Prevent computer from being controlled by others _ security related

Computer hackers can invade users ' computers using open ports and weak passwords or even empty password vulnerabilities. Hackers can access the other side of the network segment (or direct access to IP), using scanning tools (such as: Superscan, X-scan, etc.) scan the user's computer port and obtain IP, and then run the Client Connection tool (for example: Glacier 2.2) intrusion user computers, As long as your network is through the broadband account has been dialed, they invade your computer, in view of the above situation, the author puts forward the following precautions:

(1) Strengthen the system to prevent hacker intrusion

Hardening System: Update operating systems or patches to fix system vulnerabilities in a timely manner; Set security options---do not display the last user name; Do not open unsolicited emails and software programs, and do not return to strangers ' emails; computer to install using the necessary black-proof software, firewalls and antivirus software, and maintain regular updates, the timely killing of computer viruses and Trojans, to prevent hackers to invade computers. In general, the use of some powerful anti-black software and software firewalls to ensure that our system security.

Enhanced Password: Correctly set the Administrator password (System power-on password) and adsl internet password; numbers are mixed with letters, and contain several types of characters, such as uppercase letters, lower-case letters, numbers, punctuation marks (@,#,!, $,%,& ...); The password should be no less than 8 characters; Disable the ability of ADSL dialing software to remember passwords, that is, do not check the "Remember Password" item.


(2) Restricting open ports to prevent illegal intrusion

By restricting the ports to prevent illegal intrusion, close the corresponding open ports, such as Port 3389. Simply put, the main way of illegal invasion can be roughly divided into 2 kinds. (1) Scan the port and penetrate the host through known system bugs. (2) Planting Trojans, using Trojans to open the back door into the mainframe. If we can limit the two kinds of illegal intrusion, it can effectively prevent the use of hacker tools of illegal intrusion. And the two kinds of illegal intrusion methods have one thing in common, is through the port into the host. To avoid being hacked, close these dangerous ports, for individual users, you can limit all ports because you do not have to provide any service to your machine at all, and for servers that provide network services externally, we need to use ports that must be used (such as ABC Port 80, FTP port 21, Mail Service Ports 25, 110, etc.) open, and all other ports are closed.

The 139 port is the NetBIOS session port for file and print sharing, and it is worth noting that the UNIX machine running Samba is also open with 139 ports, the same functionality. This port is one of the ports that hackers prefer to use. Turning off the 139-port method is to select the Internet Protocol (TCP/IP) attribute in the local area Connection in the Network and Dial-up Connections window, and enter the Advanced TCP/IP Settings option WINS settings with a "Disable TCP/IP NetBIOS". The 139 port is closed when the check is made. For individual users, it can be set to "disabled" in each service property setting to prevent the service from restarting and the port opening on the next reboot.

3389 Port, the network administrator can remotely install Windows Server or Windows XP Computer Management and maintenance, hackers or illegal attackers can easily get the server's Super Administrator account. The way to shut down in Windows XP is by right-clicking on my Computer--> remote and removing the hook from the Remote Assistance and Remote Desktop two options box. The method of shutting down in Win2000 server is to start the--> program--> the Administrative Tools--> service to locate the Terminal Services service entry, select the property option to change the startup type to Manual, and stop the service. (This method works the same in XP)

4899 Port is actually a remote control software opened the service port, because these control software powerful, so often hackers used to control their own chickens, and such software generally will not be anti-virus software killing, than the back door is also safe. 4899 is not the system's own services, the need to install themselves, and the need to upload the server to the intrusion of the computer and run services to achieve control purposes. So as long as your computer has a basic security configuration, it's hard for hackers to control you through 4899来.

For users with Windows 2000 or Windows XP, you do not need to install any other software, you can use the TCP/IP filtering feature to restrict the server's ports. The specific settings (closed method) are as follows: Click "Start → control Panel → network connection → local connection → right → properties", then select Internet (TCP/IP) → "properties". In the Internet (TCP/IP) Properties dialog box, select the Advanced tab. In the Advanced TCP/IP Settings dialog box, select options → TCP/IP filtering → properties. Here are 3 items, respectively, TCP, UDP, IP protocol. Suppose my system only wants to open 21, 80, 25, 110 of these 4 ports, just check "Allow" on "TCP port" and click "Add" to add these ports to the inside, then OK. Note: The system prompts you to reboot after the modification so that the settings will not take effect. This way, the system will only open the ports that you have selected and the other ports will not open.


(3) Turn off default sharing, prohibit null connection

Most of the operating systems currently used for home computers are win XP and Win2000 Pro, and the default sharing (ipc$,c$,d$,admin$, etc.) of the two systems is the hacker's favorite intrusion path, and broadband users can run the CMD input net share to view the sharing of this machine, If you see an unusual share, you should close it. But sometimes when you turn off the shares and then appear again the next time you boot up, you should consider whether your machine has been controlled by hackers or infected with the virus.

Turn off default sharing you can use the net share default share name/delete command (such as net share C $/delete), but this method turns on sharing after the next boot up, so if the broadband user does not use shared services on the local area network, simply place the "File and printer sharing on the network" is uninstalled, and the default share can be completely shut down.


The way to prevent an empty connection is to run Regedit first and locate the following primary key in the registry [hkey_local_machine\\system\\ Currentcontrolset\\control\\lsa] Change the key value of RestrictAnonymous (DWORD) from 0 to 1.
(4) The use of intrusion detection means, timely prevention of intrusion

The most common Trojan is usually based on the TCP/UDP protocol for client-side and server-side communication, since the use of these two protocols, it is inevitable to the server side (is a Trojan machine) open the listening port to wait for the connection. We can use the view of the local open port to check whether we have been planted Trojan or other hacker programs.

We use the netstat command with Windows itself (the detailed method uses the netstat/? Command query) and the command-line tool FPort under Windows2000 to see more efficient ports that are open to the computer, as well as some suspicious programs running over open ports. Closing these ports in a timely manner and removing these suspicious procedures can be more effective in ensuring the security of the computer system.