Welcome toChina Server Net
About us | Add to Favorites | Contact us | 中文版
The IIS that lets you is impeccable
From;    Author:Stand originally

After if your computer is new,installing NT4/Win2000, not be to say to be able to use Internet server directly. Although the patch of Microsoft made one pile, but still be some flaw. The our simple now server that talks how to use IIS to build a high safety performance.

One, it is a foundation with the safe mechanism of Windows NT

1, NT hits SP6 patch, 2K to hit SP4 patch. Change the file system of disk into NTFS (when the partition that installs a system is installing a system, change, after also can installing a system, change with the tool) . Write what Everyone concerns in use attributive at the same time, revised attributive take out, crucial catalog: The attributive that if WinntRepair is connected,reads also take out.

2, the modification that shares jurisdiction. Fall to begin bill of fare in NT- - " program- - " manage a tool- - " systematic strategy editor, open the “ in menu of the file in systematic strategy next register watch ” to revise among them Windows NT network tick off take out among them. 2K issues the Bat file that can keep a Net Share C$ /delete, put in the starting task of the machine.

3, for systematic manager Zhang date more renown. Change the code of systematic manager to force at the same time close: Password length is in 10 above, and the password should include number, letter, ! Wait for all sorts of character.

4, the NetBIOS on revocatory TCP/IP. Pass network property tie calm option, between revocatory NetBIOS and TCP/IP bind calm.

5, install other service. Should not install the other service of the database on the server that be the same as a stage as far as possible, if was installed, the a bit mainest it is the disembarkation that database password cannot follow a system the code is same.

2, the safe mechanism that sets IIS

1, solve IIS4 and the version before to be able to be suspended a service by D.O.S attack. Moving Regedt32.exe is in: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw3svcparameters raises a cost: Value Name: MaxClientRequestBuffer Data Type: The URL that REG_DWORD setting installs the IIS that thinks set for you to allow to accept for decimal particular numerical value is the biggest length. The setting of CNNS is 256.

2, delete HTR script map.

3, issue IIS Web Server / catalog installs _vti_bin to prohibit be being visited remotely.

4, Taichun is controlled in IIS management, select Web site, attribute, choose advocate catalog, configuration (initial drop) , use program map, delete the map of Htw and Webhits.dll.

5, delete: C: PRogram FilesCommon FilesSystemMsadcmsadcs.dll.

6, if do not need to use Index Server, prohibit or uninstall this service. If you used Index Server, prohibit the option of the “Index This Resource” of the list that contains sensitive information please.

8, solve Unicode flaw: 2K installs 2kunicode.exe, NT to install Ntunicode86.exe.
Previous12 Next