Shulou(Shulou.com)06/01 Report--

one。 Ddos*** goals:

1. Program vulnerability (overflow) sensitive information disclosure, application BUG

two。 Use a weak password.

3. Database (column catalog, differential backup, log backup, stored procedure)

4. System permission configuration (run, upload, write)

5.IIS settings (script execution permissions)

6.FTP Settin

7.ARP

Limit the number of consecutive password errors.

Split administrator permissions and cancel overmanagement.

Delete unwanted service ports.

Shut down unwanted service ports

Restrict the access of remote landers.

Check the server event viewer frequently.

System disk and site disk must be set to NTFS format to facilitate the setting of permissions.

Place the disk for the system disk and the site, and remove all the user rights of aministrators and system.

Enable windows with its own firewall, leaving only the required service ports.

Rename administrator, create an admin account as a trap account, set an ultra-long password, do not belong to any group, and disable Guest users.

Gpedit.msc account policy, three logins are invalid, lock time is 30 minutes, reset lock count is set to 30 minutes.

Security policy: anonymously accessible shares; anonymously accessible named channels; remotely accessible registry paths

Remotely accessible registry paths and subpaths are empty.

Login denied through Terminal Services.

Account: aspnet guest iuser_*** IWAM_***, NETWORK SQLDEBGGER

Audit policies: account management, account login events, login events, system events, policy changes (success, failure)

Directory service access, object access, privilege use (failed)

Windows redgistry v5.00 turns off default sharing to prevent empty or weak passwords * *

Hkey_Local_machine\ system\ current contorl set\ services\ lanmanserver\ parameters

Autoshareserver=dword:000000000

Autosharewks=dw:00000000

Web server

The password set by the user of Jian web belongs to the Guset group

IIS is placed in another disk directory for web user access and network authentication.

Execute permissions: pure script

Modify the log directory method:

Regedit:HKEY_local_machine/system/current control set/services/evertlog

File d:\ cee----d:ceeAppEvent.Evt

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.