Deny Network traps and how to enter a secure digital Bastion

Source: xiaoxin Technology Network

When you browse information on the Internet, When you chat with friends on QQ or MSN, when you send and receive emails, when you edit important articles on your computer, do you know that you are in a dangerous environment? Anyone who has a little knowledge of hackers or a hacker software that is everywhere on the internet can steal secrets from your computer or even delete files on your computer. This is not an alarmist.
We have introduced the information security of personal computers from multiple perspectives in many articles. However, due to space and layout reasons, we have not been able to provide a comprehensive overview of all the security issues faced by personal computers. In recent months, due to the increasing variety and quantity of new viruses and malicious programs, there have also been a large number of security questions due to emails or inquiries from many readers. To this end, we have made this issue of dangerous IT. In the next article, you will see from surfing the internet to chatting online, from office software to email, from system logon to online banking, you may encounter all the security risks and solutions in your daily life. In addition, since we have been introducing many software security issues in the past and ignoring some hardware security features, in this article, we will also introduce you to a variety of products with outstanding hardware security performance, such as the ability to lock hard disks so that they can only be used on the local computer.

Traps in the Network

As we all know, the network may be one of the most insecure places. Your personal information may be leaked on the Internet, and hackers may intrude into your PC through the network, even browsing a webpage may be infected with Trojans. How should we ensure our own security in the face of a dangerous network?

There are many security measures that can effectively improve your security on the network, and you only need to do your best.

Keep the system updated in time

Microsoft provides free online upgrade services for users who purchase their genuine operating systems. Do not underestimate this service, because any operating system may have more or less various security risks and vulnerabilities, which are the favorite targets of many hacker software and malicious programs. After Microsoft detects these problems, it will release corresponding patches in time to correct the error. To upgrade these patches, take Windows XP as an example. You only need to click the "Auto Update" icon in the control panel and select the "Auto" item recommended by the system in the new window, as long as you access the Internet, the system automatically downloads and installs the latest patch at the specified time without your intervention.

At least one firewall

From the perspective of protecting network security, all computers should be equipped with at least one firewall. If you do not know how to choose this product, we recommend that you install the firewall built in Windows XP at least, and you do not need to download and install it separately, it also ensures that the software works well with other applications in the system.

On the Control Panel, double-click the "Windows Firewall" icon to go to the firewall settings page, start the firewall, or set it further. To a certain extent, Windows Firewall can prevent unauthorized connections and avoid being infected with network worms. In addition, when your program needs to receive information from the Internet or local area network, Windows Firewall will ask you whether to block the connection or create an "exception" in the firewall configuration ", allow connection requirements of the program.

Pervasive spyware

SpyBot Search & Destroy (spybot.safer-networking.de/), among the professional spyware cleanup tools, has won CHIP evaluation recommendations for its rich functionality and excellent performance, the spyware of the software has excellent detection and removal effects, and provides pre-setup of the system to shield the immunity function of the well-known spyware. You can download the installation program from the software website. After installation, you can start the program from the SpyBot Search & Destroy group in the "Start" menu. When the software is started for the first time, a dialog box with many national flags will pop up, allowing you to select the language to use, select the five-star red flag to select Simplified Chinese. Start SpyBot Search & Destroy, click "check & Clear" in "SpyBot-S & D" on the left of the software main interface, and then click "Check Problem" in the right window ", the software starts to check and clear spyware. Click "immune" in "SpyBot-S & D" on the left of the main interface. The software will immediately check the usage of the immune function on the system, then, in the "immune" window on the right, a dialog box is displayed to inform you of the check result.

Neglected Microsoft Security Tools

In fact, Microsoft has provided many security tools and software for its users, but we often ignore this. Of course, Microsoft Baseline Security Analyzer (MBSA) is the most famous and convenient software, this software is a security analysis tool specially prepared by Microsoft for Windows 2000, XP, and 2003 operating systems. It can check whether known vulnerabilities in the system have been correctly corrected and whether redundant service programs are running, whether the permissions and passwords of users and administrators are secure, whether the registry and shared resources are correctly set, Internet Explorer browser, Microsoft Office, and Internet Information Services (IIS) IN THE SYSTEM) check whether the software is correctly set, and whether the vulnerabilities have been fixed. In addition, for items that cannot pass the test, the analysis tool prompts the reason for the failure and provides a correction method.

You can download the MBSA installation package (www.microsoft.com/china/technet/security/tools/mbsahome.mspx) from the MBSA download page ). After installation, run the command to enter the main interface of MSBA. Click the "Scan a computer" or "Scan more than one computer" option in the right window to test one or more computers, click Start scan to Start the test. After the test is completed, MBSA will display a list sorted by the severity of the problem, clearly listing the status of each test item in the system.

In addition to MBSA, Microsoft also provides many other security tools for users to download. You can visit the security tool download page of Microsoft technical network (www.microsoft.com/china/technet/security/tools/default.mspx) to download them.

If you want to enable IIS on the system to implement Web server or FTP service functions, you can download the IIS lockdowntool and run the IIS lockd.exe tool in the extracted file. This tool is a software dedicated to setting IIS, it removes programs and scripts that are not required by IIS, modifies IIS to support only basic service functions, and fixes known system vulnerabilities.

IE

At present, there are a lot of software in China to improve the protection capability of IE for malignant software, but some of these software will cause new problems in use, the browser may even be modified without you. Therefore, we recommend that you use SpywareBlaster (www.javacoolsoftware.com/sbdownload.html) to prevent malicious programs from being downloaded and automatically installed, and can clear harmful ActiveX controls that have been installed. Moreover, the software is very easy to use. You only need to download and install the software, and then start the software and click "Updates" to update the malware database of the software, click "Protection" to select the Protection function of the application on various browsers.

Insecure ADSL

If you use ADSL to access the Internet, you must be careful because this method may have certain security risks. Generally, the ADSL Access modem is managed on the Web Settings page, and the passwords for managing accounts are default. However, in most cases, the management account of ADSL only allows users on the local LAN to log on, so it does not cause security problems. Unfortunately, some of the ADSL modems currently in use in China support remote logon to the Web setting interface through the Internet by default, so that the user's ADSL modem is open to everyone.

If you do not know how your ADSL is managed, You need to carefully read your ADSL modem specification immediately. If the ADSL modem allows Internet management, you should immediately set it to support only local LAN User Login and change the password of the management account.

Network banking after the digital Bastion

More and more people are beginning to use online banking. But many people have doubts about this new business: Is online banking really safe?

Encrypted transmission protocol is required

You must be aware that, without encrypted secure transmission protocols, all information transmitted over the Internet will be easily stolen and tampered. Therefore, the encrypted transmission protocol must be used when network banking is used. So how do I know whether the secure transmission protocol is currently in use? Take the most common SSL (Secure Socket Layer) protocol as an example. Use the protocol on the address bar of the browser to identify https ://, you can identify that the browser is using SSL protocol connection. In addition, when you connect to an online bank using the SLL Protocol for the first time, a dialog box will pop up asking you to install an SSL certificate, after installing the SSL certificate, you will see a closed yellow lock in the lower right of the browser, indicating that the browser will use SSL encrypted data transmission, this prevents sensitive data from being eavesdropped or tampered with during transmission.

A digital certificate is required.

Digital Certificates are an essential means to ensure the security of online banking transactions. digital certificates provide two functions: electronic signatures and Information Encryption. They can be used for identity confirmation on the Internet, it ensures the security and integrity of information and the non-repudiation of information. Its security is unmatched by the network services that used password verification in the past.

How to use a file Certificate

The key to using a file-type digital certificate is how to ensure the security of the digital certificate and prevent the digital certificate you apply to download from the bank from being obtained by others. Taking the digital certificate of China Merchants Bank as an example, you need to fill in a "Personal Digital Certificate Application Form" at the China Merchants Bank's business outlets and enter the bank account you want to use to manage, then you can obtain the authorization code for downloading the digital certificate. Go home and open the China Merchants Bank website on the computer where you need to use online banking for financial management. Click "log on to personal banking Professional Edition". A warning window is displayed in the browser, you only need to click "yes" to automatically download and install the wealth management software. During the installation process, the installer requires you to choose a suitable location to save the software information, including your personal information, digital certificates, and other important data, which is also our key object to be protected. For the sake of security, we 'd better not store this information on the same computer as the client software of the online bank, or store it on another storage medium, such as a flash drive.