Win2008 R2 WEB Server Security Settings Guide: Detailed introduction to disabling unnecessary services and closing ports-Windows Operation and Maintenance-php.cn

Win2008 R2 WEB Server Security Settings Guide: Detailed introduction to disabling unnecessary services and closing ports

黄舟

Jun 01, 2017 am 10:51 AM

This article mainly introduces the Win2008 R2 WEB serverSecuritySetting guide to disable unnecessary services and close ports, friends in need can refer to it

Security is the top priority , with the least service in exchange for the greatest security. By enabling only the services you need and turning off services that are temporarily unused or unused, you can maximize security.

As a web server, not all default services are required, so printing and sharing services can be disabled. Of course, your system patch also needs to be updated to the latest one. Some port vulnerabilities have been fixed with the update of the patch. Some articles on the Internet are copies of each other and are mostly based on the win2003 system, and win2008 itself is much safer than win2003.

Then why do we still talk about closing the port? Because we want to nip it in the bud. It would not be fun if the server was hacked.

Disable unnecessary services

Control Panel--Administrative Tools--Services: Stop and disable all the following services.

TCP/IP NetBIOS Helper

Server This server needs to be careful. Tianyi cloud host needs to use this service, so it cannot be disabled on Tianyi cloud host.

Distributed Link Tracking Client

Microsoft Search If available, disable

Print Spooler

Remote Registry

Because we are using a cloud host, which is different from a single machine, some services cannot be generalized, such as the Server service above. For example, Tianyi Cloud's hosts, Shanghai 1 and Inner Mongolia Pool's hosts are different. Inner Mongolia Pool's host needs to rely on the Server service, but Shanghai 1 does not need to rely on this service, so Shanghai 1 can be disabled, but Inner Mongolia Pool cannot.

So you must be careful when disabling a service.

DeleteFile Printing and Sharing

Local Connection Right-click Properties, delete TCP/IPV6, Microsoft Network Client , file and print sharing.

Open the firewall, inbound rules, and disable all "Network Discovery" and "File and Printer Sharing" rules.

Close port

Close port 139

Right-click on the local connection properties and select "TCP/IPv4 Protocol ", Properties, select "Advanced" under the "General" tab, select the "WINS" tab, select "Disable NetBIOS over TCP/IP", thus closing port 139.

Close the port using IP security policy

1. Click Control Panel-Administrative Tools" and double-click to open "Local Policy". Select "IP Security Policy", right-click the mouse in the blank space to the right of "Local Computer", the shortcut menu will pop up, select "Create IP Security Policy", and the wizard will pop up. Click Next in the wizard, and when the "Secure Communication Request" screen is displayed, Leave the box to the left of "Activate Default Corresponding Rules" blank by default and click "Finish" to create a new IP security policy

2. Right-click the new IP security policy you just created and select "Properties". In the dialog box, remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side to add a new rule. Then the "New Rule Properties" dialog box will pop up, and click the "Add" button on the screen. The IP filter list window pops up. In the list, first remove the hook on the left of "Use the Add Wizard", and then click the "Add" button on the right to add a new filter.

3. Enter "Filter." In the "Server Properties" dialog box, the first thing you see is the search address. Select "Any IP Address" for the source address, select "My IP Address" for the destination address, click the "Protocol" tab, and select "Select Protocol Type". Select "TCP" in the drop-down list , then enter "135" in the text box under "To this port" and click OK. This will add a filter that blocks the TCP135 port, which can prevent the outside world from passing through the 135 port. Connect to your computer. Click OK and return to the filter list dialog box. You can see that a policy has been added. Repeat the above steps to continue adding TCP137 139 445 593 1025 2745 3127 3128 3389 6129 port and udp 135 139. 445 port, create corresponding filters for them, and finally click the OK button.

4. In the "New Rule Properties" dialog box, select "New IP Filter List" and click the checkbox to the left of it, indicating that it has been activated. Finally, click on the "Filter Operation" tab, remove the hook to the left of "Use Add Wizard", click the "Add" button, and in the "Security Method" tab of "New Filter Operation Properties" , select Block, then click Apply and OK.

5. Enter the "New Rule Properties" dialog box, select the check box to the left of "New Filter Action", indicating that it has been activated, and click the "Close" button to close the dialog box. Finally, in the "New IP Security Policy Properties" dialog box, check the left box of "New IP Filter List" and click OK to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP security policy and select "Assign".

Script House editor's note: For more detailed IP security policy setting methods, please refer to this article: http://www.jb51.net/article/86271.htm

Original work , reprinting is allowed. When reprinting, please be sure to indicate the original source of the article, author information and this statement in the form of hyperlink. Otherwise held liable.

The above is the detailed content of Win2008 R2 WEB Server Security Settings Guide: Detailed introduction to disabling unnecessary services and closing ports. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

解决“win11开机后提示pin码不再可用的安全设置更改问题”的方法Jan 29, 2024 pm 02:27 PM

我们在使用win11系统的时候会设置pin码来帮助自己的电脑数据，不过也有不少的用户们在设置pin码的时候显示此设备上的安全设置已更改，pin码不再可用那么这要怎么办？用户们可以进入疑难解答里面来进行设置，下面就让本站来为用户们来仔细的介绍一下win11开机显示此设备上的安全设置已更改，pin码不再可用怎么办？吧。win11开机显示此设备上的安全设置已更改，pin码不再可用怎么办？首先，在出现你的PIN不可用、需要重新设置PIN的页面，按住shift键并选择重启。稍后会出现请稍后字样，然后进入重

如何在360极速浏览器中进行安全设置Jan 29, 2024 pm 09:51 PM

360极速浏览器应怎么进行安全设置?我们在使用360极速浏览的时候，应该如何进行安全设置，下面介绍下！我们平时会使用360极速浏览器浏览网页，使用的时候担心会有有害网站入侵我们的游览器，所以我们会进行一些安全设置，那么具体应该如何设置呢，小编下面整理了360极速浏览器进行安全设置详细操作，不会的话，跟着我一起往下看吧！360极速浏览器进行安全设置详细操作1、打开360极速浏览器，找到右上角带三横线的图标，点击进入。2、进入到设置主菜单，找到下面的“选项”，点击进入。3、进入“选项”界面后，在左侧

PHP文件权限管理和安全设置Aug 08, 2023 pm 02:51 PM

PHP文件权限是服务器上保护文件安全的重要措施之一。合理设置文件权限可以防止恶意用户对文件进行修改、删除或执行恶意代码的行为。因此，在开发和部署PHP应用程序时，必须要对文件权限进行正确设置和管理，以确保应用的安全性。一、基本概念文件权限分为三个层次，分别是用户（Owner）、用户组（Group）和其他用户（Other），每个层次各有三个权限，分别是读（Re

Nginx的HTTP2协议优化与安全设置Jun 10, 2023 am 10:24 AM

随着互联网的不断发展和改善，Web服务器在速度和性能上的需求也越来越高。为了满足这样的需求，Nginx已经成功地掌握了HTTP2协议并将其融入其服务器的性能中。HTTP2协议要比早期的HTTP协议更加高效，但同时也存在着特定的安全问题。本文将为您详细介绍如何进行Nginx的HTTP2协议优化和安全设置。一、Nginx的HTTP2协议优化1.启用HTTP2在N

Nginx访问控制列表（ACL）的安全设置Jun 10, 2023 pm 09:55 PM

在今天的互联网环境下，安全性已经成为了任何系统的重要组成部分。Nginx是当前最流行的Web服务器之一，它的访问控制列表（ACL）是保护网站安全的重要工具。一个良好设置的NginxACL可以帮助你保护你的服务器和网站不受攻击。本篇文章将探讨如何设置Nginx访问控制列表来保证你的网站安全。什么是Nginx访问控制列表（ACL）？ACL（AccessCon

Nginx性能优化与安全设置Jun 10, 2023 am 09:18 AM

Nginx是一种常用的Web服务器，代理服务器和负载均衡器，性能优越，安全可靠，可以用于高负载的Web应用程序。在本文中，我们将探讨Nginx的性能优化和安全设置。一、性能优化调整worker_processes参数worker_processes是Nginx的一个重要参数。它指定了可以使用的worker进程数。这个值需要根据服务器硬件、网络带宽、负载类型等

Nginx的IPv6安全设置Jun 10, 2023 pm 02:16 PM

随着IPv6的普及，越来越多的网站需要考虑IPv6的安全性，而Nginx作为一款高性能的Web服务器，也需要进行IPv6安全设置来保证网站的安全运行。本文将介绍Nginx的IPv6安全设置方法及注意事项，帮助管理员更好地保障网站的安全。开启IPv6支持首先，在Nginx中开启IPv6支持非常重要。要确保Nginx被编译时，使用了正确的IPv6选项。在编译时，

Nginx的HTTP响应头与安全设置实践Jun 10, 2023 am 10:22 AM

Nginx是一款广泛使用的Web服务器和反向代理服务器，在提供高性能Web服务的同时，Nginx也具有良好的安全性能。而在Nginx的配置中，HTTP响应头和安全设置的正确配置是保证Nginx安全性的重要因素之一。本文将介绍Nginx的HTTP响应头和安全设置，并提供一些实践经验。一、HTTP响应头HTTP响应头是服务器响应客户端请求时，返回的一些HTTP头

See all articles