Personal Computer anti-Black Guide

1. Disable null IPC connection:

Cracker can use the net use command to establish a null connection, and then invade into the database. Net view and NBTSTAT are all based on NULL connections. It is good to disable NULL connections. Open the registry and find LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ LSA-restrictanonymous. Change the value to "1.

2. Disable the AT command:

Cracker often gives you a Trojan and then let it run. Then he needs the AT command. Open the management tool-service and disable the Task Scheduler Service.

3. Shut down the Super Terminal Service

If you do. This vulnerability is so bad that I will not talk about it.

4. Disable the SSDP discover service.

This service is mainly used to start the UPnP Device on the home network device, and the service starts port 5000 at the same time. It may cause DDoS attacks, so that the CPU usage reaches 100%, thus causing the computer to crash. It is said that no one will perform DDoS attacks on individual machines, but this operation also occupies a lot of bandwidth. It will continuously send packets to the outside world, affecting the network transmission rate, so it's okay.

5. Disable the remote regisry service.

You can see it. Can you remotely modify the registry? Unless you're really confused.

6. Disable NetBIOS on TCP/IP

Network neighbors-properties-local connection-properties-Internet Protocol (TCP/IP) properties-advanced-wins panel-NetBIOS settings-Disable NetBIOS on TCP/IP. In this way, cracker cannot use the nbtstat command to read your NetBIOS information and the MAC address of the NIC.
7. Disable the DCOM Service

This is port 135. In addition to being used as a query service, it may also cause direct attacks by entering dcomcnfg during running, in the pop-up component service window, select the default attribute label and disable "enable Distributed COM on this computer.

8. Change the Shared File Permission from the "everyone" group to "authorized users"

"Everyone" in Win2000 means that any user with the right to access your network can obtain the shared information. Do not set users who share files to the "everyone" group at any time. Including print sharing. The default attribute is the "everyone" group. Do not forget to change it.

9. Cancel other unnecessary services

Please make your own decisions based on your needs. The following provides the minimum service required by the HTTP/FTP server as a reference:

L Event Log

L License Logging Service

L Windows NTLM security support provider

L Remote Procedure Call (RPC) Service

L Windows NT Server or Windows NT Workstation

L IIS Admin Service

L MSDTC

L World Wide Web Publishing Service

L protected storage

10. Change the TTL value.

Cracker can roughly judge your operating system based on the TTL value returned by Ping, such:

TTL = 107 (winnt );

TTL = 108 (Win2000 );

TTL = 127 or 128 (Win9x );

TTL = 240 or 241 (Linux );

TTL = 252 (Solaris );

TTL = 240 (IRIX );

In fact, you can change HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters: defaultttl REG_DWORD 0-0xff (0-255 decimal, default value 128) to an inexplicable number such as 258, at least let those little cainiao get dizzy for a long time, so it's not necessarily true that you just give up the intrusion.

11. Account Security

Deny all accounts except yourself. Rename Administrator. I just created another administrator account, but I didn't have any permissions. Then I opened the notepad and knocked it out, copied it, and pasted it into the "password, let's break the password ~! It is a low-level account after it is broken. Do you think it is a crash?

12. Cancel displaying the last logged-on user

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ current version \ Winlogon: DontDisplayLastUsername change the value to 1.

13. delete default share

Someone asked me how I shared all the disks when I started. After I changed it back, I restarted and shared it again. This is the default share set for 2 k management, you must modify the Registry to cancel it: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ parameters: the AutoShareServer type is REG_DWORD and change the value to 0.

14. Disable LanManager Authentication

Windows NT servers Service Pack 4 and later versions both support three different Authentication Methods: LanManager (LM) authentication; Windows NT (also called NTLM) authentication; windows NT version 2.0 (also called ntlm2) authentication;

By default, when a client attempts to connect a server that supports both LM and NTLM authentication methods, LM Authentication takes precedence. Therefore, we recommend that you disable LM authentication.

1. Open the Registry Editor;

2. Locate HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA;

3. Select "edit" and "add value" from the menu ";

4. Enter lmcompatibilitylevel in the Value Name and the value type is DWORD. Click OK;

5. Double-click the new data and set the following values as needed:

0-Send LM and NTLM responses;

1-Send LM and NTLM responses;

2-only send NTLM response;

3-only send NTLMv2 response; (effective for Windows 2000)

4-only send NTLMv2 response and reject lm; (Windows 2000 is valid)

5-only send NTLMv2 response, deny LM and NTLM; (valid for Windows 2000)

6. Close the Registry Editor;

7. Restart the machine;

For more information, see: http://support.microsoft.com/support/kb/ar...s/q147/7/06.asp

Well, let's talk about it. As I said, the setting is complete, and a network firewall and a virus firewall are added, which is basically guaranteed by General Security, unless you have to disclose your information yourself. This article focuses on cainiao, skipping some advanced and complex settings. After all, personal computers may be slightly attacked by hackers. Most of the attacks are caused by cainiao who only use a few tools. It would be a great honor to have such experts patronize your computer, would you? Haha.