{Defense} 4-protect your computer against virus intrusion

In general, we adopt some powerful anti-Black software and firewall to ensure the security of our system, this article proposes a simple method to help you prevent illegal intrusion through port restrictions-how to disable some ports in the system, in addition, how to disable the default shared C $, d $, ADMIN $, and IPC $ in windows.

Illegal intrusion

In short, illegal intrusion can be roughly divided into four types:

1. Scan the port to attack the host through known System bugs.

2. Planting Trojans and using backdoors opened by Trojans to access the host.

3. Use Data overflow to force the host to provide a backdoor to access the host.

4. Use software design vulnerabilities to directly or indirectly control hosts.

The main illegal intrusion methods are the first two. In particular, some popular hacker tools are used to attack the host in the first mode, which is the most common and common; in the latter two ways, only hackers with superb means can exploit the vulnerability, and the software service provider will soon provide patches as long as these two problems arise, repair the system in time.

Therefore, if you can restrict the first two illegal intrusion methods, it can effectively prevent illegal intrusion by using hacker tools. In addition, the first two illegal intrusion methods share one thing: Entering the host through a port.

A port is like a house (server) with several doors. Different doors lead to different rooms (servers provide different services ). The default FTP port we commonly use is 21, while the default WWW webpage port is 80. However, some careless network administrators often open port services that are vulnerable to intrusion, such as port 139, and some Trojans, for example, glaciers, Bo, and Guang Wai all automatically open a port that you do not notice. So, as long as we block all ports we cannot use, will these two illegal intrusions be eliminated?

For example, the ports closed here include 135,137,138,139,445,102, 3389,593, and TCP. I will not point out any other ports here.

The procedure is as follows:

By default, many windows ports are open. When you access the Internet, network viruses and hackers can connect to your computer through these ports. To change your system to a copper wall, you should close these ports, mainly including TCP 135, 139, 445, 593, 1025, and UDP 135, 137, 138, and 445, some popular Backdoor Ports (such as TCP 2745, 3127, and 6129) and remote service access port 3389. The following describes how to disable these Network Ports in WINXP/2000/2003.

Step 1: click "start" menu/settings/control panel/management tools, double-click to open "Local Security Policy", select "IP Security Policy, on the local computer ", right-click the blank position in the right pane, and select "create IP Security Policy" in the shortcut menu. A wizard is displayed. Click "Next" in the Wizard to name the new security policy. Then, press "Next" to display the "Secure Communication Request" screen, remove the hooks on the left of "Activate default rules" on the screen. Click "finish" to create a new IP Security Policy.

Click "OK" and return to the filter List dialog box. A policy has been added, repeat the preceding steps to add TCP 137, 139, 445, 593, UDP 135, 139, and 445 ports and create corresponding filters for them.

Repeat the preceding steps to add a blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389, create a filter for the preceding port, and click OK.

Step 4: In the "new rule attributes" dialog box, select "new IP Filter list" and click a dot in the circle on the left to indicate that the IP address has been activated, click the filter action tab. On the "Filter Operations" tab, remove the hooks on the left of "use add wizard" and click "add" to add a "Block" Operation: on the "Security Measures" tab of "New Filter operation properties", select "Block" and click "OK.

Step 5. Enter the "new rule attributes" dialog box and click "New Filter operation". A dot is added to the circle on the left to indicate that the operation has been activated. Click "close" to close the dialog box; return to the "new IP Security Policy attributes" dialog box, tick the left side of the "new IP Filter list", and click "OK" to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign ".
At this time, you can run the computer. After the computer is restarted, the above network ports on the computer will be closed. At this time, viruses and hackers will no longer be able to connect to these ports, this protects your computer.

The following describes how to disable the default shared C $, d $, ADMIN $, and IPC $ in windows.

You should know that Windows 2000 and Windows XP will share data by default. Viruses and hackers can also access your computer through this channel, in this way, you can destroy your files or even remotely control your computer. In this case, you should delete these default shares (in fact, these default shares are only beneficial to you personally, in this case, my personal opinion is appreciated ).

Step 2: Right-click the IP Security Policy. In the "properties" dialog box, remove the hook on the left of "use add wizard" and click "add" to add a new rule, then, the "new rule attributes" dialog box appears. Click the "add" button on the screen to bring up the IP Filter list window. In the list, remove the check on the left of "use add wizard, then, click "add" on the right side to add a new filter.

Step 3: Go to the "Filter Properties" dialog box. First, you will see addressing. Select "any IP Address" as the source address, select "my IP Address" as the target address, and click the "protocol" tab, in the "select protocol type" drop-down list, select "TCP", enter "135" in the "to this port" text box, and click "OK, in this way, a filter is added to shield the TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135.

Here we should first talk about the Windows XP operating system. XP is no easier to deal with than 2000. Before I found a solution, I met "unfeeling" on QQ and asked, I didn't expect him to think of a method at the time. after about 15 minutes, I found the net share * $/del method on the Internet, "sentiment" also tells me to use this command, which is exactly what a hero sees.

If you only occasionally use a computer, you can select "run" from the "Start" menu ", enter "net share * $/del" (* indicates the name of the share you want to delete. However, this default share will still be available after the next boot. How can we completely disable the default share after the boot? Follow me, let's go.

Now let's talk about how to automatically disable all default share for windows after it is turned on. Windows 2000 and Windows XP are also similar here, and select "run" in the "Start" menu ", enter "Regedit", open the [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] branch of the Registry, and create a new "string value" under it. The name can be random, such as "delsharec $ ", right-click, and click "modify" in the shortcut menu ", in the "Edit string" window that appears, enter "net share C $/del" (excluding quotation marks) and press "OK" in the "value data" column. Similarly, add "string value", such as "delshared $", "value data", "net share d $/del", and so on. Where can I add a few partitions, including "net share ADMIN $/del" and so on. Note: There are case-sensitive cases. After saving the registry and restarting the computer, you can enable automatic shutdown of these special shared resources.

However, have you found that the "net share IPC $/del" command does not play any role at all for "IPC $", but it still keeps sharing by default ??? (In fact, this step is enough. You don't need to close IPC $)

Permanently disable the IPC $ and default services that share dependencies: the LanmanServer is the server service and must be included in the management tools on the control panel, find "service", go to "server service" (right-click), go to "properties", click "General", and select "disabled" in "Startup type ", in this way, the default share of IPC $ is disabled. However, this will produce some negative effects. Once you disable the default share of IPC $, you cannot use many server services, at the same time, you may not be able to access other computers in the LAN. Please use it with caution !!
Cancel Windows 2000/XP default share

After Windows 2000 is installed, the system will create some hidden shares. Through the "net share" command, we will see these shares: ADMIN $, IPC $, C $, d $, e $ ...... these default shares can be stopped by right-clicking the "share" command, but the shares will be automatically restored after the system restarts. For the sake of system security, we should immediately cancel these default shares after installing Windows 2000.

If you want to disable sharing among C $, d $, and E $ types, you can click "Start> Run", type "Regedit" in the run window, and press enter to open the Registry Editor. Expand the [HKEY_LOCAL_MACHINE \ SYSTEM \ current-ControlSet \ Services \ LanmanServer \ Parameters] branch in sequence, and set the dowrd value "AutoShareServer" in the right window to "0.

If you want to disable ADMIN $ sharing, you can set the value of dowrd in the right window to "0" under the same branch.

To disable IPC $ sharing, expand the [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA] branch in the Registry Editor, set the dowrd value "restrictanonymous" in the right window to "1.

If you are interested, you can try it (we recommend that you back up the Registry first). However, you are not responsible for all the consequences and are for your reference only !!

The original creator is the only person with less blood in the Chinese mainland.