Windows 2003 system is currently the most comprehensive security rights program

I do in the telecommunications network, the original management over more than 30 servers, from the experience accumulated over the years, write the detailed security scheme of Windows2003 service system, I used the following scheme, the safe operation of two years, there is no record of a successful invasion of hackers, there are hackers invasion success of the record, but in the end or not get the highest broiler administrator, just jump to the server can browse all customer site.

server security settings

> > IIS6.0 installation;

start menu – > control panel – > add or remove programs – > add / remove Windows components

application — ASP.NET (optional)

| – enabled network COM+ access


| – Internet information services (IIS) – Internet Information Services Manager (required)

| – common file (E)

| – Web Service — Active Server pages (E)

| – Internet data connector (optional)

| WebDAV released


| – Web services (required)

| – in the included file server (optional)

> > in the "network connection", the unnecessary protocols and services are deleted; here only the basic Internet protocol (TCP/IP) and the Microsoft network client are installed. In the advanced tcp/ip setting, –" NetBIOS" sets " disables NetBIOS (S) " on tcp/IP;.

> > in the "local connection" to open the Windows 2003 comes with a firewall, can shield the port, basically reached a IPSec function, only useful ports, such as remote (3389) and Web (80), Ftp (21), the mail server (25110), HTTPS (443), SQL (1433)

> > IIS (Internet information server manager) in " home directory " options set by the following

read allows

does not allow

to write

script source access does not allow

directory browsing suggests closing

records access recommended close >

Leave a Reply

Your email address will not be published. Required fields are marked *