Network port security protection skills (zz)

Source: Internet
Author: User
Tags website server
As we all know, communication between computers is through ports. For example, when you access a website, Windows opens a port (such as port 1025) on the local machine ), connect to a port of the remote website server. This is also true when someone accesses you. By default, Windows opens many service ports on your computer. Hackers often use these ports to intrude. Therefore, mastering port knowledge is essential for secure Internet access. I. Commonly used ports and their computers need to use the TCP/IP protocol to communicate with each other over the Internet. According to the TCP/IP protocol, the computer has 256 × 256 (65536) ports, these ports can be divided into TCP port and UDP port. By port number, they can be divided into the following two categories: 1. system reserved ports (from 0 to 1023) are not allowed. They all have definite definitions, which correspond to some common services on the Internet, all represent a system service. For example, port 80 represents a web service. 21 corresponds to FTP, 25 corresponds to SMTP, 110 corresponds to POP3, etc. (1 ). [Attachment = 15701]
System reserved Port 2. dynamic port (from 1024 to 65535) when you need to communicate with others, Windows will allocate a dynamic port from 1024 on the local machine. If Port 1024 is not closed, when you need a port, port 1025 will be allocated for your use, and so on. However, some system services are bound to ports 1024 to 49151, such as port 3389 (Remote Terminal Service ). Ports from 49152 to 65535 are usually not bundled with system services, allowing Windows to dynamically allocate them to you. 2. How to check which ports are enabled on the local machine in the default status, Windows will open many "service ports ", you can use either of the following methods to check which ports are enabled on the local machine and which computers are connected to the local machine. 1. The netstat command is provided in Windows to display the current TCP/IP network connection. Note: The netstat command can be used only when the TCP/IP protocol is installed. Operation Method: Click Start → program → attachment → command prompt to enter the DOS window, enter the command netstat-na and press enter, so the local connection status and opened port 2 are displayed. The Local Address indicates the IP Address and port number of the Local Machine (port 135 is opened on the Local machine in the figure). Foreign Address indicates the IP Address and port number of the remote computer, and the State indicates the current TCP connection status, in the figure, LISTENING is the LISTENING status, indicating that port 135 is being enabled on the local machine, waiting for the connection from the remote computer. If you enter the netstat-nab command in the DOS window, it also displays the programs that create each connection. And ADVAPI32.dll. If you find that the machine has opened a Suspicious Port, you can use this command to check which components it has called, and then check the creation time and modification time of each component. if an exception is found, it may be a Trojan. 2. similar to the netstat command, port monitoring software can also check which ports are opened on the local machine, the well-known products include Tcpview, Port Reporter, green e PC universal genie, and network Port viewer. We recommend that you start Tcpview when accessing the internet to closely monitor the connection status of the local Port so as to prevent illegal connections, ensure your network security. 3. disable ports not used by the local machine. By default, many Windows ports are open. Once you access the Internet, hackers can connect to your computer through these ports. Therefore, you should close these ports. Mainly include: ports TCP139, 445, 593, 1025, and UDP123, 137, 138, 445, 1900, and 2513, and some popular Backdoor Ports (such as TCP 2745, 3127, 6129, and ), and remote service access port 3389. Ports 137, 138, 139, and 445 are all open for sharing. You should prohibit others from sharing your machine, so close all these ports, click Start> Control Panel> system> hardware> Device Manager, and click display hidden devices under view ", double-click "plug-and-play drivers", find and double-click NetBios over Tcpip, and in the "NetBios over Tcpip properties" window that opens, click "do not use this device (disable)" under the "General" tab. 3. Click "OK" and restart. [Attachment = 15702]
Attribute [Attachment = 15703] ② close udp123 port: Click Start → settings → control panel, double-click Administrative Tools → service to stop the Windows Time Service. Disable UDP port 123 to prevent some worms.
  
③ Close the udp1900 port: on the control panel, double-click "Administrative Tools> Services" to stop the SSDP Discovery Service. Disable this port to prevent DDoS attacks. ④ Other ports: You can use network firewall to disable them, or double-click "Administrative Tools> Local Security Policy" in "Control Panel" and select "IP Security Policy, on the local computer, create an IP Security Policy to disable it. Udp500, 4500 enabled for the IPsec service! 4. Redirect the default port of the local machine to ensure system security. If the default port of the local machine cannot be closed, you should "Redirect" it ". Redirect the port to another address to hide the accepted default port, reduce the probability of damage, and protect the system security. For example, if the terminal server port (3389 by default) is opened on your computer, you can redirect it to another port (1234 for example) by: 1. modify and locate the following two registry keys on the local machine (server side), and change all portnumbers to custom ports (such as 1234:
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/Tds/tcp]
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp] 2. on the client, choose Start> program> attachment> communication> Remote Desktop Connection. In the Remote Desktop Connection window, click options to expand the window. after entering the relevant parameters, click "Save as" under "General" to export the connection parameter. rdp file. Open the file in notepad and add a line at the end of the file: server port: I: 1234 (enter the custom port of your server here ). Then, double-click the. rdp file to connect to the custom port on the server.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.