Compared to the traditional operating system, the most attractive place of the Win2008 system may be to calculate its super security features, indeed, using many new security features, we can very easily to the local system for all-round, three-dimensional protection. However, this does not mean that the security of the Win2008 system is impeccable, some details can still threaten the security of the Win2008 system; For this reason, we also need to pay more attention to some security details in peacetime, in order to let the Win2008 system security more upper floors!
1, refused to modify the firewall security rules
As we know, the new advanced Security firewall features of the Win2008 system allow users to define their own security rules according to their actual needs, so as to achieve more flexible security protection purposes; But there are some obvious drawbacks to this firewall, some of the settings we've made and the security rules we create, Almost all are stored directly in the local Win2008 system registry, and an illegal attacker simply needs to write simple attack scripting code that can easily modify the contents of the corresponding system registry to achieve the purpose of modifying the firewall security rules, thus making it easy to cross the limits of the Advanced Security firewall. So how can you deny an illegal attacker the ability to cross the advanced Security firewall functionality by modifying the relevant key values in the system registry? In fact, it is very simple to prohibit an illegal attacker from modifying the relevant key values in the system registry by using the following settings:
First in the Win2008 system desktop Open the Start menu, select the "Run" command, in the pop-up System Run dialog box, the input string command "regedit", click the Enter key, open the corresponding system Registry control window;
Next to the left position of the control window, the mouse is positioned on the branch of the HKEY_LOCAL_MACHINE node and expands sequentially from the target branch system\controlset001\services\sharedaccess\parameters\ The Firewallpolicy\firewallrules registry subkey (shown in Figure 1) holds many firewall security rules and setting parameters in the right-hand display area corresponding to the registry subkey;
Obviously, if an illegal attacker had permission to access the Firewallrules registry subkey, it would be able to modify the security rules and set the parameters under the branch at will, and in the default state any ordinary user would indeed be able to access the target branch; We have to limit the Everyone account to access the Firewallrules registry subkey, to do this, we must first select the mouse Firewallrules registry subkey, right-click the registry subkey, and execute the Permissions command on the shortcut menu. Opens the Permission Settings dialog box for the target registry subkey;
Click the Add button in the dialog box, open the User Account Selection dialog box, select the "Everyone" account and add it, then select the "Everyone" account, and the account should be the "Full Control" permission to "Deny", and then click the "Apply" button, In this way, the illegal attackers will not be able to modify the security rules of Win2008 system Advanced Security Firewall and set parameters, then the security of the Win2008 system is more secure.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
