日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
來自西部數(shù)碼的WEB服務(wù)器安全設(shè)置
1、安全設(shè)置建議

(1)檢查SP2補(bǔ)丁是否已經(jīng)安裝!改為每天3:00自動(dòng)更新打補(bǔ)?。?br />
(2)進(jìn)行防火墻和端口限制功能設(shè)置時(shí),請(qǐng)務(wù)必小心操作,以免失去遠(yuǎn)程管理權(quán)限!

------在網(wǎng)上鄰居點(diǎn)右鍵 >屬性》高級(jí),打開win2003的防火墻功能,設(shè)置為只允許20,21,25,80,110,1433,3306,遠(yuǎn)程桌面3389,33000~33003(FTP PASV)等端口。

------建議在高級(jí)里面>icmp>允許回顯,這樣允許ping,方便調(diào)試!

------在網(wǎng)上鄰居點(diǎn)右鍵 >屬性>Tcp/ip>高級(jí)>選項(xiàng)>端口限制 ,只允許20,21,25,80,110,1433,3306,遠(yuǎn)程桌面3389,33000~33003等常用端口

------打開win2003的防火墻,并且只打開了需要的端口。不推薦在服務(wù)器上安裝其他個(gè)人防火墻或設(shè)置安全策略,如果確實(shí)需要安裝或設(shè)置,請(qǐng)千萬確保不將遠(yuǎn)程終端服務(wù)關(guān)閉(即封鎖所有進(jìn)入服務(wù)器的通信)。

------如果要更改遠(yuǎn)程桌面的端口3389,請(qǐng)務(wù)必在tcp/ip屬性里的tcp/ip篩選里添加對(duì)應(yīng)的端口,并在防火墻選項(xiàng)中添加對(duì)應(yīng)的端口,否則重啟后將不能遠(yuǎn)程管理服務(wù)器!

------不可更改服務(wù)器的IP/子網(wǎng)掩碼/網(wǎng)關(guān)設(shè)置。

(3)若您安裝SQLSERVER服務(wù)器,必須馬上打SP4補(bǔ)丁,否則極易中SQLSERVER蠕蟲病毒并導(dǎo)致服務(wù)器通信中斷。

(4)重要的數(shù)據(jù)建議都放在D盤,C盤只放置程序和系統(tǒng)文件,以防止在日后重裝系統(tǒng)的時(shí)候造成數(shù)據(jù)丟失。

昆山ssl適用于網(wǎng)站、小程序/APP、API接口等需要進(jìn)行數(shù)據(jù)傳輸應(yīng)用場(chǎng)景,ssl證書未來市場(chǎng)廣闊!成為創(chuàng)新互聯(lián)公司的ssl證書銷售渠道,可以享受市場(chǎng)價(jià)格4-6折優(yōu)惠!如果有意向歡迎電話聯(lián)系或者加微信:18982081108(備注:SSL證書合作)期待與您的合作!

2、權(quán)限安全

這里放上西部數(shù)碼的一個(gè)安全腳本safe.cmd

west_server_safe.rar,自己解壓縮下吧。

再放一份源碼版的


復(fù)制代碼 代碼如下:

@echo off

echo y|cacls.exe C:\ /p Administrators:f system:f "network service":r

echo y|cacls.exe D:\ /p Administrators:f system:f servU:f "network service":r

echo y|cacls.exe E:\ /p Administrators:f system:f servU:f "network service":r

echo y|cacls.exe "C:\Program Files" /t /p Administrators:f system:f everyone:r

echo y|cacls.exe  "C:\Program Files\Common Files" /t /g Administrators:f system:f everyone:r

echo y|cacls.exe c:\windows /p Administrators:f system:f

echo y|cacls.exe c:\windows\system32 /p Administrators:f system:f

echo y|cacls.exe C:\WINDOWS\system32\inetsrv /p Administrators:f system:f everyone:r

echo y|cacls.exe "C:\Documents and Settings" /p Administrators:f system:f 

echo y|cacls.exe "C:\Documents and Settings\All Users" /t /p Administrator:f system:f everyone:r

echo y|cacls.exe c:\windows\temp /p everyone:f 

echo y|cacls.exe %systemroot%\system32\shell32.dll /p Administrators:f

echo y|cacls.exe %systemroot%\system32\wshom.ocx /p Administrators:f

echo y|cacls.exe c:\windows\system32\*.exe /p Administrators:f system:f

echo y|cacls.exe "c:\Documents and Settings\All Users" /e /g everyone:r

echo y|cacls.exe %systemroot%\system32\svchost.exe /e /g "network service":r

echo y|cacls.exe %systemroot%\system32\msdtc.exe /e /g "network service":r

echo y|cacls.exe %windir%\system32\mtxex.dll /e /g everyone:r

echo y|cacls.exe c:\windows\system32\cmd.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\net1.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\sc.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\at.exe /p Administrator:f

echo y|cacls.exe %windir%\system32\dllhost.exe /e /g everyone:r

echo y|cacls.exe c:\windows\system32\netsh.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\cacls.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\cmdkey.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\ftp.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\tftp.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\reg.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\regedt32.exe /p Administrator:f

echo y|cacls.exe c:\windows\system32\regini.exe /p Administrator:f

echo y|cacls.exe %windir%\assembly /e /t /g "network service":r

echo y|cacls.exe %windir%\Microsoft.NET /e /t /g everyone:r

echo y|cacls.exe "%windir%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /g everyone:f

echo y|cacls.exe %windir%\system32\mscoree.dll /e /g everyone:r

echo y|cacls.exe %windir%\system32\ws03res.dll /e /g everyone:r

echo y|cacls.exe %windir%\system32\msxml*.dll /e /g everyone:r

echo y|cacls.exe C:\WINDOWS\system32\urlmon.dll /e /g everyone:r

echo y|cacls.exe C:\WINDOWS\system32\mlang.dll /e /g everyone:r

echo y|cacls.exe C:\WINDOWS\system32\TAPI32.dll /e /g everyone:r

echo y|cacls.exe C:\WINDOWS\system32\WININET.dll /e /g everyone:r

cacls c:\windows\assembly /e /t /p "network service":r

cacls c:\windows\Microsoft.NET /e /t /p "network service":r

cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f

cacls C:\WINDOWS\system32\mscoree.dll /e /g everyone:r

cacls C:\WINDOWS\system32\ws03res.dll /e /g everyone:r

cacls c:\WINDOWS /e /g "network service":r

if exist c:\windows  cacls c:\windows /e /g "network service":r

cacls c:\windows\Microsoft.NET /e /t /p "network service":r

cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f

cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /e /t /p "network service":f

cacls c:\windows\system32 /e /g "network service":r

cacls c:\windows\system32\rasapi32.dll /e /g "network service":r

echo y|cacls.exe C:\WINDOWS\system32\inetsrv\adsiis.dll /p Administrators:f autosystem:f

echo y|cacls.exe C:\WINDOWS\system32\inetsrv\iisadmpwd /p Administrators:f autosystem:f

echo y|cacls.exe C:\WINDOWS\system32\inetsrv\MetaBack /p Administrators:f autosystem:f

cacls C":\Program Files\Serv-U" /e /g "servu":f

cacls d:\wwwroot /e /g servU:f

cacls c:\windows /e /g everyone:R

net stop Browser

sc config Browser start= disabled

net stop lanmanserver

sc config lanmanserver start= disabled

net share c$ /delete

net share d$ /delete

net share e$ /delete

net share f$ /delete

net share admin$ /delete

net share ipc$ /delete

echo  .. delshare.reg .......

echo Windows Registry Editor Version 5.00> c:\delshare.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg

echo "AutoShareWks"=dword:00000000>> c:\delshare.reg

echo "AutoShareServer"=dword:00000000>> c:\delshare.reg

echo  .. delshare.reg .....

regedit /s c:\delshare.reg

echo  .. delshare.reg ....

del c:\delshare.reg

echo .

echo ........

echo .

echo =========================================================

echo .

echo .....................dos....

echo .

echo .........

echo Windows Registry Editor Version 5.00> c:\dosforwin.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg

echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg

echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg

echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.reg

echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg

echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg

echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg

echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg

echo 00,00,00,00>> c:\dosforwin.reg

echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg

echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg

echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg

echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg

echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg

echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg

echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg

echo .

echo ==========================================================

echo .. dosforwin.reg .....

regedit /s c:\dosforwin.reg

echo  .. dosforwin.reg ....

del c:\dosforwin.reg

echo ==============================================================

echo .

echo ===============================================================

echo ..Remote Registry Service...........

echo .........

echo .

echo Windows Registry Editor Version 5.00> c:\regedit.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.reg

echo "Start"=dword:00000004>> c:\regedit.reg

echo .

echo .. regedit.reg .....

regedit /s c:\regedit.reg

echo .

echo ......

del c:\regedit.reg

echo ===============================================================

echo ..Messenger.......

echo .........

echo Windows Registry Editor Version 5.00> c:\message.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.reg

echo "Start"=dword:00000004>> c:\message.reg

echo .

echo .. message.reg .....

regedit /s c:\message.reg

echo .

echo .. message.reg

del c:\message.reg

echo ===============================================================

echo ===============================================================

echo ..lanmanserver.......

echo .........

echo Windows Registry Editor Version 5.00> c:\lanmanserver.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]>> c:\lanmanserver.reg

echo "Start"=dword:00000004>> c:\lanmanserver.reg

echo .

echo .. lanmanserver.reg .....

regedit /s c:\lanmanserver.reg

echo .

echo .. lanmanserver.reg

del c:\lanmanserver.reg

echo ==============================================================

echo ...TCP/IP NetBIOS Helper Service

echo .........

echo Windows Registry Editor Version 5.00> c:\netbios.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.reg

echo "Start"=dword:00000004>> c:\netbios.reg

echo .

echo .. netbios.reg .....

regedit /s c:\netbios.reg

echo .

echo .. netbios.reg

del c:\netbios.reg

regedit /s forddos.reg

腳本上未帶Serv-u的目錄安全權(quán)限,就一條。單獨(dú)發(fā)這里了

cacls "C:\Program Files\Serv-U" /t /P administrators:f servu:r

還有一個(gè)反操作的,已經(jīng)打包到上面的文件里面了。
注意哦,里面的目錄路徑自己都要改成自己的哦。

3、腳本映射
刪除無用的腳本映射,讓你的服務(wù)器會(huì)更安全。這里根據(jù)西部數(shù)碼的收集了一份
最簡(jiǎn)單的修改方法是在這個(gè)文件C:\WINDOWS\system32\inetsrv\MetaBase.xml,具體自己打開看了。
SHTML腳本映射

.shtm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.shtml,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.stm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST

ASP腳本映射

.asp,C:\windows\System32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.asa,C:\windows\System32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE

PHP CGI腳本映射

.php,D:\wwwsoft\PHP\php-cgi.exe,5,GET,HEAD,POST,TRACE
.php3,D:\wwwsoft\PHP\php-cgi.exe,5,GET,HEAD,POST,TRACE

PHP ISAPI腳本映射

.php,D:\wwwsoft\PHP\php5isapi.dll,5,GET,HEAD,POST,TRACE
.php3,D:\wwwsoft\PHP\php5isapi.dll,5,GET,HEAD,POST,TRACE

ASP.NET v2.0腳本映射
ASP.net2.0兼容v1.0,所以一般使用2.0的設(shè)置就可以了

.asax,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ascx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ashx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.asmx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.aspx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.axd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.vsdisco,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rem,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.soap,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.config,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cs,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.csproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vbproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.webinfo,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.licx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resources,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.xoml,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rules,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.master,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.skin,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.compiled,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.browser,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.mdb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.jsl,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vjsproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sitemap,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.msgx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.ad,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.dd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.adprototype,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.lddprototype,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
;.sdm,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sdmDocument,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.svc,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.mdf,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldf,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.java,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.exclude,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.refresh,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG

不解,上面怎么有java的映射呢?


分享文章:來自西部數(shù)碼的WEB服務(wù)器安全設(shè)置
轉(zhuǎn)載注明:http://www.dlmjj.cn/article/dhjcshj.html