10 tips for enhancing system security

1. View local shared resources

Run cmd input net share, if you see an unusual share, it should be closed. But sometimes when you turn off the shares and then appear again the next time you boot up, you should consider whether your machine has been controlled by hackers or infected with the virus.

2. Delete Share (one at a time)

NET share admin$/delete

NET share C $/delete

NET share d$/delete (if there is e,f, ...) can continue to delete)

3. Delete ipc$ NULL connection

Enter regedit in the registry and find the numeric data in the Hkey_local_machine_system_current Controset_control_lsa entry RestrictAnonymous from 0 to 1.

4. Close your own 139 ports, where IPC and RPC vulnerabilities exist.

The 139 port is closed by selecting the Internet Protocol (TCP/IP) attribute in local Area Connection in network and dial-up connections, and entering advanced TCP/IP settings, WINS settings, which has "Disable TCP/IP NetBIOS". The 139 port is closed when the check is made.

5. Prevent RPC Vulnerabilities

Open Administrative Tools-services-Find the RPC (Remote Procedure call (RPC) Locator) service-the first failure in recovery, the second failure, and subsequent failures, all set to no action.

XP SP2 and Pro SP4 do not have this vulnerability.

6.445-Port shutdown

Modify the registry to add a key value

Hkey_local_machinesystemcurrentcontrolsetservicesnetbtparameters in the right window to establish a smbdeviceenabled for the REG_DWORD type key value is 0 That's OK.

7.3389 off.

XP: Right-click on my Computer--> remote, the Remote Assistance inside and Remote Desktop two options box to remove the hook.

Win2000server begins--> program--> the admin tool--> service to find the Terminal Services service entry, select the property option to change the startup type to manual and stop the service. (This method also works with XP)

With friends of Win2000pro, there are a number of articles on the web that say--> services services are found at the beginning of the--> Settings--> Control Panel--> admin tools Terminal Service. Select the Properties option to change the startup type to manual and stop the service, and you can turn off 3389, but Terminal Services does not exist in 2000pro at all.

8.4899 of the Precautions

There are many intrusion methods on 3389 and 4899 on the network. 4899 is actually a remote control software opened the service port, because these control software powerful, so often hackers used to control their own chickens, and such software generally will not be anti-virus software killing, than the back door is also safe.

4899 is not like 3389, is the system's own services. You need to install it yourself, and you need to upload the server to the compromised computer and run the service to achieve control.

So as long as your computer has a basic security configuration, it's very difficult for hackers to control you through 4899来.

9. Disable Service

Open Control Panel, Access admin tools-services, turn off the following services

1.alerter[notifies selected users and computers to manage alerts]

2.clipbook[Enable ClipBook Viewer to store information and share it with remote computers.

3.Distributed file system[merges dispersed file shares into a single logical name, shared out, and remote computers cannot access shares after shutdown

4.DISTRIBUTED Link Tracking server[applicable to local area network Distributed Link Tracking Client service]

5.Human Interface Device access[enable universal Input access to Human Interface Devices (HID)]

6.IMAPI cd-burning COM service[Management CD Recording]

7.Indexing service[provides indexed content and attributes of files on local or remote computers, revealing information]

8.Kerberos Key Distribution center[Authorization Protocol login Network]

9.License logging[Monitor IIS and SQL stop if you don't have IIS and SQL installed

10.messenger[Alert]

11.NetMeeting Remote Desktop sharing[netmeeting Company to leave customer information collection]

12.Network dde[provides dynamic data exchange for programs running on the same computer or on different computers]

13.Network DDE dsdm[Management Dynamic Data exchange (DDE) network share]

14.Print spooler[Printer service, no printer is prohibited.

15.Remote Desktop help manager[Manage and control Remote Assistance]

16.Remote registry[enables remote computer users to modify the local registry]

17.Routing and Remote access[provide routing services on LAN and WAN. Hacker reason routing service spying on registration information]

18.server[supports this computer's file, print, and named pipe sharing over the network.

19.Special Administration Console helper[allows administrators to use the Emergency Management Services remote access command line prompt]

20.tcp/ipnetbios helper[provides support for NetBIOS and NetBIOS name resolution on network clients on TCP/IP services to enable users to share files, print, and log on to the network]

21.telnet[allows remote users to log on to this computer and run programs]

22.Terminal services[allows users to connect interactively to remote computers]

23.Window S Image Acquisition (WIA) [Photography services, applications and digital cameras]

If you find that the machine has opened some very strange services, such as r_server services, you must immediately stop the service, because it is entirely possible to use the hacker control program server.

10, the security principle of account password

First disable the Guest account, the system built the Administrator account name renamed (the more complex the better, better to change to Chinese), and to set a password, preferably 8-digit alphanumeric symbol combination.

If you are using another account, it is best not to add it into the administrators, if you join the Administrators group, must also set a safe enough password, ditto if you set the password of the administrator, it is best to set in Safe mode, Because I found that the system has the highest access to the account, not the normal login under the administrator account, because even with this account, the same can be logged into the security mode, the SAM file deletion, so as to change the system administrator password! This is not the case for an administrator who is set up in Safe mode because it is not known that the administrator password is inaccessible to Safe mode. Maximum privilege This is a password policy: Users can set the password according to their own habits, the following is my recommended settings (about password security settings, I have said above, here no longer wordy.)

Open Administrative Tools. Local Security settings. Password Policy

1. Passwords must conform to complex requirements. Enable

2. Minimum password value. I set it to 8.

3. Maximum password age. I am the default setting 42 days

4. Minimum password use period 0 days

5. Enforce password history remember 0 passwords

6. Store password with reversible encryption disable