Shulou(Shulou.com)06/02 Report--

1. Account management and authentication authorization

1.1 account

The default account security disables the Guest account. Disable or delete other useless accounts (it is recommended to disable the account for three months and delete it after confirming that there is no problem. )

Operation steps

Open Control Panel > Administrative tools > computer Management, in system tools > Local users and groups > users, double-click the Guest account, select the account disabled in the Properties, and click OK.

Assign accounts by user

Assign accounts by user. Set different users and user groups according to business requirements. For example, administrator users, database users, audit users, guest users, and so on.

Operation steps

Open Control Panel > Administrative tools > computer Management, and in system tools > Local users and groups, set different users and user groups according to your business requirements, including administrator users, database users, audit users, guest users, etc.

Regularly check and delete unrelated accounts

Regularly delete or lock accounts that have nothing to do with the operation and maintenance of the equipment.

Operation steps

Open Control Panel > Administrative tools > computer Management, and in system tools > Local users and groups, delete or lock accounts that have nothing to do with the operation and maintenance of the equipment.

Do not display the last user name

After configuring login and logout, the user name is not displayed.

Procedure:

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Security options, double-click interactive login: do not display the last user name, select enabled and click OK.

1.2 password

Password complexity

Password complexity requirements must meet the following policies:

The minimum password length requires eight characters. Enable the policy that the password in the local group policy must meet the complexity requirements.

That is, the password contains at least two of the following four categories of characters: English capital letters A, B, C, … Z English small letters a, b, c,... Z Western Arabic numerals 0, 1, 2, … 9 non-alphanumeric characters, such as punctuation, @, #, $,%, &, *, etc.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in account Policy > password Policy, verify that the password must meet the complexity requirements. Policy is enabled.

Maximum password retention period

For devices that use static password authentication technology, the retention period of the account password should not be longer than 90 days.

The procedure opens Control Panel > Administrative tools > Local Security Policy. In account Policy > password Policy, the maximum usage period of the configuration password is less than 90 days.

Account lockout policy

For devices using static password authentication technology, it should be configured to lock the account used by the user when the user fails more than 10 times in a row.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in account Policy > account lockout Policy, configure the account lockout threshold no more than 10 times.

Sample configuration:

1.3 Licensing

Remote shutdown

In the local security settings, the forced shutdown permission from the remote system is assigned only to the Administrators group.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy. In Local Policy > user Rights assignment, the configuration forces shutdown permissions from the remote system to be assigned only to the Administrators group.

Local shutdown

Turning off system permissions in the local security settings is assigned only to the Administrators group.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy. In Local Policy > user Rights assignment, configuration off system permissions are only assigned to the Administrators group.

User rights assignment

In local security settings, the right to take ownership of a file or other object is assigned only to the Administrators group.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy. In Local Policy > user Rights assignment, the configuration takes ownership rights of files or other objects only to the Administrators group.

Authorized account login

In the local security settings, the configuration specifies that authorized users are allowed to log on to this computer locally.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > user Rights assignment, configure to allow local login rights to the specified authorized user.

Authorized account to access from the network

In the local security settings, only authorized accounts are allowed to access this computer from the network (including network sharing, but not Terminal Services).

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > user Rights assignment, configure access to this computer from the network to the specified authorized user.

two。 Log configuration operation

2.1 Log configuration

Audit login

The device should be configured with a log function to record user logins. The record includes the account used by the user to log in, whether the login was successful, the login time, and the IP address used by the user when logging in remotely.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set the audit login event.

Audit strategy

Enable audit policy changes to the Windows system in the local security policy, both successful and failed operations require auditing.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set audit policy changes.

Audit object access

Enable audit object access to the Windows system in the local security policy, which requires auditing for both successful and failed operations.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set audit object access.

Audit event directory service access

Enable audit directory service access to the Windows system in the local security policy, requiring only audit failure actions.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set the audit directory server access.

Audit privileged use

Enable the use of audit privileges for the Windows system in the local security policy, which requires auditing for both successful and failed operations.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set the use of audit privileges.

Audit system events

Enable auditing system events for the Windows system in the local security policy, both successful and failed operations require auditing.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set audit system events.

Audit account management

Enable audit account management of the Windows system in the local security policy, auditing both successful and failed operations.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set up audit account management.

Audit process tracking

Enable audit process tracking of the Windows system in the local security policy, and only failed operations need to be audited.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Audit Policy, set audit process tracking.

Log file size

Set the application log file size to at least 8192 KB. You can configure the log file size according to disk space. The more logs you record, the better. When the maximum log size is reached, the log is polled as needed.

Operation steps

Open Control Panel > Administrative tools > event Viewer, configure the log size in the application log, system log, security log properties, and set the corresponding policy when the maximum log size is reached.

3. IP protocol security configuration

3.1 IP protocol security

Enable SYN attack protection

Enable SYN attack protection.

Specifies a threshold of 5 for the number of TCP connection requests that must be exceeded to trigger SYN flood attack protection. The threshold for specifying the number of TCP connections in the SYN_RCVD state is 500. The threshold for specifying the number of TCP connections in the SYN_RCVD state where retransmissions have been sent at least once is 400.

Operation steps

Open the Registry Editor and modify the registry key value according to the recommended values.

Windows Server 2012

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters\ SynAttackProtect

Recommended value: 2HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters\ TcpMaxHalfOpen

Recommended value: 500

Windows Server 2008

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ SynAttackProtect

Recommended value: 2HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ TcpMaxPortsExhausted

Recommended value: 5HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ TcpMaxHalfOpen

Recommended value: 500HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ TcpMaxHalfOpenRetried

Recommended value: 400

4. File permissions

4.1 shared folders and access permissions

Turn off default sharing

In a non-domain environment, turn off the default sharing of Windows hard drives, such as Clipper Magazine D$.

Operation steps

Open the Registry Editor and modify the registry key value according to the recommended values.

Note: Windows Server version 2012 has turned off Windows hard disk default sharing by default and does not have the registry key value.

HKLM\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters\ AutoShareServer

Recommended value: 0

Shared folder authorizes access

Share permissions for each shared folder, only authorized accounts are allowed to share this folder.

Operation steps

The sharing permissions of each shared folder are limited to business needs and should not be set to Everyone. Open Control Panel > Administrative tools > computer Administration, and in the shared folder, view the sharing permissions for each shared folder.

5. Service security

5.1 disable NetBIOS on TCP/IP

Disable the NetBIOS protocol on TCP/IP and close the listening ports of UDP 137 (netbios-ns), UDP 138 (netbios-dgm), and TCP 139 (netbios-ssn).

Operation steps

Disable the TCP/IP NetBIOS Helper service in computer Management > Services and applications > Services. "in Network connection Properties, double-click Internet Protocol version 4 (TCP/IPv4), and click Advanced." In the WINS tab, make the following settings:

Disable unnecessary services

To disable unnecessary services, please refer to:

6. Security option

6.1 enable security options

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Security options, make the following settings:

6.2 disable shutdown before logging in

By default, the server is prohibited from shutting down before logging in to the system. If you enable this setting, the server security will be greatly reduced, creating opportunities for hackers connected remotely. It is strongly recommended that you disable the shutdown feature before logging in.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy. In Local Policy > Security options, disable shutdown: allow the system to shut down the policy before logging in.

7. Other security configuration

7.1 antivirus management

Antivirus software is required for Windows systems.

Operation steps

Install enterprise-class antivirus software, and turn on virus database update and real-time defense function.

7.2 set screen saver password and opening time

When you restore from the screen saver, you need to enter a password and set the screen saver to turn on automatically to five minutes.

Operation steps

Enable the screen saver, set the wait time to 5 minutes, and enable the use of password protection during recovery.

7.3 limit the idle disconnection time of remote login

For remotely logged-in accounts, set inactivity for more than 15 minutes to automatically disconnect.

Operation steps

Open Control Panel > Administrative tools > Local Security Policy, and in Local Policy > Security options, set the Microsoft network server: the amount of idle time required before pausing the session property to 15 minutes.

7.4 operating system patch management

Install the latest operating system Hotfix patch. When installing patches, you should first test the compatibility of the server system.

Operation steps

Install the latest operating system Hotfix patch. When installing patches, you should first test the compatibility of the server system.

Note: for actual business environment servers, it is recommended to use notifications and download updates automatically, but it is up to the administrator to choose whether to install updates instead of using automatic updates to prevent the impact of automatic update patches on the actual business environment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.