Detailed description of LAN security protection against shared intrusion

LAN security prevention shared intrusion is the focus of this article. In actual operations, for example, in a LAN, the Server is equipped with a Win2000 Server System and NTFS partition is used, the client computers are Workl, Work2 ...... WorkN, and has a Win98 or Win2000 Pro system.

Assume that the username and password of one of the clients are aaa and have logged on to the domain, the client can use the default sharing method to intrude into the server: enter server admin $ in the address bar of the network neighbor of the client to enter Win2000 system directory Win NT. At this time, the user can delete the file.

If you enter server d $ again, you can access the d disk on the server. At this time, the client user has the administrator privilege of the server, which is quite dangerous. Specifically tested users can create Winstart. bat or Wininit. INI file, and add the statement to format the C disk to make the system lose all the C disk files, or add the Startup Program of any popular trojan in the startup Item of the server, the consequences are unimaginable.

Win2000 adopts the default sharing mode for remote maintenance, but it also gives hackers a chance to access it. Open the Registry Editor and navigate to HKEY_L0CAl_MACHINESYSTEMCurrentControlSetServiceslanmanserver. if the system is Win2000 Pro, create a DWORD Value for autoscaling wks and set the key value to 0. if the system is Win2000 Server, then the DWORD Value of Autoshareserver is created and the key value is set to 0. After you restart the computer, the shared data will not appear again by default.

However, the risks are not eliminated. Clients with Win2000 platforms can also use empty IPS $ connection to intrude into the server. The client user can use the port scanning software X-Scan to fill in the server's IP address. In the scanning module, select sqlserver weak password and nt-server weak password. After obtaining the weak nt-server password, you can enter "net use 192.168.0.88 ips $"/user: "user" in the cmd window of the client to create an empty connection, activate Guest, and add administrator permissions, install a backdoor (such as netcat) for remote control.

How does the Administrator disable empty IPS $ connections? You can locate the Registry HKEY_LOCAL_MACHINESYSTEMCurrent ControlSetControlLSA and modify the Restrict Anony-mous DWORD Value to 0000001.

498) this. style. width = 498; "srcwidth =" 550 "srcheight =" 438 "zoomrate =" 1 ">

The above content is an introduction to the prevention of shared intrusion by LAN security. I hope you will gain some benefits.