14 strokes security settings to prevent invasion of hackers (1)

14 strokes security settings to prevent invasion of hackers

1, IPC prohibit air connection

Cracker net use command can be used Establish an empty connection, and then invade, and net view, nbtstat these are based on empty connections, it is forbidden to empty connections. Open the registry and find Local_MachineSystemCurrentControlSetControlLSA-RestrictAnonymous to change this value to "1".

2, forbid At command

Cracker often gives you a Trojan and then let it run, then he needs the at command. Open the Administrative Tools - Service and disable the task scheduler service.

3, close the super terminal service

If you open, this loophole is rotten.

4, close the SSDP Discover Service service

This service is mainly used to start the UPnP device on the home network device, the service will also start 5000 port. It may cause a DDOS attack, causing the CPU to reach 100%, causing the computer to crash. It is reasonable to say that no one will do DDOS for personal machines, but this process also takes up a lot of bandwidth. It will continuously send data packets to the outside world, affecting the network transmission rate, so it is still closed.

5, close the Remote Registry service

Have a look, let the remote modify the registry? !

6. Disable NetBIOS over TCP/IP

Network Neighborhood - Properties - Local Area Connection - Properties - Internet Protocol (TCP/IP) Properties - Advanced - WINS Panel - NetBIOS Settings - Disabled NetBIOS over TCP/IP. This way Cracker can't use the nbtstat command to read your NetBIOS information and network card MAC address.

7, close the DCOM service

This is the 135 port, in addition to being used as a query service, it may also cause a direct attack, the shutdown method is: enter dcomcnfg in the run, in In the Component Services window that pops up, select the Default Properties tab and uncheck "Enable Distributed COM on this computer."

8. Change the permissions of shared files from "everyone" group to "authorized user"

"everyone" means win2000 means any user who has access to your network can get These shared materials. Do not set the user who shares the file to the "everyone" group at any time. Including print sharing, the default attribute is the "everyone" group, so don't forget to change it.

9, cancel other unnecessary services

Please decide according to your own needs, the following HTTP/FTP server requires the least service as a reference:

Event Log< Br>

License Logging Service

Windows NTLM Security Support Provider

Remote Procedure Call (RPC) Service

Windows NT Server or Windows NT Workstation

IIS Admin Service

MSDTC

World Wide Web Publishing Service

Protected Storage

10, Change TTL Value

Cracker can be based on Ping the TTL value to roughly determine your operating system, such as:

TTL=107(WINNT);

TTL=108(win2000);

TTL=127 Or 128(win9x);

TTL=240 or 241(Linux);

TTL=252(solaris);

TTL=240(Irix);

Actually you can change it yourself:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip

Parameters:DefaultTTL REG_DWORD 0-0xff (0-255 decimal, default 128) Changed to an inexplicable number such as 258, at least let those little rookies faint for a long time, it is not necessarily okay to give up the invasion.

11, Account Security

First of all, ban all accounts, except yourself, huh, huh. Then rename the Administrator. I just built an Administrator account, but it is not the kind of permissions, and then open the Notepad, a burst, copy, paste into the "password", huh, huh, break the password! Found that it is a low-level account, see you crash?

12. Cancel the last login user

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrent VersionWinLogon:DontDisplayLastUserName Change the value to 1.