Basic settings
I. Four misunderstandings about online security
The Internet is actually a world that comes and goes. You can easily connect to your favorite site, while other people, such as hackers, can easily connect to your machine. In fact, many machines accidentally leave a "backdoor" in the machine and system due to their poor online security settings, which is equivalent to opening a door for hackers. The more time you spend surfing the Internet, the more likely someone else will intrude into the machine through the network. If hackers find security vulnerabilities in your settings, they will launch attacks against you, which may be harassment, such as reducing your speed or causing your machine to crash; it may also be more serious, such as opening your confidential files, stealing passwords and credit card passwords. However, many people disagree, because they still have four misunderstandings in terms of Network Security:
Misunderstanding 1: I am not connected to other networks, so I am safe. Yes, you need to connect to the INTERNET, but the independent machines that can access the INTERNET, compared with machines in a commercial network center, the network protocols used are still some or even all the same, A commercial network center machine may also have a public firewall or dedicated security personnel. In contrast, some personal machines used for home, office, and small companies are actually very open portals, and they are completely incapable of preventing hackers. This kind of threat is very realistic: If you use cable modem or DSL to connect to the Internet for a long time, there may be 2-4 mean hackers trying to attack you in a day.
Misunderstanding 2: I use Dial-Up to access the Internet, so my machine is safe. Each time you start to dial up the Internet, the IP address you use will be different, that is, the dynamic IP address, so compared with the static IP users. It is very difficult for hackers to find you, but some hacker software has developed to be able to scan tens of thousands of IP addresses one by one within one hour, so as long as hackers use these tools, even dial-up Internet users may be attacked.
Misunderstanding 3: I use anti-virus software, so I am safe. A good virus software is indeed an essential part of online security, but it is also a small part. It can protect you by detecting viruses and similar problems, but it is powerless to guard against hackers and malicious "legal" programs.
Misunderstanding 4: I use the firewall, so I am very secure. Firewall is very useful, but if your machine always uses some insecure methods to receive and send data, and you only rely on some additional programs to provide security, this means putting all the eggs in one basket. Once the firewall software has bugs or vulnerabilities, you are very dangerous. In addition, the firewall has no defense capabilities for software such as viruses, especially those programs that send or extract data to or from your machine maliciously. Finally, some firewall software may also help, because their vendors introduce the features of their products in the advertisement, which may lead to attacks targeting their vulnerabilities.
But there are some solutions. You can use the tools you already have, and this article will also tell you how to set security and how to choose security software.
2. One-minute basic network knowledge
If you see this content, you may want to glance at it or jump over it directly, but it takes only one minute and it is helpful for you to understand the following content. Simply put, you can divide your network connection into three layers. The deepest layer is the physical connection between you and the network, including hardware. For example, for dial-up Internet access, you need to use a "dial-up adapter" to "talk" with your MODEM. For a LAN, you need a NIC and a driver to exchange data between your PC and the NIC, DSL and cable also require NICs. A pc can use multiple hardware adapters at the same time. For example, you can use a cable modem to access the Internet, or connect a dial-up MODEM to access the Internet, which is still in the LAN, in this way, the system has two network adapters and one dial-up adapter in the network settings.
The intermediate layer of connection consists of the communication protocols and languages used by your machine to communicate with other machines on the network, such as the TCP/IP protocol and NetBEUI and IPX/SPX, these protocols can also work in parallel. One protocol can be bound to multiple hardware devices at the same time, and one hardware device can also bind multiple protocols at the same time. The top-level connection is a network device. You can log on to the Internet, share files and prints, and client programs on the top to complete the tasks you need to complete on the network. Unfortunately, it is bidirectional and allows hackers to perform their operations on you. Therefore, the best way to ensure security is to ensure that there are no dangerous settings and devices. For example, if you do not need to access the Internet, "file and print sharing" is completely unnecessary, this is often used by hackers. In other words, carefully setting which bindings are required can ensure that your machine is not so easy to access, despite some devices and protocols with poor security.
3. How to Ensure connection security
Before modifying the system settings, we recommend that you back up the key data in your system or write down your original settings to restore the data as needed. If you are on a LAN or have special network requirements, consult with the Administrator first. First, check your network settings: Right-click "Network Neighbor" and select "attribute". Now we want to delete some of the INTERNET protocols that can easily connect others to you through the INTERNET: TCP/IP.
If you do not use dial-up Internet access, you can directly jump to the next section. Double-click "dial-up adapter" and "bind", remove all content except TCP/IP, return to the main interface, and double-click "TCP/IP-> dial-up adapter ", you may see a warning, indicating that there will be danger if you modify it. No matter what it is, it will be dangerous if you do not modify it! Click "bind". If you select "microsoft network users" and "file and print sharing", select them. In this way, only TCP/IP is left, you will get a warning that the TCO/IP has not been bound to any driver ", answer NO. If you use a network card, click the corresponding TCP/IP for each card. For example, if I use a cheap Realtek network card, click "TCP/IP-> Realtek RT8029 () PCI Ethernet NIC. click "bind" to confirm that "micrcosoft network user" and "file and print sharing" are not selected ". However, if you want to share files and printers locally on the LAN, you can also add a non-INTERNET Protocol IPX/SPX or NetBEUI. Add an appropriate "micrcosoft network user" and select "file and print sharing" to share and print files!
Now go back and check every adapter and protocol in the system to make sure that "micrcosoft network user" and "file and print sharing" are selected only in IPX/SPX and/or NetBEUI. At the same time, make sure that the two items are not selected in TCP/IP. Repeat this check process on all machines in the LAN. In this way, your machine only uses TCP/IP on the INTERNET, and uses non-INTERNET Protocol on the LAN to share printers and files. Because hackers must use TCP/IP, they need to spend more time accessing the shared printers and files. Note that you may reset the binding and other settings for any changes to the network settings, even including the content you have never touched, when you or the software you installed modifies the network settings, you must perform the steps described above to check the TCP/IP connection to ensure that it is "clean ", not bound to "micrcosoft network user" or "file and print sharing. AOL adds its own (usually unnecessary) adapter to your network settings, in addition, your binding settings may be incorrectly modified. Some users report that their "file and print sharing" is bound to TCP/IP after AOL is installed, this means that printers and files are provided to anyone who wants to connect. The tips mentioned above are also effective to avoid the situation of AOL.
To improve your network security, you can do a lot of work. We will discuss it below, but the above settings will eliminate the most common and prominent network security problems in windows pc, block the most obvious vulnerabilities to you and give you a safer online operation foundation. Once you have learned the above method and used only a few minutes for inspection, you do not need other auxiliary software. The advantage of doing so is that you do not have to spend money!