Windows服务器安全维护的几个需要注意点_服务器配置

1、合理的配置权限，每个站点均配置独立的internet来宾帐号，限制internet 来宾帐号的访问权限，只允许其可以读取和执行运行网站所需要的程序，只对甲方站点的网站目录有读取和写入权限，禁止访问其它目录，并限制其执行危险的命令，这样就算黑客有办法上传了木马程序到甲方网站目录，也无法执行，更不会对系统造成危害。

2、降低SQL数据库、SERV-U FTP等应用软件服务的运行权限，删除MSSQL数据库不必要的、危险的存储过程，防止黑客利用漏洞来进一步入侵和提升权限，并通过有效的设置，防止未知的溢出攻击。

3、对网站的代码进行检查，检查是否被黑客放置了网页木马和ASP木马、网站代码中是否有后门程序。

4、对服务器操作系统的日志进行分析，检查系统是否被入侵，查看是否被黑客安装了木马及对系统做了哪些改动。

5、对网站代码安全性进行检查，检查是否存在SQL注入漏洞、上传文件漏洞等常见的危害站点安全的漏洞。

6、对服务器操作系统打上最新的补丁，合理的配置和安装常用的应用软件(比如防火墙、杀毒软件、数据库等)，并将服务器的软件更新为安全、稳定、兼容性好的版本。

7、对服务器操作系统进行合理配置和优化，注销掉不必要的系统组件，停掉不必要的危险的服务、禁用危险的端口，通过运行最小的服务以达到最大的安全性。

8、对常用应用程序的服务端口和提示信息，进行隐藏和伪造，防止黑客利用扫描工具来获取服务器信息。

注：以上维护项目仅针对windows操作系统平台的服务器。以上服务所涉及安装的软件，版权问题由客户自行解决。只对客户网站代码中所涉及代码安全的部分做修改和编写，不对客户网站其它部分代码进行修改和编写。

【以下内容为电脑知识网站提供英文翻译，未经授权请勿转载】

1, a reasonable allocation of authority, independent of each site are targeting the internet guests account, the account limit internet access to guests, only to allow its implementation and operation can be read by the need to site the procedure only on the website of Party A directory of sites have Read and write access, prohibit access to other directories, and to limit the risk of the implementation of its orders, so even if a hacker to upload a Trojan horse to Party A web directory, and can not be implemented, the system will not cause harm.

2, lower SQL database, SERV-U FTP software applications such as the operation of authority, MSSQL database to delete unnecessary and dangerous storage process, hackers use loopholes to prevent further invasion and to upgrade the competence and, through efficient set up to prevent unknown Overflow attacks.

3, the code of conduct site inspections to check whether the hackers were placed page Trojans and ASP Trojans, whether there is a site code in the backdoor.

4, the server operating system log analysis, check whether the system was compromised, hackers see if the Trojans and the installation of the system to do what changes.

5, the safety code of conduct site inspections to check whether there SQL injection loopholes, upload files and other common hazards loopholes site security loopholes. (PC235.COM Editor: the founding of the PRC)

6, to bear the latest server operating system patches, and installation of a reasonable allocation of common software applications (such as firewalls, antivirus software, databases, etc.) and server software updates for security, stability, good compatibility version.

7, the server operating system for rational allocation and optimization, cancelled out unnecessary system components, Tingdiao the risk of unnecessary services, disable dangerous port, by running the minimum services to achieve maximum security.

8, the common applications of information and tips on port services, to hide and forgery, use of scanning tools to prevent hackers to access server information.

Note: The above item only safeguard against windows server operating system platforms. More services involved the installation of software, copyright issues by the client to resolve. Site code only to customers involved in the security code part of the preparation and making changes, not other sites, some of the code revision and preparation.