SoFunction
Updated on 2025-04-04

Win2003 Server Security Configuration Complete Article Port Close Page 2/3


3. Turn off the default shared empty connection

Since it is relatively simple, I won’t discuss it here.

4. Disk permission settings

The C drive only gives administrators and system permissions, and other permissions are not given. Other disks can also be set in this way. The system permissions given here do not necessarily need to be given. It is just that some third-party applications are started in the form of services, and this user needs to be added, otherwise it will not be launched.

The Windows directory must be added with default permissions to users, otherwise applications such as ASP and ASPX will not run. In the past, some friends set directory permissions such as Instsrv and temp separately, but this is not necessary.

In addition, in c:/Documents and Settings/, the permissions in the subsequent directory will not inherit the previous settings at all. If you only set the permissions of the C drive to administrators, and in the All Users/Application Data directory, everyone users have full control rights. In this way, intrusion can jump to this directory, write scripts or only files, and combine other vulnerabilities to increase permissions;

For example, using serv-u's local overflow to increase permissions, or the system misses patches, database weaknesses, and even social engineering, etc., there was no such thing as a great man in the past, saying: "Just give me a webshell, I can get the system", which is indeed possible. In systems used as web/ftp servers, it is recommended to lock all these directories. The directories of each other disk are set in this way, and only the adinistrators are given permissions without disks.

In addition, it will also:

NET Commands

CMD Anyone who knows computers knows it~





 





ACL user group permission settings, this command can set any permissions for any folder under NTFS! This is used a lot when intruding....(:

  

Everyone knows the ASP *. There is a CMD running this. If all of these can be run under CMD...55, I guess there is nothing else, but I guess it will be a cry under format~~~(: These files are set to only allow administrators to access.

5. Installation of firewall and antivirus software

I can’t say about the installation of this thing. Anyway, there are all kinds of installations. It is recommended to use Kaba and sell coffee.
Previous page123Next pageRead the full text