Personal computer intrusion and defense

I. Introduction
With the popularization of personal computers and the development of the Internet, more and more people are accessing the Internet to obtain knowledge and information. However, the network is not so calm. Viruses and Trojans are increasingly threatening personal computers and their operations, A certain degree of security knowledge is necessary.
Compared with servers on the network, personal computers are relatively secure. This is because, first of all, personal computers are not always connected to the network as servers do. Second, the number of services opened on personal computers is far smaller than that on servers. The more services opened, the higher the possibility of vulnerabilities.
Ii. Personal Computer defense measures
(1) Basic security settings.
1. Download patches in time. System patches can be downloaded from the Microsoft website or automatically updated by the system. Another piece of patch that cannot be ignored is the patch of the application software. If related patches are not installed in time, the possibility of computer attacks or even attacks will become larger.
2. Install the firewall. Today, almost all personal computers are equipped with firewalls, which are divided into network firewalls and virus firewalls. The former is used to prevent network intrusion, and the latter is commonly used anti-virus software. If you do not have a firewall installed, you can enable it on your own. Select "internet Connection Firewall" in "network connection-local connection-properties-advanced ".
However, after installing the firewall, you still need to modify the settings. Generally, the firewall, such as Kingsoft, rising star, and Skynet, has an IP rule editor. Choose "prevent others from using ping command detection ", when the external machine uses the ping command to detect your machine, the ICMP packet sent by the other party will be blocked by this rule, so that the other party cannot identify your existence using this method. The ping Command selects "Defend against ICMP attacks" to defend against ICMP flood attack programs.
3. Disable dangerous ports. The computer has 1-65535 terminals, 1-1023 is the system Port, and over 1024 is the dynamic port, because it is generally not fixed to a service, but dynamic allocation, dynamic Allocation means that when a system process or program requires network communication, the host allocates one from the available port number for it. When this process is disabled, the occupied port number is also released. You can run netstat-an in the cmd command prompt to view open ports. Disable port filtering by TCP/IP in "management work-Local Security Settings. Generally, the firewall has an IP rule editor that allows you to add ports to be disabled.
4. File Sharing is prohibited. In order to facilitate sharing a folder or sharing a disk, the LAN does not have a password or set a simple password, such as 123456,111, which is a weak password and can be easily cracked by hanging a dictionary.
5. encryption technology. For particularly sensitive communications, you must consider encrypting communications on the PC. A firewall with VPN protection can protect sensitive data of remote sites and prevent DoS attacks from these computers. VPN and SSL provide security methods for e-commerce transactions. PGP and PKI can be used based on business needs.
(2) set the security of the local machine.
1. Delete unnecessary accounts. You can disable the Guest account. You must also set local security policies. Enable Security Audit in "Administrative Tools-Local Security Policy" to detect intrusion.
2. Close the empty connection (IP $ ). IPC $ (Internet Process Connection) is a resource that shares "named pipes". It is a named pipe open for inter-Process communication. In fact, it is not very useful, but it is often used by hackers. They can use net use to connect and get a lot of information on the connection. If you have a system user name and password, you can use IP address $ to connect to the system and upload and delete files, which causes great harm.
3. Disable default sharing (such as C $, D $ ). This sharing is different from common folder sharing. Since WIN2K, this default sharing has been available. Enter net share in cmd and you will see that, for example, C $, there are several disks with such share, and the other one is admin $, which is the c: windowssystem32 system folder.
4. Disable unused services. In XP, the system registers all applications as a service. So it can be said that each application has its own socket, and its own socket means that the application can communicate independently with the same applications of other hosts on the network. If the application has vulnerabilities that can be exploited, it is dangerous. You can modify it in "Control Panel-management tools-service. Some services are not available for general single-host computers, but can be used by hackers. They are some dangerous services, such as remote registry services. Users can modify the Registry over the Internet. Remote logon to this service allows you to log on to the system from a remote computer and operate on this computer using the command line. It is disabled for general users because it may bring a lot of security problems.
(3) make proper settings when browsing the Web page.
1. Disable or restrict cookies. The advantage of Cookie is that when a user first uses a web page, the Cookie remembers the relevant information. After each connection to the site, the server automatically searches for the information, and the client provides the pre-selection information without entering the user ID, this saves the user some steps. Defects include important information such as the user's IP address and password in cookies. Solution: You can specify whether a prompt is displayed when a Cookie is created on your computer on a website. In this way, you can allow or reject Cookie creation or prohibit the browser from accepting any Cookie.
2. prevent IP address leakage. IP address is a tool for locating many hacker software. Therefore, when accessing the internet, you must use Proxy Server (Proxy Server). After using the Proxy Server, all operations performed on the WEB browser are performed by the proxy server. The computer does not directly connect to the server that provides the page, so the IP address will not be leaked.
3. prohibit or restrict Java, Java applets, ActiveX controls, and plug-ins. Because Java, Java Applet, and ActiveX scripts are often used on the Internet, they may obtain computer user IDs, IP addresses, and related passwords, they even install certain programs on their computers or perform other operations. Therefore, restrictions should be imposed on the use of Java, Java applets, ActiveX controls, and plug-ins.
Iii. Conclusion
Due to the increasing openness and viruses of the interconnected network, data information is easily leaked and damaged, and the network is vulnerable to frequent and serious security attacks, therefore, while developing the Internet, we must pay close attention to network security. In this way, we must not only do a good job of security protection, but also have security awareness so that computers can be truly secure.