Recently, hacker attacks frequently occur. Our friends are also constantly suffering from QQ, email, and game account theft. Today's hacking technology is moving towards the popularization direction, and more people are able to master the system technologies that attack others. As long as your computer has a system Bug or installed problematic applications, it may become a zombie of others. How can I check and handle vulnerabilities on an online machine?
1. Terrible Port
To communicate with the outside world, the computer must use some ports. If someone else wants to intrude into and control our computers, they also need to connect to them from some ports. One day I checked a friend's system and was surprised to find that important ports such as 139, 445, 3389, and 4899 were opened. All these ports can facilitate hacker intrusion, in particular, the port 4899 may be opened by the backdoor tool Radmin installed by the intruder, which can be used to gain full control of the system.
In Windows 98, select "run" through "start" and enter "command" (in Windows 2000/XP/2003, enter "cmd" in "run "), enter the Command Prompt window, and then enter netstat/an to view the opening and network connection of the local port.
How can we close these ports? Because each port on the computer corresponds to a service or application, these ports are automatically closed as long as we stop the service or uninstall the program. For example, you can stop the Radmin service in "My Computer> Control Panel> Computer Management> service" to disable port 4899.
If you do not find a service that opens a port or stops the service, the normal use of the computer may be affected. You can also use the firewall to shield the port. The following example shows how to disable the 4899 port of Skynet personal firewall. Open the "custom IP rule" page of Skynet, click "add rule" to add a new rule, and select "accept" in "packet direction ", select "any address" from "peer IP Address", enter "from 4899 to 0" in the local port on the TCP tab, and enter "from 0 to 0" as the Peer Port, select "intercept" in "when the preceding conditions are met" to disable port 4899. Other methods for disabling ports can be used.
2. Enemy's "process"
In Windows 2000, you can press Ctrl + Alt + Del to call up the task manager to view and close the process; however, in Windows 98, you can only view some applications by pressing Ctrl + Alt + del. Some service-level processes are hidden and cannot be seen, however, you can see it through the built-in system tool msinfo32. In "Start> Run", enter msinfo32 to open the "Microsoft System Information" interface. The local process is displayed under "running tasks" in "software environment. However, to terminate a process under Windows 98, you must use a third-party tool. Many system optimization software comes with tools for viewing and disabling processes, such as the spring light system modifier.
But at present, many Trojan processes disguise system processes, and it is difficult for new users to tell their authenticity. Therefore, we recommend a powerful Trojan-killing tool named "Wooden Star", which can scan and kill more than 8000 types of international Trojans, more than 1000 types of password theft Trojans have powerful functions and are essential for secure Internet access!
3. Be careful. Remote Management software is in great trouble.
Nowadays, many people like to install remote management software on their machines, such as Pcanywhere, Radmin, VNC, or Windows Remote Desktop, which makes remote management, maintenance, and office convenient, however, the remote management software also brings us many security risks. For example, a password file exists in Pcanywhere 10.0 and earlier versions *. the problem that the CIF value is easily decrypted (decoded rather than cracked). Once the intruders get it through some means *. in the CIF file, he can use a tool called Pcanywherepwd to crack the Administrator account and password.
Radmin is mainly about empty passwords. Because Radmin is empty by default, the password security settings are ignored after Radmin is installed, any attacker can use the Radmin client to connect to the server where Radmin is installed and do everything he wants to do.
The Windows system's remote desktop will also provide a convenient door for hackers to intrude into the system. Of course, it is after he has obtained an accessible account through some means.
It can be said that almost every remote management software has its problems, such as the powerful remote management software DameWare NT Utilitie introduced in the 43-phase G12 of this newspaper. Some versions of DameWare Mini Remote Control in its toolkit also have a buffer overflow vulnerability, which allows hackers to execute arbitrary commands on the system. Therefore, IP address restriction is required to use it remotely and securely. Here, we will take Windows 2000 Remote Desktop as an example to talk about the IP restrictions on port 6129 (the port used by DameWare Mini Remote Control): Open the "custom IP rules" interface of Skynet, click "add rule" to add a new rule. Select "accept" in "packet direction", select "specify address" in "peer IP Address", and then enter your IP address, on the TCP tab, enter the local port number from 6129 to 0, and the peer port number from 0 to 0. In "when the preceding conditions are met", select "pass ", in this way, except for the specified IP address (192.168.1.70), no one else can connect to your computer.
Installing the latest version of remote control software also improves security. For example, the latest version of Pcanywhere password file adopts a strong encryption solution.
4. "professionals" help you test for free
Many security sites provide online detection to help us discover system problems, such as the online security detection system launched by Skynet security online-Dr. Skynet, it can detect some security risks in your computer, and determine the level of your system based on the detection results, to guide you to further solve possible security risks in your system.
Doctor Tian net (http://pfw.sky.net.cn/news/info/list.php? Sessid = & sortid = 17) provides four Security Detection items, including trojan detection, system security detection, Port Scan detection, and information leakage detection. Four possible results can be obtained: extremely dangerous, moderate dangerous, fairly safe, and exclusive or firewall. Other well-known online security detection sites include Millennium online (http://www.china-yk.com/tsfw/) and Blue Shield online detection (hhtp: // www.bluedon.com/onlinescan/portscan.asp ). In addition, the security of IE is also very important. If you are not careful about it, you may be tempted by malicious code and webpage Trojans. http://bcheck.scanit.be/bcheck/#a website that specifically detects security loopholes in ie.
5. Scan yourself
Dr. Skynet is mainly designed for new users on the Internet and provides remote detection at a lower speed than local machines. Therefore, if you have a certain foundation, it is best to use the security detection tool (vulnerability scanning tool) to manually detect system vulnerabilities.
We know that hackers often use automated tools to scan target machines before they intrude into others' systems. We can also use this idea for reference, use a vulnerability scanner to detect your machine on another computer. The powerful and easy-to-use domestic scanner first pushes X-Scan, of course, the light is also very good.
Take X-Scan as an example, it has open port, CGI vulnerability, IIS vulnerability, RPC vulnerability, SSL Vulnerability, SQL-SERVER and other scanning options, more importantly, list the system vulnerabilities, it also provides a very detailed solution. We only need to "take medicine by side.
For example, after using X-Scan to completely Scan a computer next door, the following vulnerabilities are discovered:
[192.168.1.70]: port 135 open: Location Service
[192.168.1.70]: port 139 enabled: net bios Session Service
[192.168.1.70]: port 445 open: Mi crosoft-DS
[192.168.1.70]: detected weak NT-Server password: user/[Blank Password]
[192.168.1.70]: "NetBios information" Found"
We can find that the weak password of Windows 2000 is a serious vulnerability. NetBios information exposure also facilitates further attacks by hackers. The solution is to set a complex password for the User account and disable the password in the Skynet firewall ~ Port 139.
6. Do not underestimate Windows Update
Microsoft usually develops the corresponding patch tool before the virus and attack tools flood. You only need to click Windows Update in the "Start" menu to go to the Microsoft Windows Update Website, download the latest patch here. Therefore, when you visit the Windows Update Website every week to Update the system in a timely manner, hackers and viruses are basically rejected.