only

administrators group full access

ystem All rights

to C disk all subdirectories and files inherit the C disk sub-administrator (or user group) and all the permissions of the two permissions SYSTEM

and then make the following changes

C: Program Files Common Files Open Everyone listed in default read and run the file directory permissions to read the three

C: WINDOWS open Everyone listed in default directory to read and run permissions to read the three

C: WINDOWS Temp Open Everyone Modify, Read and Run, listing file directory,coach purses, read,coach outlet online, write permissions

WebShell now in the system directory will not be able to write files. Of course, you can use a more restrictive permission, in the WINDOWS directory to set permissions, respectively. But the more complex, the effect is not obvious.

4. IIS

in IIS 6, the application file types within a corresponding expansion of the type of ISAPI has been removed IDQ, PRINT, and so the script type of risk ,

under IIS 5 in addition to ASP, and we need all types other than ASA deleted.

install URLSCAN

in [DenyExtensions] generally add the following. cer

. cdx

. mdb

. bat

. cmd

. com

. htw

. ida

. idq

. htr

. idc

. shtm

. shtml

. stm

. printer

so intruders can not download. mdb database, this method than the outside number of special characters in the file header by adding the method more thoroughly.

because even if the file header by adding special characters, or can be constructed by encoding the

5. WEB directory permissions

as a virtual host, there will be many independent clients. Safer approach is for each customer to create a Windows user, then the response of the site in the IIS item executed within the IIS anonymous user, binds as the user and his point of directories, permissions for the administrators to change all the permissions

system to establish full authority

individual user (or IUSER) Select Advanced -> Open In addition to full control, Traverse Folder / run the program, made outside ownership of three other permissions

If the server is not much on the site, and there are forums, each forum we can get rid of the upload directory execute permissions for this user, only read and write permissions so that even if an intruder detection of file types to bypass the forum is uploaded webshell can not run.

6. MS SQL SERVER2000

Log Query Analyzer using the system account to run the following script use master

exec sp_dropextendedproc 'xp_cmdshell'

exec sp_dropextendedproc 'xp_dirtree '

exec sp_dropextendedproc' xp_enumgroups'

exec sp_dropextendedproc 'xp_fixeddrives'

exec sp_dropextendedproc' xp_loginconfig '

exec sp_dropextendedproc' xp_enumerrorlogs'

exec sp_dropextendedproc 'xp_getfiledetails'

exec sp_dropextendedproc 'Sp_OACreate'

exec sp_dropextendedproc 'Sp_OADestroy'

exec sp_dropextendedproc 'Sp_OAGetErrorInfo'

exec sp_dropextendedproc 'Sp_OAGetProperty'

exec sp_dropextendedproc 'Sp_OAMethod'

exec sp_dropextendedproc 'Sp_OASetProperty'

exec sp_dropextendedproc 'Sp_OAStop'

exec sp_dropextendedproc 'Xp_regaddmultistring'

exec sp_dropextendedproc 'Xp_regdeletekey'

exec sp_dropextendedproc 'Xp_regdeletevalue'

exec sp_dropextendedproc 'Xp_regenumvalues'

exec sp_dropextendedproc 'Xp_regread'

exec sp_dropextendedproc 'Xp_regremovemultistring'

exec sp_dropextendedproc 'Xp_regwrite'

drop procedure sp_makewebtask

go remove all the dangerous expansion of 7. NET.EXE permission to modify

CMD.EXE and the two permission to modify files to a specific administrator can access, such as in this case, we modified as follows

cmd.exe root user all the privileges of ownership

et.exe root user is

This would prevent unauthorized access to

can also use the example provided comlog program com.exe renamed _com.exe, then replace the com file, so you can record all executed command-line instructions

8.

use ntbackup backup software backup system state, the use of reg.exe critical data backup system,coach bags, such as reg export

LM SOFTWARE ODBC e: backup system odbc.reg / y

to back up the system ODBC

9. antivirus

Here MCAFEE 8i Enterprise Edition Chinese, because this version of the domestic many of the malware and Trojans are able to timely updates.

such as Hai Duong has been able to detect the top of 2006, and can kill other than IMAIL SMTP queue software viruses MIME-encoded file,coach outlet,信阳好吃的地儿！！！！ - Qzone日志, and many people like to install Norton Corporate Edition and Norton Corporate Edition, for WEBSHELL are basically no response. And can not be MIME-encoded files for antivirus.

in MCAFEE, we are also able to add rules to stop the windows directory to create and modify EXE.DLL documents, we have added to the WEB directory software antivirus program once a day,coach women shoes, and open real-time monitoring.

10.

off useless services we generally turn off the following services

Computer Browser

Help and Support

Messenger

Print Spooler

Remote Registry

TCP / IP NetBIOS Helper

for the domain if the server does not control,什么是五大管理职能？ - Qzone日志, we can disable the Workstation

11 . cancel the dangerous components

If the server does not require FSO,Life!, regsvr32 / uc: windows system32 scrrun.dll unregister the component, use regedit to / HKEY_CLASSES_ROOT under

WScript.Network

WScript.Network.1

WScript.Shell

WScript.Shell.1

Shell.Application

Shell.Application.1

key rename or delete these keys is included under the CLSID string

such as {72C24DD5-D70A-438B-8A42-98424B88AFB8}

to / HKEY_CLASSES_ROOT / CLSID name to find the key to these strings

Remove All

12. Audit

Local Security Policy -> Local Policies -> ; audit policy

open the following changes to audit policy success, failure

Audit system events Success, Failure Audit account login events

success, failure

Audit account management Success, Failure