Block the hacker's "backdoor"

As the saying goes, "no wind and no waves", since hackers can access it, it means that the system must have a "backdoor" for them. As long as the backdoor is blocked and hackers have nowhere to start, there will be no worries!

1. Delete unnecessary protocols

Generally, only the TCP/IP protocol is enough for servers and hosts. Right-click "Network Neighbor", select "attribute", right-click "Local Connection", and select "attribute" to uninstall unnecessary negotiation. NETBIOS is the root cause of many security defects. For hosts that do not need to provide files or print shared files, you can also disable NETBIOS bound to the TCP/IP protocol to avoid NETBIOS attacks. Select "TCP/IP protocol/properties/advanced", enter the "Advanced TCP/IP Settings" dialog box, select the "WINS" tab, and select "Disable NETBIOS on TCP/IP, disable NETBIOS.

2. Disable "file and print sharing"

File and print sharing should be a very useful function, but it is also a good security vulnerability that hackers intrude into when they do not need it. So we can disable "file and print sharing. Right-click "Network Neighbor", select "properties", and click "file and print sharing, remove the hooks in the two check boxes in the pop-up "file and print share" dialog box.

Although "file and print sharing" is disabled, it is not secure yet. You need to modify the registry and prohibit others from changing "file and print sharing ". Open the Registry Editor, select the "HKEY_CURRENT_USERSoftware MicrosoftWindowsCurrentVersionPoliciesNetWork" primary key, and create a New DWORD type key value under this primary key. The key value is "NoFileSharingControl ", if the key value is set to "1", this function is disabled to change "file and print share". If the key value is "0", this function is allowed. In this way, "file and print sharing" no longer exists in the "properties" dialog box of "Network Neighbor.

3. Disable the Guest account

Many intrusions use this account to further obtain the administrator password or permissions. If you don't want to use your computer as a toy for others, you can still deny it. Open the control panel, double-click "user and password", click "advanced" to select a card, and then click "advanced" to bring up the local user and group window. Right-click the Guest account, select properties, and select "Account Disabled" on the "General" page ". In addition, renaming Administrator accounts can prevent hackers from knowing their Administrator accounts, which ensures computer security to a large extent.

4. Do not create a null connection

By default, any user can connect to the server through an empty connection, Enumerate accounts, and guess the password. Therefore, we must disable NULL connections. There are two methods:

To modify the registry, open the Registry "HKEY_LOCAL_MACHINESystemCurrentControlSetControlLSA" and change the key value of DWORD "Restrict Anonymous" to "1.

Html ">