Win2000+IIS 5.0安全配置规范(1)

一、 Windows 2000安全配置

■. 确保所有磁盘分区为NTFS分区
■. 操作系统、Web主目录、日志分别安装在不同的分区
■. 不要安装不需要的协议,比如IPX/SPX, NetBIOS?
■. 不要安装其它任何操作系统
■. 安装Service Pack
■. 安装hotfix,一般需要安装如下补丁

  • Q260347_W2K_sp2_x86_cn(IISCrosssite)
  • Q262694_W2K_SP2_x86_CN(resetBrowseForm)
  • Q269049_W2K_SP2_x86_CN(shellpath)
  • Q269862_W2K_SP2_x86_CN(unicode)
  • Q270676_W2K_SP2_x86_CN(shurufa)
  • Q272743_W2K_SP2_x86_CN(NTLM)
  • Q277873_W2K_sp2_x86_CN(filerequest)
  • Q278499_W2K_sp2_x86_CN(indexserv)
  • Q280322_W2K_sp2_x86_CN(malwebform)
  • q285851_w2k_sp3_x86_cn(netdde)
    具体可参考微软网站: http://www.microsoft.com/Windows2000/downloads
    ■. 关闭所有不需要的服务
  • Alerter (disable)
  • ClipBook Server (disable)
  • Computer Browser (disable)
  • DHCP Client (disable)
  • Directory Replicator (disable)
  • FTP publishing service (disable)
  • License Logging Service (disable)
  • Messenger (disable)
  • Netlogon (disable)
  • Network DDE (disable)
  • Network DDE DSDM (disable)
  • Network Monitor (disable)
  • Plug and Play (disable after all hardware configuration)
  • Remote Access Server (disable)
  • Remote Procedure Call (RPC) locater (disable)
  • Schedule (disable)
  • Server (disable)
  • Simple Services (disable)
  • Spooler (disable)
  • TCP/IP Netbios Helper (disable)
  • Telephone Service (disable)
Published At
Categories with 服务器类
Tagged with
comments powered by Disqus