外网服务器基本安全防范
程序员文章站
2022-03-04 16:13:39
...
一、1.修改SQL Service的默认端口,即非默认的1433.
2.SQL Server SP补丁包应安装.
3.检查sa帐号密码强度是否足够,必要时可禁用sa帐号.
4.防火墙需开启.
5.开启自动更新(windows update).
6.时常关注windows日志及SQL日志是否有异常信息.
7.备份数据库到百度云,或者本地。
二、更改远程桌面端口,即非默认的3389 。
三、 关闭135,137,138,139,445 端口防止勒索病毒。
把以下内容写到记事本,保存为bat可执行文件即可。
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
@echo off
color 1f
title 关闭135 137 138 139 445端口
echo.
echo.
echo.
echo 正在关闭135-139端口 请稍候…
netsh advfirewall firewall add rule name = "Disable port 135-139 - TCP" dir = in action = block protocol = TCP localport = 135-139
echo.
netsh advfirewall firewall add rule name = "Disable port 135-139 - UDP" dir = in action = block protocol = UDP localport = 135-139
echo.
echo 正在关闭445端口 请稍候…
netsh advfirewall firewall add rule name = "Disable port 445 - TCP" dir = in action = block protocol = TCP localport = 445
echo.
netsh advfirewall firewall add rule name = "Disable port 445 - UDP" dir = in action = block protocol = UDP localport = 445
echo.
echo 按任意键退出
pause>nul