Establish three-dimensional defense to prevent viruses and Trojans and hacker intrusion

Source: Internet
Author: User
Tags account security


While the network brings great convenience to our work and study, viruses, Trojans, backdoors, and hacker programs also seriously affect information security. One common characteristic of computer infection is that these programs write information in the Registry to achieve such purposes as automatic operation, destruction, and dissemination. To prevent viruses, Trojans, backdoors, and hacker intrusions, you can simply modify the registry and disable related service connection ports to ensure computer security.
1. Disable null IPC connections
 
Cracker can use the net use command to establish a null connection, and then invade into the database. net view and nbtstat are all based on NULL connections. It is good to disable NULL connections. Open the registry and find Local_MachineSystem.
CurrentControlSetControlLSA-RestrictAnonymous: change this value to "1.

2. Disable and disable the At command

Cracker often gives you a Trojan and then let it run, then you need the at command. Open the management tool-service and disable the task scheduler Service.

3. Disable the SSDP Discover Service
 
This service is mainly used to start the UPnP Device on the home network device, and the service starts port 5000 at the same time. It may cause DDOS attacks, so that the CPU usage reaches 100%, thus causing the computer to crash. It is said that no one will perform DDOS attacks on individual machines, but this operation also occupies a lot of bandwidth. It will continuously send packets to the outside world, affecting the network transmission rate, so it's okay.

4. Disable NetBIOS on TCP/IP

Network neighbors-properties-local connection-properties-Internet Protocol (TCP/IP) properties-advanced-WINS panel-NetBIOS settings-Disable NetBIOS on TCP/IP. In this way, Cracker cannot use the nbtstat command to read your NetBIOS information and the MAC address of the NIC.

5. Disable the DCOM Service

This is port 135. In addition to being used as a query service, it may also cause direct attacks by entering dcomcnfg during running, in the pop-up component service window, select the default attribute label and disable "enable Distributed COM on this computer.

Vi. Account Security
 
Deny all accounts except yourself. Rename Administrator. I just created another Administrator account, but I didn't have any permissions. Then I opened the notepad and knocked it out, copied it, and pasted it into the "password, let's break the password! It is a low-level account after it is broken. Do you think it is a crash?

7. Cancel displaying the last logged-on user

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrent Version
Winlogon: DontDisplayLastUserName. Change the value to 1.

8. delete default share
 
Someone asked me how I shared all the disks when I started. After I changed it back, I restarted and shared it again. This is the default share set for 2 k management, you must cancel it by modifying the Registry: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServer
Parameters: the AutoShareServer type is REG_DWORD. Change the value to 0.

9. Disable LanManager Authentication

Windows NT Servers Service Pack 4 and later versions both support three different Authentication Methods: LanManager (LM) authentication; Windows NT (also called NTLM) authentication; windows NT Version 2.0 (also called NTLM2) authentication. By default, when a customer attempts to connect a server that supports both LM and NTLM authentication methods, LM Authentication takes priority. Therefore, we recommend that you disable LM authentication.
 
1. Open the Registry Editor;
2. Locate HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa;
3. Select "edit" and "add value" from the menu ";
4. Enter LMCompatibilityLevel in the Value Name and the value type is DWORD. Click OK;
5. Double-click the new data and set the following values as needed:
(0)-Send LM and NTLM responses;
(1)-Send LM and NTLM responses;
(2)-send only the NTLM response;
(3)-only send the NTLMv2 response. (valid for Windows 2000)
(4)-send only the NTLMv2 response and reject LM. (valid for Windows 2000)
(5)-only send the NTLMv2 response and reject LM and NTLM; (valid for Windows 2000)
Close the Registry Editor and restart the machine.

Note: Today's viruses are "all-inclusive". Some of them are malignant viruses that can be used to spread the virus, greatly enhancing the efficiency of virus infection. In order to prevent such viruses from being infected, it is not only necessary for antivirus software vendors to work efficiently, but also for Internet users to improve their awareness of defense. Only when the majority of users have improved their awareness of anti-virus security and blocked all the ways of virus infection can they truly make the virus accessible without holes.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.