How to maintain operating system security

Before a disaster arrives, we can make a lot of preparations to avoid the disaster, but we can't help but think about what we should do if the disaster really strikes? For system reinforcement, we also need to be fully prepared.

Highlights of "security"

1. Try to install the English version of the operating system

If you only want to improve the security of the operating system, I strongly recommend that you install the original English version of Windows, because when a new vulnerability is discovered, it is usually the English version of the vulnerability patch first, patches in other language versions will be delayed for a while. this period of time may determine whether the system is "Born" or "dead ".

2. Select a safe file format

After Windows 2000/XP is started normally, many services are provided for users, but most users do not need all services. obviously, redundant services can only increase system load and instability. right-click my computer> Manage on the desktop, and select "services and applications> Services" in the left-side window ", we can turn off unnecessary services here to improve system stability, security, and speed up system operation. note that several high-risk services such as Remote Registry Service and Telnet must be stopped: double-click the corresponding project with the mouse, in the window that appears, set them to "Manual" or "forbidden. for Windows 2000/XP users, the NTFS file format is the best choice. because NTFS is superior to the FAT system in terms of file retrieval speed and system resource permission control. right-click a disk partition in NTFS format and select "attribute" from the pop-up menu ", the disk attributes in NTFS format are displayed with the "quota" and "security" tabs, you can use these two tabs to set the access permissions of each user on the Logical Disk in the system.

3. Do not install useless Components

During Windows system installation, we will be prompted to select the installed components. generally, do not install components that are temporarily unavailable. for example, for ordinary users who do not intend to set up a personal site, and are unlikely to use a local computer to debug scripts such as ASP, there is no need to install Windows 2000/XP Internet Information Service IIS ), naturally, you can avoid such problems. PRINTER ,. IDQ ,. IDA, WEBDEV, and other external attacks through IIS.

System Security sanjianke

1. Add a curtain for the "window"

After using WSU to adjust the default account of the system, we effectively prevent attacks and damages from external cracking methods, effectively enhancing the system stability. however, due to the operating system design, we still need to use the Internet firewall to ensure system security.

2. Detect operating system vulnerabilities in a timely manner

After completing the preceding settings, we 'd better perform a security evaluation on our own. after downloading the Retina Network Security token, the program will require you to immediately upgrade the vulnerability library of the program. after the vulnerability library is upgraded, you can find the address bar in the upper left corner of the main interface of the program, enter the local IP address or the IP address to be detected), and press enter to start scanning. have you seen the analysis on the right side of the interface? The following details the various security risks of the system. If you click any entry with the mouse, the program automatically displays the best reinforcement policy for your reference.

3. Anti-Virus Software selection

Anti-virus software is undoubtedly the most important in terms of system security. It is essential to maintain a good habit of surfing the Internet. but the danger is hard to prevent. webpage Trojans, malicious plug-ins, network attacks, and a good anti-virus software are indispensable. kingsoft drug overlord 2008 Ruixing Jiangmin and others are excellent products made in China, and other foreign products such as kaback Norton are very powerful. for China's future network security, I hope you can support Chinese products. although Chinese anti-virus software is less functional than foreign software, Chinese software is innovating to continuously improve the anti-virus capability. KingSoft Antivirus 2008's self-developed three-and-one anti-virus response to the virus is increased to the unit of seconds, although rising and Jiang min are still using this foreign anti-virus software technology, we believe that with the support of everyone, we will embark on a completely independent path.

Set the rainbow

1. customized system services

After Windows 2000/XP is started normally, many services are provided for users, but most users do not need all services. obviously, redundant services can only increase system load and instability. right-click my computer> Manage on the desktop, and select "services and applications> Services" in the left-side window ", we can turn off unnecessary services here to improve system stability, security, and speed up system operation. note that several high-risk services such as Remote Registry Service and Telnet must be stopped: double-click the corresponding project with the mouse, in the window that appears, set them to "Manual" or "forbidden.

2. Customize security logs and audit policies

Click Start> run, and type Gpedit. msc and press the Enter key. In the displayed Group Policy window, expand computer configuration, Windows Settings, security settings, Local Policies, and audit policies ", double-click "Account Management" in the window on the right, open the window shown in 1, select all the check boxes before "success" and "failure", and then click "OK" to exit. Set "Logon event", "Policy Change", "System Event", and "Account Logon event" to "successful" and "failed" in the same way ", set "Object Access", "privileged use", and "directory service access" to "failed.

Next, in "Account Policy> password policy", set "Password Complexity Requirements" to "enable" and "Minimum Password Length" to "6 bits "; set "force password history" to "5 times" and "Maximum Retention Period" to "30 days ".

In "Account Policy> account lock policy", set "account lock" to "3 wrong logins" and "lock time" to "20 minutes "; set "Reset lock count" to "20 minutes ".

3. Customize the default account

We have said that all default passwords are insecure. At least the system account is like this. Not to mention the passwords used by most of our friends, there are also a few users who use empty passwords. it is important that, with a known user name, it is theoretically difficult for a password to escape the bad luck caused by brute-force cracking.

Right-click my computer> Manage on the desktop, and select System Tools> local users and groups in the left-side window ". rename the "Administrators" account under "user" or "group. it is recommended that you set a password for the users that come with the system that we do not use to avoid being exploited by malicious programs or attackers.

Success or failure

In fact, the whole system reinforcement process does not seem complicated, but I have to remind everyone that the system is secure or insecure, stable or unstable, and the operator's mentality is all concerned, it can be said that "success and failure are all in one mind": You pay attention to it, always pay attention to it, and find corresponding solutions to new problems in a timely manner, your system security will naturally be greatly improved

In addition, timely upgrade of anti-virus software to keep the virus library up-to-date, which will undoubtedly provide the best protection for system security.

1. Eight major maintenance knowledge of Microsoft Operating System
2. The three Details reflect the security of the Unix Operating System
3. Windows operating system maintenance knowledge