1. Refusing to start unknown services
One day it was discovered that the server suddenly became 'unresponsive'. How did this happen? What happened? When this phenomenon occurs most of the illegal attackers have activated a special network service in the server by hacking into the server system. If it is not stopped in time the server system resources will soon be exhausted.
In fact by using the built-in 'net start' command in the Windows 2000 Server system you can clearly know which services are currently enabled in the system and prohibit the services of unknown origin in time. First open the system running dialog box and then enter the 'cmd' command in it and click the Enter key the screen will be switched to MS-DOS state. In the DOS command line you can directly execute the 'net start' command and then the system will automatically list the currently started services (as shown in Figure 1); carefully check which services are of unknown origin and then Execute the 'net stop server' command in the command line (Server is a specific unknown service) to temporarily stop the unknown service.
2 forcibly specify a password policy
to prevent login to the server The account of is 'stolen' by other criminals. You can use the 'net accounts' command to force the logged-in user to change bad password usage habits. For example 'Force' the password must have at least a few digits and 'Force' the user must change the password regularly.
For example when the server login user is required to create an access account the password must have no less than 6 digits. You can directly enter the 'Net Accounts /MinPWLen:6' command in the DOS command line and click Enter After the key is pressed the password digits of the new account will be 'forced' to no less than 6 digits.
If you want to \u0026ldquo;force\u0026rdquo; the user must change the password in a specified time you can execute the following command \u0026ldquo;Net Accounts /minpwage:n\u0026rdquo; (where n is the specific number of days); for example If the user is required to change the password every 6 days just execute 'Net Accounts /minpwage:6'. If you want to specify that the user must modify the password within a certain period of time you can execute the 'Net Accounts /minpwage:n1 /maxpwage:n2' command where 'n1' is the minimum number of days required and 'n2' is the maximum required how many days.
3. Check who is secretly connecting
If you suspect that your server has been secretly \u0026ldquo;kind of\u0026rdquo; on the Trojan horse program by hackers or suspect that the server system has been infected If you have a virus but you do not have a professional Trojan horse or virus killing tool for the time being you can use the built-in network command 'netstat' of the Windows 2000 Server system to check who is secretly connecting to your server.
The netstat command allows you to clearly understand how the server is directly connected to the Internet and this command can list all the connection information in the current server in detail including network interface information and network connection information Routing table information etc.
When using the command method to check the network connection you can directly enter the 'netstat'-a' string in the DOS command and click the Enter key and you will be in the network shown in Figure 2. In the connection list see who is secretly connecting to your server. It is not difficult to see from the interface in Figure 2 that there are already ports 4932 from the '126.96.36.199' host and port 50486 from the '188.8.131.52' host to establish an connection with the server.
In addition if you find in the 'Local address' column an unknown port is opened such as the glacier Trojan's port 7626 which indicates your server Trojans already exist in. At this time the connection between the server and the Internet must be disconnected in time and the Trojan horse or virus killing tool should be used to remove the Trojan horse from the server to ensure the security of the server. In short if you use the 'netstat' command well you can fully monitor the server's connection status thereby achieving the purpose of controlling server security.
4. Check account abnormalities
Many hackers like to use 'clone' login account method to secretly damage the server system. The method often used by these hackers is to first activate a default account in the server that is not frequently used and then use professional tools to 'upgrade' the default account to administrator privileges. At first glance the default account looks the same as usual but after the 'upgrade' it has become the biggest security risk of the server. You can use the 'net user' command to check the abnormal situation of the server account in time.
First execute the \u0026ldquo;net user\u0026rdquo; command in the DOS command line and then you can know which user accounts are contained in the server. Then run the \u0026ldquo;net user username\u0026rdquo; command to see what permissions each user account belongs to. For example when you want to view the permissions of the Guest account you can directly execute the 'net user guest' command. In the pop-up interface check whether the Guest account has become a member of the 'administrator' group. If so In all likelihood the server system has been attacked by hackers. At this point you don't hesitate to run the 'net user guest /delete' command directly to delete the account.
5. Hide the server
In order to prevent hackers or other illegal attackers from easily searching for the name of the LAN server you can cleverly use the \u0026ldquo;net config\u0026rdquo; command to change The name of the server is temporarily hidden. As a result illegal users in the local area network cannot find the 'figure' of the server even through the Network Neighborhood window and the risk of external attacks on the server will be greatly reduced.
If you want to hide the name of the server with a command you can directly enter 'net config server /hidden:yes' in the DOS command line (where server is the computer name of the server). After pressing Enter the server The computer name will automatically disappear from the Network Neighborhood window so that hackers can't know what the server's name is let alone how to attack it.
Win 2000 built in security commands to ensure system security
1. Refusing to start unknown services