Http://www.lotsir.com/Blog/search.asp? Searchcontent = Windows + XP & searchtype = title
IPC $ intrusion details:Http://www.cuijian.cn/cuijian/html_research/a01.htm
The ancients said: "No tiger points, just a tiger ". So I also said: only by giving myself a black box can we try to avoid being hacked. As a last resort, this is an attempt to survive. With the in-depth study of the system, you will learn more about security settings.
1, Account Security:After XP is installed by default, the accounts set through the System Setup Wizard do not have a password, so the first step is to set a secure password for these accounts. Open the command line: Enter compmgmt. msc, Open Computer Management-System Tools-local users and groups-users, right-click the account whose password needs to be set, and select "set password ...", Follow the prompts to set a secure password for your account.
2Local Security Policy(Local Security Policy):Secpol. MSC
The Local Security Policy is a common setting item on the MS Server. xp_pro inherits this security feature (not available in Home Edition ). This feature is very powerful. Although it is difficult to set up, after you get used to it, you will find that the design idea of this feature is exactly the same as that of some hardware firewalls. Flexible configuration based on access policies can improve system security to a higher level.
Windows Local Security Policy priority: block first and then allow. That is, execute the blocking policy first and then execute the permitted policy. Generally, you can set a blocking policy for a personal computer. on the server, you can set a blocking policy for all, and then set an opening policy as needed. In a word, setting security policies can greatly improve the security of machines.
Next we will set some basic security policies: Based on protocols and ports.
1) Run secpol. MSC in command line mode.
2) Right-click "IP Security Policies on local computer" and select "create IP Security Policy"
3) In the displayed dialog box, press "next>"
4) give the policy a name, add a description (not required), and then "next>"
5) The prompt is to activate the default response rule. Press "next>"
6) Respond to the authentication method of the rule, use the default one, and press "next>"
7) if a warning is displayed, select "yes" to continue.
8) Press "finish" to edit the following attributes.
9) Press "Add ..." Add a rule, and then click "next>". If a warning is displayed, press "yes"
10) on this page, you can actually add filtering rules. Is it cumbersome? * _ *. Oh, don't worry. Come step by step.
Click "add..." in the button on the right ..."
11) the "IP Filter list" is finally displayed. Add a name and description to remove the "use add wizard" Wizard. (haha, the Wizard is too troublesome ), press "Add ..." Add filter
12) Select the address (addressing) as the first item of the filter attribute.
Source Address: Any IP Address)
Destination Address: My IP Address)
13) filter attribute Option 2: protocol selection.
Select a protocol type: select the protocol type as needed. In this example, select TCP.
Set the IP protocol port: select a port as needed. In this example, select any port to port 135.
After the selection, press OK.
Repeat "Add ..." Action. Now the TCP port 135,445,338 and UDP port 135,445 have been added to the list. After adding, press "OK"
14) return to "IP Filter list", select the added list, and click "Next" to set the next action.
15) when the filter operation settings appear, the operation is not "blocked" by default. Now you need to add the "Block" operation, deselect "use add wizard", and then press "Add ..."
Set "security methods" in operation properties to block "Block", add the name and description in "General", and then press "OK"
Select the newly added "Block", Press "next>", and then click "finish"> "close"
Return to the Local Security Policy, right-click the policy you just added, and select "Assign ".
After the above cumbersome settings, we have implemented security policies based on protocols and ports to deal with common worm port attacks.
3,WindowsFirewall(Firewall):
Open the built-in firewall: Local Nic properties-advanced-Windows Firewall
4Nic attribute settings:Protocols, Ports
Generally, you only need to retain the TCP/IP protocol.
"Advanced TCP/IP Settings"-"wins"-"disable NetBIOS over TCP/IP"
5Anti-virus software:McAfee
McAfee 8.0i Enterprise Edition is recommended.
Open harmful program policies: select these policies.
6Anti-rogue software:Upiea
Download: http://www.lumix.cn/upiea/download.htm
Select "automatically select a security-immune plug-in (recommended)", select "no" in the dialog box, and then press apply.
7Delete Shared Folders:Delshare. bat
Delw.rar: http://www.lotsir.com/Blog/attachments/month_0605/delshare.rar
For example, extract the package to C:/and obtain the delshare. BAT file. Usage:
C:/> delshare c d e Admin
After running the preceding commands, the default share of C, D, and E disks and the default management share of admin are completely deleted.
8, Update system patches:Windows Update
It is necessary to update system patches on a regular basis. We recommend that you update the patches at least once a week.