Windows has many ports that are open by default, and Internet viruses and hackers can connect to your computer via these ports when you surf the Internet.
In order to make your system a fortress, you should close these ports, mainly: TCP 135, 139, 445, 593, 1025 ports and UDP 135, 137, 138, 445 ports, some popular virus backdoor ports (such as TCP 2745, 3127, 6129 ports), and remote service access port 3389. The following describes how to turn off these network ports under windowsxp/2000/2003:
First, click on the "Start" menu/setup/Control Panel/Admin tool, double-click to open Local Security policy, select IP Security Policy, on local computer, right-click in a blank location in the right pane, pop-up shortcut menu, select Create IP Security Policy, and then pop up a wizard. In the wizard, click the "Next" button, name the new security policy, and then press "next" to display the "Secure Communications Request" screen, remove the hook to the left of the "Activate Default Rule" button on the screen, and click "Finish" to create a new IP Security policy.
The second step, right-click the IP Security Policy, and in the Properties dialog box, remove the hook to the left of the Use Add Wizard, and then click the Add button to add a new rule, and then pop the new Rule Properties dialog box, click the Add button on the screen, and pop up the IP Filter List window; In the list, first put the Use the Add Wizard to remove the hook on the left, and then click the Add button on the right to add a new filter.
Step three, enter the Filter Properties dialog box, where you first see the addressing, select "Any IP address" from the source address, choose "My IP Address" for the destination address, click the "Protocol" tab, choose "TCP" in the "Select protocol type" Drop-down list, and then enter "135" in the text box under "to this port". Click on the "OK" button to add a filter that shields the TCP 135 (RPC) port from being connected to your computer via port 135.
When you click OK to go back to the Filter List dialog box, you can see that you have added a policy, repeat the steps to continue adding TCP 137, 139, 445, 593 ports, and UDP 135, 139, 445 ports, and set up the appropriate filters for them.
Repeat the above steps to add TCP 1025, 2745, 3127, 6129, 3389 port shielding policy, set up the above port filter, and finally click the "OK" button.
Step fourth, in the New Rule Properties dialog box, select New IP filter list and click on the circle to the left to add a point indicating that it has been activated, and then click the Filter Action tab. In the Filter Actions tab, remove the hook to the left of the "Use Add Wizard" and click the "Add" button to add a "block" action: In the Security tab of the new Filter action properties, select Block, and then click OK.
Step fifth, go to the New Rule Properties dialog box and click "New Filter Action". The circle on the left adds a point indicating that it has been activated, clicks the Close button, closes the dialog box, returns to the new IP Security Policy Properties dialog box, hooks to the left of the new IP filter list, and presses OK button to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and choose Assign.
After restarting, the network ports on the computer are shut down, and viruses and hackers can no longer connect to these ports, thereby protecting your computer.