Build computer security from scratch

1. Terrible Port

To communicate with the outside world, the computer must use some ports. If someone else wants to intrude into and control our computers, they also need to connect to them from some ports. One day I checked a friend's system and was surprised to find that important ports such as 139, 445, 3389, and 4899 were opened. All these ports can facilitate hacker intrusion, in particular, the port 4899 may be opened by the backdoor tool Radmin installed by the intruder, which can be used to gain full control of the system.

In Windows 98, select "run" through "start" and enter "command" (in Windows 2000/XP/2003, enter "cmd" in "run "), enter the Command Prompt window, and then enter netstat/An to view the opening and network connection of the local port.

How can we close these ports? Because each port of the computer corresponds to a service or applicationProgramSo as long as we stop the service or uninstall the program, these ports are automatically closed. For example, you can stop the Radmin service in "My Computer> Control Panel> Computer Management> service" to disable port 4899.

If you do not find a service that opens a port or stops the service, the normal use of the computer may be affected. You can also use the firewall to shield the port. The following example shows how to disable the 4899 port of Skynet personal firewall. Open the "custom IP rule" page of Skynet, click "add rule" to add a new rule, and select "accept" in "packet direction ", select "any address" from "peer IP Address", enter "from 4899 to 0" in the local port on the TCP tab, and enter "from 0 to 0" as the Peer Port, select "intercept" in "when the preceding conditions are met" to disable port 4899. Other methods for disabling ports can be used.

2. Enemy's "process"

In Windows 2000, you can press CTRL + ALT + DEL to call up the task manager to view and close the process; however, in Windows 98, you can only view some applications by pressing CTRL + ALT + DEL. Some service-level processes are hidden and cannot be seen, however, you can see it through the built-in system tool msinfo32. In "Start> Run", enter msinfo32 to open the "Microsoft System Information" interface. The local process is displayed under "running tasks" in "software environment. However, to terminate a process under Windows 98, you must use a third-party tool. Many system optimization software comes with tools for viewing and disabling processes, such as the spring light system modifier.

But at present, many Trojan processes disguise system processes, and it is difficult for new users to tell their authenticity. Therefore, we recommend a powerful Trojan-killing tool named "Wooden Star", which can scan and kill more than 8000 types of international Trojans, more than 1000 types of password theft Trojans have powerful functions and are essential for secure Internet access!

3. Be careful. Remote Management software is in great trouble.

Nowadays, many people like to install remote management software on their machines, such as pcAnywhere, Radmin, VNC, or Windows Remote Desktop, which makes remote management, maintenance, and office convenient, however, the remote management software also brings us many security risks. For example, a password file exists in pcanywhere10.0 and earlier versions *. the problem that the CIF value is easily decrypted (decoded rather than cracked). Once the intruders get it through some means *. in the CIF file, he can use a tool called pcanywherepwd to crack the Administrator account and password.

Radmin is mainly about empty passwords. Because Radmin is empty by default, the password security settings are ignored after Radmin is installed, any attacker can use the Radmin client to connect to the server where Radmin is installed and do everything he wants to do.

The Windows system's remote desktop will also provide a convenient door for hackers to intrude into the system. Of course, it is after he has obtained an accessible account through some means.

It can be said that almost every remote management software has its own problems, such as the powerful remote management software DameWare ntutilitie introduced by this newspaper's 43 G12 version. Some versions of the DameWare Mini remotecontrol tool kit also have a buffer overflow vulnerability, which allows hackers to execute arbitrary commands on the system. Therefore, IP address restriction is required to use it remotely and securely. The following uses Windows 2000 Remote Desktop as an example to describe the IP address restriction of port 6129 (the port used by DameWare Mini remotecontrol): On the "custom IP rules" page of Skynet, click "add rule" to add a new rule. Select "accept" in "packet direction", select "specify address" in "peer IP Address", and then enter your IP address, on the TCP tab, enter the local port number from 6129 to 0, and the peer port number from 0 to 0. In "when the preceding conditions are met", select "pass ", in this way, except for the specified IP address (192.168.1.70), no one else can connect to your computer.

Installing the latest version of remote control software also improves security. For example, the latest version of pcAnywhere password file adopts a strong encryption solution.