15 tips for building a computer super Firewall

Source: People's Network

When talking about the security of personal Internet access in network security, you should first classify the problems you may encounter. The intrusion methods we encounter include the following:

(1) Passwords stolen by others;

(2) The system is attacked by Trojans;

(3) malicious java scrpit program attacks during Webpage Browsing;

(4) QQ attacks or information leakage;

(5) virus infection;

(6) vulnerabilities in the system allow others to attack themselves.

(7) malicious hacker attacks.

Next, let's take a look at how to effectively prevent attacks.

1. View local shared resources

Run CMD and enter net share. If abnormal share is found, disable it. But sometimes when you turn off sharing and start up again, you should consider whether your machine has been controlled by hackers or has been infected with a virus.

2. Delete sharing (input one at a time)

Net share admin $/delete

Net share c $/delete

Net share d $/delete (if e, f ,...... Can be deleted) because the system is automatically restored after the system is restarted. can be saved *. the bat file automatically runs the script file when the Group Policy is set to boot and login, so you do not need to manually delete these default shares.

3. delete an ipc $ null connection

Enter regedit in the run, and in the Registry find the value data of the Value Name RestrictAnonymous in the HKEY-LOCAL_MACHINESYSTEMCurrentControSetControlLSA item from 0 to 1.
4. Disable your port 139. The Ipc and RPC vulnerabilities exist here.

To disable port 139, select the "Internet Protocol (TCP/IP)" attribute in "Local Connection" of "network and dial-up connection, in "Advanced TCP/IP Settings" and "WinS Settings", enter "disable NETBIOS for TCP/IP". If you check the box, port 139 is disabled.

5. Prevent Rpc vulnerabilities

Open the management tool -- service -- locate the RPC (Remote Procedure Call (RPC) Locator) Service -- set the first failure, second failure, and subsequent failure to no operation.

This vulnerability does not exist in Windwos XP SP2 and Windows2000 Pro Sp4.

Close port 6.445

Modify the registry and add a key value HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ NetBT \ Parameters. In the window on the right, set SMBDeviceEnabled to REG_DWORD and set it to 0.

Close 7.3389

Windows XP: Right-click on my computer and select Properties --> remote. Remove the Options "Remote Assistance" and "Remote Desktop.

Choose start Win2000server> program> Administrative Tools> Services to find the Terminal Services Service item. Select properties to change the Startup Type to manual and stop the service. (This method is also applicable to XP)

If you are using Windows2000 Pro, note that there are many articles on the internet saying that you can find the Terminal Services Service items in Win2000pro-settings-control panel-management tools-service, select the property Option to change the Startup Type to manual and stop the service. You can disable 3389. In fact, Terminal Services does not exist in 2000pro.

Prevention of 8.4899

There are many intrusion methods about 3389 and 4899 on the network. 4899 is actually a server port opened by a remote control software. These control software is powerful, so Hackers often use it to control their bots. In addition, such software is generally not scanned and killed by anti-virus software, it is safer than a backdoor.

4899 is a system-provided service, unlike 3389. You must install it on your own and upload the server to the compromised computer and run the Service to achieve the purpose of control.

As long as your computer has made basic security configurations, it is difficult for hackers to control you through 4899.

9. Disable the service

Open the control panel, go to Administrative Tools-services, and close the following services:

1. Alerter [Notifies selected users and computers to manage alarms]

2. ClipBook [enable the "Clipboard viewer" to store information and share it with remote computers]

3. Distributed File System [combines Distributed File sharing into a logical name and shares it out. After the command is disabled, the remote computer does not

Legal Access sharing

4. Distributed Link Tracking Server [Lan Distributed Link]

5. Human Interface Device Access [enable general input Access to the Human Interface Device (HID)]

6. imapi cd-Burning COM Service [manage CD recording]

7. Indexing Service [provides the index content and attributes of files on a local or remote computer, causing information leakage]

8. Kerberos Key Distribution Center [authorization protocol logon network]

9. License Logging [monitor IIS and SQL. If you have not installed IIS and SQL, stop]

10. Messenger [alert]

11. NetMeeting Remote Desktop Sharing [Collection of customer information left by netmeeting]

12. Network DDE [provides dynamic data exchange for programs running on the same computer or different computers]

13. Network dde dsdm [Managing Dynamic Data Exchange (DDE) Network sharing]

14. Print Spooler [printer service. If there is no printer, disable it]

15. Remote Desktop Help & nbsp; Session Manager [manage and control Remote Assistance]

16. Remote Registry [enable Remote computer users to modify the local Registry]

17. Routing and Remote Access [Provide Routing services in LAN and wide area networks. Hacker reasons Routing service spying Registration Information]

18. Server [supports sharing of files, printing, and named pipes on this computer over the network]

19. Special Administration Console Helper [allow the Administrator to remotely access the command line prompt using the Emergency Management Service]

20. TCP/IPNetBIOS Helper [resolution of NetBIOS on TCP/IP service and NetBIOS on network client

Allows users to share files, print files, and log on to the network]

21. Telnet [allow remote users to log on to this computer and run programs]

22. terminal Services [allow users to connect to a remote computer in interactive mode] (Remote Desktop System attribute can be disabled. You can disable remote desktop before allowing users to log on to a computer or disable restart after Services are disabled)

23. Window s Image Acquisition (WIA) [Photo Service, application and digital camera]

If you find that the machine has started some strange services, such as r_server, you must immediately stop the service because it is entirely possible that hackers use the server that controls the program.

10. account and password security principles

First, disable the guest account and change the name of the system's built-in administrator Account (the more complicated the change, the better, it is better to change to Chinese), and set a password, preferably a combination of 8 or more letters and numbers.

If you are using another account, it is best not to add it to the administrators group. If you join the administrators group, you must also set a safe enough password, it is best to set it in security mode, because my research has found that the account with the highest permissions in the system is not the adminitrator account under normal login, because even with this account, you can also log on to the security mode and delete the sam file to change the administrator password of the system! This is not the case for the administrator set in Security Mode, because it is impossible to enter security mode without knowing the administrator password. The maximum permission is the password policy: You can set the password according to your habits. The following is my Recommended settings.

Choose Administrative Tools> Local Security Settings> password policy:

1. The password must comply with complex requirements. Enable

2. Minimum password value. I set it to 8.

3. The maximum password validity period is 42 days by default.

4. The minimum password validity period is 0 days.

5. Force password history to remember 0 passwords

6. Use recoverable encryption to store and disable passwords

11. Local Policies

This is very important. It can help us find every action of the people who are tested and track down hackers in the future.

(Although hackers usually clear the traces they leave on your computer when they leave, there are also some carelessness)

Open the management tool and find local security settings-local policy-Audit Policy:

1. Audit Policy Change failed

2. login event review successful failure

3. An error occurred while accessing the Audit object.

4. No review is performed during the review and tracking process.

5. Failed to Audit Directory Service Access

6. failed to review privilege usage

7. System Event Review failed

8. An error occurred while checking the Account Logon Time

9. Account Management Review failed

& Nb sp; then go to the management tool to find the Event Viewer:

Application: Right-click> Properties> set the maximum log size. I have set 50 mb and choose not to rewrite the event.

Security: Right-click> Properties> set the maximum log size. I also set 50 mb and select not to rewrite the event.

System: Right-click> Properties> set the maximum log size. I have set 50 mb and choose not to rewrite the event. 12. Local Security Policy

Open the management tool and find local security settings-local policy-Security Options:

1. Interactive login. You do not need to press Ctrl + Alt + Del to enable [based on personal needs ,? But I personally do not need to enter the password to log on.

.

2. network access. do not enable Anonymous Enumeration for SAM accounts.

3. network access. You can delete the value after anonymous sharing.

4. network access. Anonymous Named Pipes can be used to delete values.

5. network access. The Registry path that can be remotely accessed will be deleted.

6. network access. The sub-path of the Registry that can be remotely accessed will delete the following values.

7. network access. Restrict anonymous access to named pipes and shares.

8. account. (as mentioned above ).

13. user permission Allocation Policy

Open the management tool and find local security settings-local policy-user permission assignment:

1. Generally, there are 5 users by default in accessing the computer from the network. We delete 4 Users except Admin. Of course, we have to create another owner.

In your own ID.

2. Force shutdown from the remote system and delete the Admin account.

3. Refuse to Access this computer from the network and delete the ID.

4. Admin can also delete the computer from the network. If you do not use services similar to 3389.

5. Force shutdown at the remote end. Delete.

14. Terminal service configuration

(We can see that some people have made a statement that this operation is under. x in 2000 or 2003.