In the process of network security detection, various DOS commands are the most handy tool for us to find clues. However, it is not easy to master the use of all DOS commands. In fact, from the perspective of network security detection, we only need to master the three commands to play a better preventive role.
1. view the network connection status
In general, security is mainly for computers connected to the network. Single-host users have fewer security issues. For computers connected to the network, the most basic thing is to detect network connections. Because both viruses, Trojans, and hacker intrusions are connected through the network.
In the "run" window, enter "CMD" and press enter to open the Command Prompt window, and then enter "netstat-an" to view all connections established with the local machine. The Proto part indicates the connection mode. The Local address is the Local connection address and port, while the Foreign address is the address and port of the other party, and the State is the current port.
After reading this information, we can determine whether an abnormal connection exists. If yes, we need to disconnect the network for further processing.
2. View service running status
Generally, the functions of a computer correspond to the services they provide. Therefore, many intruders will open various services after entering the computer. It can be seen that it is necessary to detect the services currently running in the system.
Enter "net start" in the command prompt, and the system prompts "The following Windows Services have been started". Then, check whether the services are running in the list. If yes, type "net start service name" to view more detailed information about the service. To confirm that the service is running illegally, you only need to run the "net stop server" command and press "Y" to confirm whether to continue the operation.
3. View account information
After breaking through the defense line, many intruders usually establish corresponding accounts to facilitate the next intrusion. In this case, enter "net user" at the command prompt to display the names of all accounts created in the current system. If you find that the account is not created by yourself, you need to run "net user account name" to view its permissions. If the user belongs to a group with higher permissions such as Administrators, you can confirm that the account was illegally created by a hacker and use "net user account name/del" to delete it.
In fact, there are still many useful operations related to the net command. You can enter "net/?" at the command prompt /?" To view detailed help information.