Your location:Tech News>OS>Windows 2000>To elaborate on the system security countermeasures of Win2000

Latest News

To elaborate on the system security countermeasures of Win2000

Author:fsadmin

Views:

However because the operating system is a multi-user operating system hackers often choose Win2000 as the first target in order to hide themselves from the attack. So as a Win2000 user how can we prevent the security of Win2000 in a reasonable way? The author collects and organizes some measures to prevent the security of Win2000. Now I will contribute them. I urge all netizens to keep adding and perfect.
  1. Back up the system in time
In order to prevent the system from being difficult to operate normally due to other circumstances during use we should back up the Win2000 intact system. It is best to complete the Win2000 system installation task After that the entire system is backed up and the integrity of the system can be verified based on this backup in the future so that you can find out whether the system files have been illegally modified. If the system files have been damaged you can also use the system backup to restore to the normal state. When backing up information we can back up the intact system information on a CD-ROM. Later we can regularly compare the system with the contents of the CD to verify whether the integrity of the system is damaged. If the security level is particularly high you can set the CD to be bootable and use the verification as part of the system startup process. As long as it can be booted from the CD it means that the system has not been destroyed.
  2 set the system format to NTFS
When installing Win2000 you should choose custom installation and only select system components and services necessary for individuals or organizations and cancel unused network services and agreements because of the agreement and service installation The more the more ways for intruders to invade and the greater the potential system security risks. When choosing Win2000 file system you should choose NTFS file system to make full use of the security of NTFS file system. The NTFS file system can restrict the files that each user is allowed to read and write to any folder in the disk directory and the new disk quota service of Win2000 can also control the amount of disk space allowed for each user.
  3. Encrypting files or folders
In order to prevent others from peeping at the files in the system we can use the encryption tools provided by the Win2000 system to protect files and folders. The specific steps are: in 'Win Explorer' right-click the file or folder you want to encrypt and then click 'Properties'. Click \u0026ldquo;Advanced\u0026rdquo; on the \u0026ldquo;General\u0026rdquo; tab and then select the \u0026ldquo;Encrypt content to ensure data security\u0026rdquo; check box.
  4. Cancel the EveryOne group of the shared directory
By default when a shared directory is added in Win2000 the operating system will automatically add the EveryOne user group to the permission module. Because of this group’s default The permissions are fully controlled and as a result anyone can read and write to the shared directory. Therefore after creating a new shared directory immediately delete the EveryOne group or adjust the permissions of the group to read.
  5. Create an emergency repair disk
If the system is accidentally damaged and cannot start normally a special Win2000 system startup disk is required. For this reason we must remember to create an emergency after Win2000 is installed. Repair the disk. When creating the boot disk we can use a tool named NTBACKUP.EXE of Win2000 to achieve. Run NTBACKUP.EXE select 'Create an Emergency Repair Disk' from the toolbar and insert a blank formatted floppy disk in the A: drive and click 'OK' click 'OK' When you reach the completion message click 'OK'. The repair disk can no longer be used to restore user account information etc. and you must back up/restore Active Directory which will be overwritten during the backup.
  6. Improve the login server
Moving the system login server to a separate machine will increase the security level of the system. Using a more secure login server to replace Win2000's own login tool can also be further improved Safety. In a large Win2000 network it is best to use a separate login server for login services. It must be a server system that can meet all system login requirements and have enough disk space. There should be no other services running on this system. A more secure login server will greatly reduce the ability of an intruder to tamper with log files through the login system.
  7. Use the security mechanism
Strictly design and manage the security rules of the Win2000 system which mainly include \u0026ldquo;password rules\u0026rdquo; \u0026ldquo;account lock rules\u0026rdquo; \u0026ldquo;user rights assignment rules\u0026rdquo ; \u0026ldquo;audit rules\u0026rdquo; and \u0026ldquo;IP security rules\u0026rdquo;. All users should be grouped according to work needs. Reasonable grouping of users is the most important basis for system security design. Use security rules to limit the validity period and password length of a user's password. Set how many login failures to lock the workstation and effectively control various behaviors such as user backup files and directories shutdown and network access.
  8. Keep track of the system
In order to closely monitor the hacker’s attack activities we should start the Win2000 log file to record the operation of the system. When the hacker is attacking the system its clues Will be recorded in the log file so when many hackers start to attack the system they often modify the log file of the system to hide their whereabouts. For this reason we must restrict access to the log file and prohibit users with general permissions. Go check the log file. Of course the built-in log management program function in the system may not be too strong we should use a special log program to observe those suspicious multiple connection attempts. In addition we must be careful to protect passwords and users with root permissions because once hackers know these accounts with root permissions they can modify the log files to hide their tracks.
  9. Use login scripts well
Develop system policies and user login scripts to appropriately restrict network user behavior. We can use the system policy editor and user login scripts to set the working environment for the user control the operations performed by the user on the desktop control the programs executed by the user and control the time and location of the user login (such as only allowing the user to work during work hours Log in on the machine in your office except for this all access is prohibited) taking the above measures can further enhance the security of the system.
  10. Check system information frequently.
If you suddenly feel that the computer is not working properly during work it feels like someone is remotely controlling you. At this time you must stop your work in time and immediately press the Ctrl+Alt+Del composite key to check whether the system is running any other programs. Once you find an inexplicable program running you should stop it immediately to avoid damage to the entire computer The system has a greater threat. But not all programs appear in the program list when running. Some programs such as Back Orifice (a hacker's backdoor program) are not displayed in the process list of the Ctrl+Alt+Del composite key. It is best to run 'Accessories' ;/\u0026ldquo;System Tools\u0026rdquo;/\u0026ldquo;System Information\u0026rdquo; then double-click on \u0026ldquo;Software Environment\u0026rdquo; select \u0026ldquo;Running Task\u0026rdquo; in the task list look for programs that you are not familiar with or that you have not run Once the program is found it should be terminated immediately to prevent future troubles.
  11. Be vigilant against virus attacks.
Nowadays viruses are spreading faster and faster on the Internet. In order to prevent active infection of viruses we’d better not use Win2000 to access illegal websites or download rashly. And run programs that do not name the truth. For example if you receive an e-mail with an attachment and the attachment is a file with an EXE extension you must not run it at will because this unclear program may be a system destroying program . Attackers often e-mail you the system sabotage program under a different name with some deceptive topics to lie to you: 'This thing will bring you surprises'' Help me test the program \u0026rdquo; things like that. You must be vigilant! To treat these seemingly friendly and well-intentioned e-mail attachments what we should do is to delete these files of unknown origin immediately.
  12. Set the security parameters of the system
Make full use of the local security performance of the NTFS file system design the read

Recommend article

Relate article