Build your own XP defense line to protect your network from intrusion

Stealth in the Network

The world is amazing. Anyone who can think of a network cable has completely changed people's lives. Through the Internet, we can easily implement applications such as work at home, stock trading at home, VOD, and online games. The rapid development of the network has indeed given us a taste of sweetness. However, sometimes it will make us helpless: When we surf the Internet, network viruses and hacking tools frequently appear, and you may be worried.

For Internet users, various potential threats may come at any time. Among these threats, they often refer to the following: "The guns are good for hiding, the arrows are difficult to defend against", network viruses, and hacking tools. You pay more attention to them, and the losses are relatively small, however, those who use special means to snoop on personal privacy are ignored. It is clear that privacy leakage has been caused, but it is unknown. Therefore, what measures should be taken to ensure the security of personal networks will inevitably become the most important concern of network users.

I. Network stealth Methods

Remind netizens who frequently surf the Internet to note that operating systems later than Win9x can have a memory function for previous user login information. The next time you restart the computer, we will find the login name of the last user in the username column. This information may be exploited by some illegal elements and pose a threat to the user. Therefore, we need to hide the login name of the user on the computer. You can use the following three methods:

Method 1: First open the Local Connection Properties (Control Panel → network connection), select "file and printer sharing for Microsoft Network" on the "General" tab, and click "Uninstall, in the displayed dialog box, click OK to disable "file and printer sharing for Microsoft networks" to hide the computer.

Method 2: First open the Registry Editor (start → run → Regedit) and find the branch "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters, in the right pane, change the value of "Hidden" (REG_DWORD type) to 1 (0 is not Hidden). Then, exit the Registry Editor and restart the computer.

Method 3: Open the "run" dialog box in the "Start" menu and enter "gpedit" in "open. run the msc command to start the Group Policy. Choose Computer Configuration> Windows Settings> Local Policy> User permission assignment. In the window on the right, click Deny access to this computer from the network ", double-click, and click "add user or group". In the displayed dialog box, click "advanced" and use the "Search now" function to select which users are blocked from accessing the computer over the network. Use the above methods to reset the settings! Your computer has been hidden and you no longer have to worry about resource leaks!

Frequently updated software

2. Update your software frequently

To protect computers from attacks from the Internet. Our antivirus software needs to be updated frequently. Currently, most anti-virus software provides the automatic reminder function. If your virus database has been used for a period of time but has not been updated, the anti-virus software will pop up with a reminder. Please update your anti-virus software in time. Anti-virus software cannot start with viruses that are not defined in the virus database. If not, you will pay a heavy price.

In addition, it is also necessary to update the Windows operating system. The current frequency of Microsoft security patches is very high. On the other hand, Microsoft has been actively taking measures and is very effective despite its inability to avoid vulnerabilities. From Windows 98 to the latest version of Windows, there is a link from the Start menu to the Windows Update site. Windows2000 and XP with servicepack3 are automatically updated, you can automatically download the latest update files in the background. Keeping computer software in the latest version is of great benefit to computer security.

At the same time, be sure to watch out for shared services similar to Kazaa files, because such file sharing services are a lot of traps compared with a few years ago and cannot be careless. If you want to use such software to download files, check whether the file size is reasonable, especially check the real name of the file you downloaded. This does not guarantee of the security, because the Peer-to-Peer (Point-to-Peer) sharing software itself is an insecure factor. Let's take a look at the reports that Kazaa was used to spread viruses. Http://www.blue198.com.cn/news/findnews/shownews.asp? Newsid = 4328. You can also search "Kazaa" on www. google. To learn the relevant information.

3. Configure Windows XP Firewall

Installing and configuring a firewall is currently a good way to effectively protect your computer or network. However, a Cable/DSL router with an integrated Firewall/NAT or a firewall software, such as ZoneAlarm and BlackIce, is required. You can also use Windows XP Home edition or Professional Edition. The firewall we will configure here, as well as most firewall software, all the data receiving ports are disabled by default. Therefore, if you want to allow a computer on the Internet to access certain parts of your network, you must modify the default configuration. At the same time, you also need to check the application to determine which ports they will use. All software vendors add this information to their own software. Now we will configure the two most common firewalls. Main role: firewall program in Windows XP operating system and a common cable/DSL router.

Configure the Firewall Service

How to configure the Windows XP firewall? Activate the firewall first. Take the English version of XP as an example. Go to "start/controlpanel/networkandInternetconnections/networkconnections", right-click your Internet connection, select "properties", and select the "advanced" tab when entering the properties page, click "InternetConnectionFirewall. At present, we only need to make a package filter and link-level gateway's merging body start to work. Your computer will now record local programs that attempt to access the Internet for reference when checking incoming data. All unrequested data packets are rejected by the firewall. If you also choose to enable Internet Connection Sharing, the firewall will also accept requests from computers on the same network as you, just like the gateway. XP firewall can effectively block unauthorized external data.

In addition, configuring the Firewall Service is also critical because the XP firewall cannot filter the data you send, which is the main disadvantage. This is also a dangerous hazard. Because your computer may have been installed with a Trojan horse without your knowledge, the trojan will send your personal information back to the preset location on the Internet. Filtering out outgoing data means opening the door to the Trojan program. For this reason, you need to ensure that anti-virus software is updated frequently. If you want to allow Internet access to programs on computers in the Intranet, such as web pages or FTP servers, you must configure them in the firewall settings bar. Go to the Advanced tab of Internet connection properties, and click "settings" at the bottom of the dialog box. Each list option on the screen represents an OS preset service. You can set to allow a service to be accessible from a specific port by other computers on the Internet. For example, select the "WebServer (HTTP)" list item and click "edit. At this time, you can see that the pop-up dialog box lists the description of the service, which is conducive to the convenience of operation.

Multiple insurances

"NameorIPaddressofthecomputerhostingthisserviceonyournetwork" -- create the host name or IP address of the service. In this text box, enter the name or IP address of the Intranet computer that you want to be accessible from the Internet. "TheExternalPort #" (external port number) is used to specify the port number that the Intranet HTTP service opens to the Internet. "TheInternalPort #" (internal port number) is used to specify the port for Intranet computers to access this service. If the HTTP service runs on an intranet computer rather than a gateway, enter the service port of the Intranet computer on which the service runs. This step is called Port ing. Port ing can be used to access specific port services from the Internet to machines in the LAN. How can we easily create your own services? In fact, it is very simple. You only need to figure out which port is used for the Service to be opened to the Internet, and know whether it complies with the TCP or UDP protocol. If it is easy to figure, make the external port number consistent with the internal port number during port ing.

As we all know, in recent years, various viruses and hacking software have emerged one after another. Despite the wide variety of network firewalls and anti-virus software protection, it is often difficult to prevent. Therefore, we should also remind you that, in our computer, local security of data must be protected by layers and cannot be neglected; not only do we need to open the virus firewall, open the network firewall to ensure the security of computers and the entire intranet. With this "multiple insurances", we can feel more secure in the network!