In order to ensure the security of the remote control operation of the server, Windows Server 2008 system has been specially strengthened in this regard, and many new security functions have been introduced, but some functions are not enabled by default, which requires us to do it ourselves. The security of the remote control Windows Server 2008 server system can be guaranteed only if the system is properly set up.

1. Only designated personnel are allowed to perform remote control

If any ordinary user is allowed to remotely control the Windows Server 2008 server system at will, it is definitely difficult to effectively guarantee the security of the server system. In view of this, we can properly set up the Windows Server 2008 server system, and only allow designated personnel to remotely control it through the remote desktop connection. The following are the specific setting steps:

First, open the "Start" menu of the Windows Server 2008 server system desktop, expand the "Programs", "Administrative Tools", and "Server Manager" options in turn, and in the corresponding system server manager console window that appears thereafter, click Select the "Server Management" node option in the left sub-pane, then select the "Server Summary" setting item under the target node branch, and then click the "Configure Remote Desktop" item to enter the remote control Windows Server 2008 system setting dialog box;

Secondly, click the "Select User" button in the "Remote Desktop" of the setting dialog box to open the setting interface as shown in Figure 1, from which we will see all user accounts that can remotely control the Windows Server 2008 server system. Once we see that there is an unfamiliar user account or an untrusted user account, we can select it and click the "Delete" button to delete it from the system; then click the "Add" button in the corresponding setting interface, Open the user account setting dialog box, select and add the specified administrator user account, and then click the "OK" button to end the user account setting operation, so that the Windows Server 2008 server system will only allow the specified system administrator in the future. It performs remote management operations and does not allow any other user to perform remote control operations on it.

2. Rejecting the Administrator for attack testing

Like the traditional server operating system, Windows Server 2008 server system will still use the Administrator account to complete the system login operation by default. Because of this, the Administrator account is particularly easy to be used by some illegal attackers. They try to crack the password of the Administrator account to Log into the server and try to test the attack on it. In order to prevent illegal attackers from using the Administrator account for attack testing, we can set up the Windows Server 2008 server system according to the following steps:

First, click the "Start"/"Run" command in sequence on the Windows Server 2008 server system desktop, enter the "Secpol.msc" string command in the pop-up system running text box, and click the Enter key to open the corresponding system Local Security Group Policy console window;

Secondly, in the left display area of the local security group policy console window, position the mouse on the "Security Settings" node option, select "Local Policies"/"Security Options" under the target node branch, and click on the corresponding "Security Options" Find the target security group policy "Account: Rename System Administrator Account" under the branch, and right-click the group policy option, execute the "Properties" command from the shortcut menu that appears, and open the "Account: Rename System Administrator Account". Click the "Local Security Settings" tab in the dialog box to open the tab setting page as shown in Figure 2. In this page, we can change the name of the Administrator account to someone else It is not easy to guess the name, for example, you can change it to "guanliyuan", and finally click the "OK" button to save the above settings, so that when an illegal attacker attempts to attack and test the Windows Server 2008 server system through the Administrator account , it cannot be successful, then the security performance of the server system can be effectively guaranteed.

3. Modify the telnet port to protect remote connection security

The telnet command is the default remote login program in the Windows Server 2008 server system. Because this program is directly integrated into the server system and is more convenient to use, network administrators often use this program when managing servers. However, when using the telnet command to perform remote control operations on the server system, the control information is often transmitted on the network in plain text, and some malicious attackers can easily intercept control information such as account names and passwords. There is also an obvious weakness in the authentication method of the telnet program, that is, it is particularly vulnerable to attacks by others. Considering that when the telnet command remotely controls the Windows Server 2008 server system, the default network port "23" is generally used automatically, and this port is familiar to almost everyone. In order to protect the security of the telnet remote connection, we only need to follow the The following method modifies the default network port number of the program to prevent others from using the telnet command to remotely control the server system:

First, click the "Start"/"Run" command in turn on the Windows Server 2008 server system desktop, enter the "cmd" string command in the pop-up system running text box, and click the Enter key to open the DOS of the corresponding system Command line work window;

Secondly, at the command line prompt of the DOS window, enter the string command "tlntadmn config port=2991" (where "2991" is the modified new port number), in order to prevent the newly set network port number from being different from the existing port number of the system There is a conflict, we must ensure that the new port number entered here cannot be set to the port number of a known system service; after confirming that the above string command is entered correctly, click the Enter key, and the port number used by the telnet command will automatically change to It becomes "2991". At this time, the network administrator must know the new port number before using this program to remotely control the Windows Server 2008 server system.

Of course, we can remotely modify the telnet program port number of the Windows Server 2008 server system without going to the server site. We only need to open the DOS command line working window in the local client system, and enter the string command at the command line prompt of the window "tlntadmn config \\server port=2991 -u xxx -p yyy "(Server indicates the host name or IP address of the remote server system, port=2991 is to be changed to the remote login port number, xxx is the user name for logging in to the server system, yyy is the password corresponding to the user account. After clicking the Enter key, the telnet port number of the remote server system becomes "2991".

4. Forcibly use complex passwords to prevent brute force cracking

If the remote login password of the Windows Server 2008 server system is not complex enough, then illegal remote control users may successfully crack the login password by brute force. In fact, many network administrators often set the remote login password of the server system to be relatively simple for the sake of easy memory. seriously threatened. To this end, we only need to perform the following settings on the Windows Server 2008 server system to enable the password policy that comes with the system, forcing users to set relatively complex passwords for remote control accounts:

First, click the "Start"/"Programs"/"Administrative Tools" command in turn on the Windows Server 2008 server system desktop, and then double-click the "Local Security Policy" icon in the system management tool list window that appears, Open the local security settings dialog of the corresponding system;

Secondly, in the left display area of the setting dialog box, use the mouse to select the "Account Policy" branch option, and then select the "Password Policy" subitem under the target branch option, and click on the right side of the corresponding "Password Policy" subitem. In the side display area, we will see six setting policy options related to passwords. Double-click the "Password must meet the complexity requirements" group policy option to open the target group policy property setting window as shown in Figure 3;

Check whether the "Enabled" option is selected. If it is found that this option has not been selected, we should re-select it in time, and then click the "OK" button to save the above settings. In this way, Windows Server 2008 When the remote login password of the server system is not complicated enough, the system will automatically pop up a relevant prompt;

Next, we modify policies such as "Enforce Password History", "Minimum Password Length", "Use Reversible Encryption to Store Passwords", "Maximum Password Age", and "Minimum Password Age" as needed. , and finally click the "OK" button to complete all the setting operations, so that the remote login password can be forcibly set to be complicated.