We have installed a brand new operating system... Security issues should be considered .. Of course, we are talking about security issues from the Internet .. If you don't care about it locally, you can do it yourself .. (For example, Win2000)
First, install the latest patch .. (This is necessary) Let's improve it.
2000 share by default .. And the permission is limited by admin .. We want to close... Disable ipc.
Right-click "Network neighbors ".... Right-click "Local Connection "..... Regular... Uninstall the network file and print sharing driver
Rest assured .. This is no harm ..
We are changing: "Network neighbors ".... Right-click "Local Connection "..... "TCP/IP protocol"-advanced-WINS-select disable"
Disable NetBIOS on TCP/IP ....
You are not new to me .. Weak ipc password and shared directory. I found a lot of bots .. In fact, 135,139 of services are based on the server service.
This service does not have much effect .. Set it to disabled (Control Panel-management tools-Service)
This is simple .... Next let's take a look at port 445.
The port 445 of UDP/TCP .. Is used to viruses. Not only viruses .. There is also an official vulnerability called Rpc Overflow. So we need to close it .. There are many ways to disable port 445, but I recommend the following methods:
Modify the registry and add a key value
Hive: HKEY_LOCAL_MACHINE
Key: SystemControlsetServicesNetBTParameters
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
OK... You can no longer see netstat-.....
Next let's take a look at service security ....
After the 2000 system is installed .. Many unnecessary services are enabled by default... A waste of resources .. Not safe ....
Disable Telnet Service, Messageer Service, and Ronmote Registry Service (Remote Registry management is dangerous)
Some Terminal Services are also disabled .... There are also Alerter services, WorKstation services, server services, and Clipbook services.
Net Logon Service, Task Scheduler Service, and RunAs Service .. No more queries .. Dangerous, just the first few
The following is resource saving .....
Account Password problems:
We need to develop a good habit .. That is, the password must contain at least 7 characters .. Add more complex characters !!
Delete unused accounts .. You only need an administrator account for your personal PC .. Other Deletions
The deletion method is implemented in the registry .... 2000 has a permission restriction problem...
All accounts exist in HKEY_LOCAL_MACHINESAM .. However, we do not have the permission limit by default ..
Run-regedt32
You will see a registry. Dongdong .. This is the dedicated permission management .. We can find SAM and choose security> permission restriction.
Set the administrator group to full control! We are using regedit32 to enter the registry .. You will see the contents under SAM.
The account information is under HKEY_LOCAL_MACHINESAMDomainsAccountUsers .. For example, to delete a guest user
We will directly Delete the guest and then delete its corresponding value .. Here is 1f5 (this seems to be all). Other methods for deleting users are the same! Recover regedt32 (whatever you want)
OK .... Account password security measures .. We do:
Choose Administrative Tools> Local Security Policy! Enable password policy-(password complexity is enabled .. Minimum length .. Custom)
Account Policy .. Enable. The number of logon attempts failed .. The number of times the account is locked. All are custom !!!
Below are some User restrictions .. Define your own ......
Next we will talk about the virus... The best way is to install a powerful anti-virus software .. Haha .. I personally think that AVP is used for 2000 or later systems, and Mcafee is used for more than 2000 systems !!! I also recommend a firewall .. It is hacker1.7 of a company in AVP (I provide download, please find it on my blog, I like it very much .. There is nothing to say about the function. In my current personal PC, there is the mcfee8.1 + Kaspersky Anti-Hacker 1.7, and there is not much resource to use... Of course, you can understand the configuration .. Okay .. .. I think it should be safe...
This is for your reference. Remember to leave a message .......