一、 Windows 2000安全配置
■. 确保所有磁盘分区为NTFS分区
■. 操作系统、Web主目录、日志分别安装在不同的分区
■. 不要安装不需要的协议,比如IPX/SPX, NetBIOS?
■. 不要安装其它任何操作系统
■. 安装Service Pack
■. 安装hotfix,一般需要安装如下补丁
- Q260347_W2K_sp2_x86_cn(IISCrosssite)
- Q262694_W2K_SP2_x86_CN(resetBrowseForm)
- Q269049_W2K_SP2_x86_CN(shellpath)
- Q269862_W2K_SP2_x86_CN(unicode)
- Q270676_W2K_SP2_x86_CN(shurufa)
- Q272743_W2K_SP2_x86_CN(NTLM)
- Q277873_W2K_sp2_x86_CN(filerequest)
- Q278499_W2K_sp2_x86_CN(indexserv)
- Q280322_W2K_sp2_x86_CN(malwebform)
- q285851_w2k_sp3_x86_cn(netdde)
具体可参考微软网站: http://www.microsoft.com/Windows2000/downloads
■. 关闭所有不需要的服务 - Alerter (disable)
- ClipBook Server (disable)
- Computer Browser (disable)
- DHCP Client (disable)
- Directory Replicator (disable)
- FTP publishing service (disable)
- License Logging Service (disable)
- Messenger (disable)
- Netlogon (disable)
- Network DDE (disable)
- Network DDE DSDM (disable)
- Network Monitor (disable)
- Plug and Play (disable after all hardware configuration)
- Remote Access Server (disable)
- Remote Procedure Call (RPC) locater (disable)
- Schedule (disable)
- Server (disable)
- Simple Services (disable)
- Spooler (disable)
- TCP/IP Netbios Helper (disable)
- Telephone Service (disable)