Blocking operating system gaps makes hackers nowhere to start

Since we understand the dangers of hacker attacks, and we cannot "start from the crowd", doing so is too contrary to the "Chivalrous Spirit! The so-called wind and waves, if we block the gap in the system, so that hackers have nowhere to start, isn't it better! Let's take a look at the gaps that hackers often attack. Unnecessary protocols and ports are the logical interfaces connecting computers to external networks and the first barrier of computers. Therefore, whether the port is correctly configured directly affects the security of our hosts. In general, it is safer to open only the port that needs to be used, but disabling the port means reducing the function. Therefore, we need to balance the security with the function. For functions that we don't need at all, there is no need to open the port to hackers. as an administrator, I disabled the protocols and ports that are not commonly used. Delete all unnecessary protocols when configuring system protocols. Generally, only the TCP/IP protocol is enough for servers and hosts. Right-click "Network Neighbor", select "attribute", right-click "Local Connection", select "attribute", and unmount unnecessary protocols (1 ). NETBIOS is the source of many security defects. For hosts that do not need to provide files or print shared files, you can also disable NETBIOS bound to the TCP/IP protocol to avoid NETBIOS attacks. Select [TCP/IP protocol] → [properties] → [advanced] to go to the "Advanced TCP/IP Settings" dialog box, and select the "WINS" tag, select disable NETBIOS on TCP/IP (2) and disable NETBIOS.

Figure 1 unmount unnecessary protocols. Of course, you can disable ports 137, 138, 139, and 445 of file and print sharing services by using the following methods. Right-click "Network Neighbor", select "properties", select the "advanced" menu in the "Network and dial-up connections" dialog box, and select the "Advanced Settings" command, in the Advanced Settings dialog box (3), select the desired connection in the upper part of the screen, and cancel the "file and printer sharing" option in the lower part (leave blank) to disable these ports.

Figure 2 disable NETBIOS in addition to the protocol and port restrictions, the following methods can also be used: [Network Neighbor] → [attribute] → [local connection] → [attribute] → [Internet Protocol (TCP/IP)] → [properties] → [advanced] → [Options] → [TCP/IP filtering] → [properties], check "enable TCP/IP filtering" to allow only required TCP, UDP port and protocol. However, for port filtering in Windows 2000, there is a bad feature: You can only specify which ports to open and which ports cannot be closed, which makes it difficult for users who need to open a large number of ports, in addition, port filtering sometimes blocks valid connections and occupies too many resources, which may affect host performance. Therefore, port filtering is generally performed only on the gateway at the network border, it can be left empty on a Windows host.

Figure 3 disable the print shared Port

Figure 4 disabling unnecessary services can facilitate management, but too many services are not a good thing, especially for services that my Administrator does not know what to do, it is best to turn them off to avoid system disasters. Therefore, when remote computer management is not required, I will turn off the services related to remote network logon. Go to the "Management Tools" on the control panel, Run "services", enter the service interface, and double-click the services to be disabled in the list on the right, in the "launch type" column of the General tab of the service attribute that is opened, click the triangle button and select "disabled" (4), click the [start] button, and click OK. Unless necessary, disable the following services: stopping these services not only ensures the security of Windows 2000, but also improves the running speed. Through the above operations, we can block the path required by hackers to intrude into the host, so as to ensure the security of the host. When setting Windows 2000, we only need to remember the principle that: minimum permissions + minimum services = maximum security. Server alalerter notifies the selected user and computer about system management-level alarms. Clipbook supports the "Clipboard viewer" so that you can view the clipboard page remotely. Computer browser maintains the latest list of computers on the network and the programs that provide this list to the request. The dhcp client registers and changes the ip address and dns name to manage network configurations. Messenger sends and receives messages sent by the system administrator or the "alarm" service. Net logon supports the pass-through account logon authentication event on the network. Network dde provides the network transmission and security features of Dynamic Data Exchange (dde. Network dde dsdm manages the Dynamic Data Exchange shared by the network dde. Runas service enables the startup process under different creden. Remote registry
Service allows remote registry operations. Server provides rpc support, file, printing, and named pipe sharing. Task scheduler allows programs to run at a specified time. TCP/IP netbios

Helper service allows the "netbios (netbt) on TCP/IP" service and netbios name resolution. Telnet allows remote users to log on to the system and run console programs using the command line. Workstation provides network connections and communications.