Author: snilsor
Statement:
This article is not written by myself. It is applicable to Windows 2000 or later. The experiment involved in this article is passed under Windwos 2003)
---------------
Build the ultimate defense line for personal computer security.
----------------------------------------
[1. Disable default sharing]
1. View local shared resources first
Run-cmd-enter net share
2. Delete sharing (input one at a time)
Net share admin $/delete
Net share c $/delete
Net share d $/delete (if e, f ,...... Can continue to delete)
3. delete an ipc $ null connection
Enter regedit
Locate the HKEY-LOCAL_MACHINESYSTEMCurrentControSetControlLSA in the Registry
The value data of RestrictAnonymous is changed from 0 to 1.
4. disable port 139. The ipc and RPC vulnerabilities exist here.
To disable port 139, select "Internet Protocol (TCP/IP)" in "Local Connection" in "network and dial-up connection )"
Properties, go to "Advanced TCP/IP Settings", "WINS Settings", and enter "Disable TCP/IP NETBIOS ".
Port 139 is closed and the RPC vulnerability is disabled.
----------------------------------------
[2. Set service items and perform internal defense]
-------------------
Plan A. Service Policy:
Control Panel → management tools → services
Disable the following services:
1. Alerter [Notifies selected users and computers to manage alarms]
2. ClipBook [enable the "Clipboard viewer" to store information and share it with remote computers]
3. Distributed File System [combines Distributed File sharing into a logical name and shares it out. After it is disabled, remote computers cannot access sharing.
4. Distributed Link Tracking Server [applicable to lan Distributed Link Tracking Client Service]
5. Human Interface Device Access [enable general input Access to the Human Interface Device (HID)]
6. imapi cd-Burning COM Service [manage CD recording]
7. Indexing Service [provides the index content and attributes of files on a local or remote computer, causing information leakage]
8. Kerberos Key Distribution Center [authorization protocol logon network]
9. License Logging [monitor IIS and SQL. If you have not installed IIS and SQL, stop]
10. Messenger [alert]
11. NetMeeting Remote Desktop Sharing [Collection of customer information left by netmeeting]
12. Network DDE [provides dynamic data exchange for programs running on the same computer or different computers]
13. Network dde dsdm [Managing Dynamic Data Exchange (DDE) Network sharing]
14. Print Spooler [printer service. If there is no printer, disable it]
15. Remote Desktop Help Session Manager [manage and control Remote Assistance]
16. Remote Registry [enable Remote computer users to modify the local Registry]
17. Routing and Remote Access [Provide Routing services in LAN and wide area networks. Hacker reasons Routing service spying Registration Information]
18. Server [supports sharing of files, printing, and named pipes on this computer over the network]
19. Special Administration Console Helper [allow the Administrator to remotely access the command line prompt using the Emergency Management Service]
20. TCP/IPNetBIOS Helper [supports the resolution of NetBIOS on TCP/IP and NetBIOS on network clients
Allows users to share files, print and log on to the network]
21. Telnet [allow remote users to log on to this computer and run programs]
22. Terminal Services [allow users to connect to a remote computer in interactive mode]
23. Windows Image Acquisition (WIA) [photography service, applications and digital cameras]
-------------------
Plan B. Account Policy:
1. Open the management tool. Local Security Settings. Password Policy
1. The password must comply with complex requirements. Enable
2. Minimum password value. I set 10
3. The maximum password validity period is 42 days by default.
4. The minimum password validity period is 0 days.
5. Force password history to remember 0 passwords
6. Use recoverable encryption to store and disable passwords
-------------------
Plan C. Local Policy:
Open management tools
Find the local security settings. Local Policy. Audit Policy
1. Audit Policy Change failed
2. login event review successful failure
3. An error occurred while accessing the Audit object.
4. No review is performed during the review and tracking process.
5. Failed to Audit Directory Service Access
6. failed to review privilege usage
7. System Event Review failed
8. An error occurred while checking the Account Logon Time
9. Account Management Review failed
Then go to the management tool to find
Event Viewer
Right-click the application and set the maximum log size. I set the 512000KB option to not overwrite the event.
Security right-click the attribute and set the maximum log size. I also set the 512000KB option to not overwrite the event.
Right-click the system and set the maximum log size. I have set the 512000KB option to not overwrite the event.
-------------------
Plan D. Security Policy:
Open management tools
Find the local security settings. Local Policy. Security Options
1. Interactive login. You do not need to press Ctrl + Alt + Del to enable it. [It is better to enable it based on your needs, but I personally do not need to directly enter a password to log on]
2. network access. do not enable Anonymous Enumeration for SAM Accounts
3. network access. Anonymous sharing is allowed to delete the following values.
4. network access. Anonymous Named Pipes can be used to delete the following values.
5. network access. The Registry path that can be remotely accessed will delete the following values.
6. network access. The sub-path of the remote access registry will delete the following values.
7. network access. Restrict anonymous access to named pipes and shares
8. Account. Rename the guest account guest [it is best to write a Chinese name that you can remember] To ask the hacker to guess the guest, and delete the account, which will be explained in detail later]
9. Account. Rename the system administrator account [Chinese name is recommended]
-------------------
Plan E. user permission allocation policy:
Open management tools
Find the local security settings. Local Policy. user permission allocation
& Nbs