Turn off the Trojan to set up a computer to prevent hackers from hacking the tips _ Security settings

Source: Internet
Author: User
Tags account security
1, prohibit the IPC null connection
Cracker can use the net using command to establish an empty connection, and then intrusion, and net View,nbtstat these are based on the null connection, the prohibition of NULL connection is good. Open the registry and find the LOCAL_MACHINE\SYSTEM\XTV Black Coastline Network security information station
CURRENTCONTROLSET\CONTROL\XTV Black Coastline Network security information station
Lsa-restrictanonymous change this value to "1".
2. Prohibit at command
Cracker often give you a Trojan horse and then let it run, then he needs at command. Open Administrative Tools-Services, disable Task Scheduler services.
3. Turn off Super Terminal Services
If you open it, this loophole is rotten, I will not say.
4. Close SSDP Discover Service
This service is primarily used to start the UPnP device on the home networking device, and the service will also start Port 5000. Can cause a DDoS attack, allowing the CPU to use up to 100%, causing the computer to crash. Supposedly no one will bother to do the personal machine DDoS, but the use of the process is also very occupied bandwidth, it will continue to send packets to the outside, affecting the network transmission rate, so it is closed good.
5. Close Remote Regisry Service
Let's see. Allow remote modification of the registry? Unless you're really out of your mind.
6. Disable NetBIOS on TCP/IP
Network Places-Properties-Local Area Connection-Properties-internet protocol (TCP/IP) Properties-Advanced-wins panel-netbios Settings-disables NetBIOS on TCP/IP. This way cracker cannot use the nbtstat command to read your NetBIOS information and the NIC MAC address.
7. Turn off DCOM service
This is 135 port, in addition to being used as a query service, it can also cause a direct attack, the Shutdown method is: In the runtime input dcomcnfg, in the Pop-up Component Services window to select the default attribute tag, cancel "Enable Distributed COM on this computer" can be.
8. Change the permissions of shared files from "Everyone" group to "authorized user"
"Everyone" in Win2000 means that any user who has access to your network will be able to access the shared information. Do not set the users who share files to the Everyone group at any time. Including print sharing, the default property is "Everyone" group, must not forget to change.
9, cancellation of other unnecessary services
Please make your own decision according to your own needs, below give the HTTP/FTP server need the least service as a reference:
L Event Log XTV Black Coastline Network security information station
L License Logging Service XTV Black Coastline Network security information station
L Windows NTLM Security Support Provider XTV Black Coastline Network safety information station
L Remote Procedure Call (RPC) Service XTV Black Coastline Network security information station
L Windows NT Server or Windows NT Workstation XTV Black Coastline Network security information station
L IIS Admin Service XTV Black Coastline Network security information station
L MSDTC XTV Black Coastline Network security information station
L World Wide Web Publishing Service XTV Black Coastline Network security information station
L Protected Storage
10. Change TTL value
Cracker can approximate your operating system based on a ping-back TTL value, such as:
ttl=107 (WINNT); XTV Black Coastline Network security information station
TTL=108 (Win2000); XTV Black Coastline Network security information station
ttl=127 or 128 (Win9x); XTV Black Coastline Network security information station
ttl=240 or 241 (Linux); XTV Black Coastline Network security information station
ttl=252 (Solaris); XTV Black Coastline Network security information station
ttl=240 (Irix); XTV Black Coastline Network security information station
.
In fact, you can change it yourself:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\XTV Black Coastline Network security information station
Parameters:defaultttl REG_DWORD 0-0xff (0-255 decimal, the default value of 128) into a baffling number, such as 258, at least let those little rookie halo half, you do not have to give up the invasion oh.
11. Account Security
First prohibit all accounts, except yourself, hehe. Then rename the administrator. I also built an administrator account, but what permissions do not have the kind, and then open Notepad, a burst of knock, copy, paste into the "password" to go, oh, to break the password bar! I found out it was a low level account, see you broke down?
12, cancel the display of the last logged-on user
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current VERSION\XTV Black Coastline Network security information station
Winlogon:dontdisplaylastusername change the value to 1.
13. Delete Default Share
Someone asked me to start to share all the disk, after the change back, restart and become a share of what's going on, this is 2K for management and set the default share, you must modify the registry to cancel it: XTV Black coastline Network security information station
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\XTV Black Coastline Network security information station
The Parameters:autoshareserver type is REG_DWORD to change the value to 0.
14. Disable LanManager Authentication
Windows NT Servers Service Pack 4 and subsequent versions support three different authentication methods: LanManager (LM) authentication, Windows NT (also known as NTLM) authentication, Windows NT Version 2.0 (also known as NTLM2) authentication;
By default, LM authentication is used preferentially when a client attempts to connect to a server that supports both the LM and NTLM authentication methods. Therefore, it is recommended that LM authentication methods be prohibited.
1. open Registry Editor;
2. Positioning to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa;
3. Select Menu "Edit", "add value";
4. Enter the value name: LMCompatibilityLevel, the numeric type is: DWORD, click OK;
5. Double-click the new data and set the following values as appropriate:
0-Send LM and NTLM responses;
1-Send LM and NTLM responses;
2-Send only NTLM responses;
3-Send only NTLMv2 response; (Windows 2000 is valid)
4-Send only NTLMv2 response, reject LM; (Windows 2000 is valid)
5-Send only NTLMV2 responses, deny LM and NTLM; (Windows 2000 is valid)
6. Close Registry Editor;
7. Reboot the machine.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.