Catch WinXP system security practical Skills _windowsxp

Source: Internet
Author: User
Tags anonymous set time account security domain server in domain
With the popularity of Windows XP on personal computers, more and more people are beginning to be inseparable with Windows XP, despite the strong stability and reliable security of Windows XP. However, the vulnerabilities that have been discovered over and over again have made Windows XP a threat to attack. This article will improve security for the Windows XP operating system, further improve the security of users using the Windows XP operating system, and discuss some of the things you should be aware of, in the hope of helping a wide range of Windows XP users.

   1. Install security Policy

   (1) Do not choose to install from the network

While Microsoft supports online installation, it is absolutely unsafe. Do not connect to the network, especially the Internet, until the system is fully installed. Do not even connect all the hardware to install. Because Windows XP is installed, after entering the user Administrator account "Administrator" password, the system will establish a "admin" share account, but did not use the password just entered to protect it, this situation will continue until the computer started again. During this time, anyone can access the system through "ADMIN", while the installation is complete and the various services run automatically, while the server is also full of vulnerabilities and is very easy to invade from outside.

   (2) to select the NTFS format to partition

It is best that all partitions are in NTFS format because the NTFS-formatted partitions are more secure. Even if other partitions are in other formats (such as FAT32), they should be in NTFS format at least in the partition where the system resides. In addition, applications should not be placed in the same partition as the system, so that an attacker could exploit application vulnerabilities (such as Microsoft's IIS vulnerabilities) to cause system files to leak, and even allow intruders to remotely obtain administrator privileges.

   (3) system version of the choice

Version of the choice: Windows XP has a variety of language versions, for us, you can choose the English version or Simplified Chinese version, I strongly recommend: in the case of language does not become a barrier, please use English version. You know, Microsoft's products are known as Bugs & Patch, the Chinese version of the bug far more than the English version, and the patch is usually late at least half a month (that is, the general Microsoft released a loophole after your machine will be in unprotected condition for half a month).

   (4) Customization of components

Windows XP installs some commonly used components by default, but it is very dangerous for this default installation, you should know exactly what services you need, and just install the services you really need, according to security principles, minimal service + minimal permissions = maximum security.

  (5) Partitioning and Logical disk allocation

It is recommended to create more than two partitions, a system partition, more than one application partition, separate the system partition from the application partition, in order to protect the application, in general, the virus or hacker exploits the vulnerability attack, the damage is the system partition, without causing damage to the application partition.

   2. Account Security Policy

   (1) User security settings

Check user account, stop unwanted account number, recommend to change the default account name.

1, the Guest account is disabled in the Computer Management users to disable the Guest account. For insurance purposes, it's a good idea to add a complex password to the guest.

2, limit unnecessary users to remove all duplicate user users, test users, shared users and so on. User Group Policy sets the appropriate permissions and frequently checks the users of the system to remove users that are no longer in use.

3, create two administrator account to create a general right users to receive letters and to deal with some of the day-to-day things, another user with administrator privileges only when needed to use.

4, the system administrator account name of Windows XP users can not be deactivated, which means that others may try this user's password over and over. Try to disguise it as a regular user, such as GUESYCLUDX.

5 Create a trap user to create a local user named "Administrator", set it to the minimum, do nothing, and add a super complex password of more than 10 digits.

6. Change the permissions of shared files from Everyone group to authorized users do not set the users who share files to the Everyone group, including print sharing, the default property is "Everyone" group.

7, do not allow the system to display the last Logged-on user name Open Registry Editor and find the registry key Hklmsoftwaremicrosoftwindowstcurrentversionwinlogondont-displaylastusername, Change the key value to 1.

8), System account/shared list the default installation of Windows XP allows any user to get the system all account/share list through empty users, this is originally for the convenience of LAN users to share files, but a remote user can also get your user list and use brute force method to crack user password. You can disable 139 null connections by changing the registry local_machine\system\currentcontrolset\control\lsa-restrictanonymous = and you can also use Windows XP's local Security policy (if the domain server is in Domain Server security and Domain Security Policy) has this option RestrictAnonymous (additional restrictions on anonymous connections), this option has three values:

0:none. Rely on Default permissions (None, depending on the default permissions)

0 This value is the system default, what restrictions are not, remote users can know all of your machine accounts, group information, shared directories, network transmission list, etc., for the server such a setting is very dangerous.

1:do not allow enumeration of SAM accounts and shares (does not allow enumeration of SAM accounts and shares)

1 This value allows only non-null users to access SAM account information and share information.

2:no access without explicit anonymous permissions (access is not allowed without explicit anonymous permissions)

2 This value is supported in Win2000, if you do not want to have any share, set to 2. The general recommendation is set to 1.

   (2) Password security settings

1, use a secure password to pay attention to the complexity of the password, but also remember to change the password often.

2, open password policy attention to apply password policy, such as the password complexity requirements, set the minimum password length of 8 digits, set the mandatory password history of 5 times, the time is 42 days.

   3. Apply Security Policy

(1) Install antivirus software

Antivirus software not only can kill some famous viruses, but also killing a lot of Trojans and backdoor procedures, so pay attention to frequently run programs and upgrade the virus library.

(2) Install the firewall

Listen to the external attack on the machine, and remind the user to take precautionary measures early.

(3) Installing system patches

Download the latest patches to Microsoft's Web site: Frequent visits to Microsoft and security sites, downloading the latest service packs and patches, are the only way to keep the server safe for the long haul.

(4) Enable power protection features

When using a computer to process a file, the most worrying thing is that the computer suddenly drops electricity, because this sudden power off will not only make the fruits of their hard work vanish in a flash, serious words will also cause damage to the computer. In order to prevent accidental power off in various situations and ensure the safety of the computer, we should enable the function of asking for or sleeping directly when the power button is pressed in power management.

If you want to start the Power Protection feature, you can click Start/Control Panel/performance and maintenance/Power options on the Windows XP desktop. Select the "Advanced" tab in the Pop-up Settings box and locate the "Press the Computer power button" setting under the corresponding tab page. Then choose Hibernate or ask me what to do in the settings box, and if you choose the Shutdown option, the Power Protection feature is not enabled.

(5) Using screen saver program

See "Screensaver" word, you will naturally think of the computer screen saver, it is mainly through the use of different ways to display the specified picture to achieve the purpose of screen protection. But only if the computer does not operate to the pre-set time, the system will start the screen saver, if you want to start the screen saver in any given time, what to do?

We can do this in the following ways: In the Windows XP Start menu, click Start/Search/files or folders, and then in the Search dialog box that pops up, click the All files and folders type and in the text box for the file name, enter *. SCR character, and then in the search scope drop-down list, select Native Disk (C:) or the drive where the system files are stored on your computer, and then click the Search button.

Then, in the list of found screen savers, select the screensaver you want, and create a shortcut to the screensaver that is stored on your desktop. To start the screensaver in the future, double-click the screen saver shortcut on the desktop directly, if necessary, add a password to the "screensaver", so you need to re-enter the user name and password when restoring, to protect the computer resources more securely.

(6) Stop unnecessary service

Too much service is not a good thing, will not have to turn off all the necessary services! The more service components are installed, the more service functionality users can enjoy. However, users usually use the service components are limited, and those rarely used in addition to consuming a lot of system resources, will cause system instability, but also for the hacker's remote intrusion provides a variety of ways.

For this reason we should try to block out the service components that are not needed temporarily. The specific action method is: first found in the Control Panel "Administrative Tools"/"services", then, open the Services dialog box, select the program that you want to mask, right-click, and choose Properties/Stop from the pop-up shortcut menu, and set Startup type to Manual, or you can also Disabled so that the specified service component can be masked.

  4. Network security Policy

(1) Close unnecessary ports

Closing the port means reducing the functionality and requiring you to make a decision on security and functionality. If the server is installed behind the firewall, the risk will be less. But never think that you can sit on your pillow. Use the port scanner to scan the open ports of the system to determine which services are open to the system and may cause hackers to invade. A table of well-known ports and services is available in the \system32\drivers\etc\services file in the system directory for reference. You can do this by opening the Network Places/properties/Local Area Connection/Properties/internet Protocol (TCP/IP)/Properties/Advanced/Option/TCP/IP Filter/properties to open TCP/IP filtering, and add the TCP, UDP protocol you need.

(2) Set the access rights of security records

The security record is not protected by default, and it is set to only administrators and system accounts for access.

(3) e-mail system using Web format

Do not use the client mail system such as Outlook, Fox mail and so on to accept mail, some of the current mail is very harmful, once implanted this machine, it is possible to cause system paralysis. At the same time, do not look at the attachments in the mail of strangers, these attachments often carry viruses and Trojans.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.