Source: CCID
What effective measures should hackers take to prevent intrusions? As the saying goes: It's not too late to make up for it. Human society is always moving forward in the constant struggle of evil forces. There is always a way to effectively prevent hacker intrusion and protect your computer systems.
To establish a computer security system, enterprises should also select the security level based on the actual situation of their organizations, and select the appropriate hardware and software facilities and investment. Users who have established an internal enterprise network can describe in three situations based on their business volume on the Internet.
1. No Internet connection
This type of organization only requires the establishment of a preliminary computer network security system, mainly including the following:
1. Select the system administrator. This is the final line of defense. If the system administrator becomes a hacker, the loss will be inevitable.
2. System Administrators should have institutional restrictions to eliminate security risks. For example, restrict the Administrator's operation permissions and monitor the Administrator's actions.
3. The computer operator must specify the specific permissions. The password of each person should be modified on a regular or irregular basis. The password should be composed of digits and letters, and should contain as many characters as possible.
4. prevent viruses from intruding into the system. The use of external disks must be strictly restricted. antivirus software that has been tested by the National Computer Security product testing center should be available, such as the rising anti-virus software network version. Immediately detect and kill viruses when suspicious situations are detected.
5. Strengthen data center management and strictly restrict external personnel from entering the data center to use computers.
Ii. occasional use of the Internet
This type of organization is characterized by the need to check the information of several fixed sites every day, such as newspapers and magazines, stock quotations and related sites in the industry. In addition to the above five requirements, these organizations should also take the following measures:
1. Set up a proxy server. Every day, a dedicated person is responsible for regularly receiving the information of these fixed sites. Once received, the server is immediately disconnected from the Internet. When receiving a message, it is best to remove the proxy server from the enterprise intranet.
2. In the enterprise intranet, especially on servers, operating system software of higher versions, such as UNIX Open Server 5.0.4 and Windows NT 4.0, should be used whenever possible. The security level of the operating system should be the highest level that the system software can provide.
Iii. Extensive use of the Internet
This type of enterprises is characterized by the fact that they need to process their services in real time on the Internet, so they will encounter various complicated situations. In addition to the basic skills of the above two types of enterprises, such enterprises should also do the following (NOTE: Some of the following entries have been eliminated in High-version operating systems .) :
1. You must carefully set the operating system: it is worth noting that many default values of the operating system have been used by hackers as a breakthrough to intrude into the system. Therefore, do not use the default values as far as possible. Specifically, pay attention to the following points:
(1) Change the Administrator account name and create a special account for the system Administrator and backup operator. Hackers cannot guess the account names of System Administrators and Backup Operators. All accounts with Administrator and backup privileges are prohibited from browsing the Web to prevent hackers from instantly listening on the Internet. Do not set the default Guest account.
(2) Make sure that % system % eparirsam.-After each ERD update, it is not readable to all users. Because Windows NT saves user information and encrypted passwords in the SAM file in the NT Registry, that is, the Security account Management database.
(3) Restrict remote administrators from accessing the NT platform. Any user can enter IPaddressC $ (or IPaddressD $, IPaddressWINNT $) in the command line to try to connect to the shared resources of the Management System on any NT platform.
(4) on the domain controller, modify Winlogon settings in the Registry to "OFF ". This prevents Windows NT from displaying the last registered user name in the registration dialog box and providing information to potential hackers.
(5) strictly restrict the administrator privilege on the Windows NT Workstation in the NT domain and never use the default value. This is because anyone may access the memory to obtain the encrypted password to gain access to the default Administrator.
(6) Registry is strictly restricted to local registration and remote access. Because Registry's default permission settings are for "all", "Full Control", and "Create ). This setting may cause the Registry file to be deleted or replaced.
(7) For key directories, the default permission should be changed to "read ". The default permission settings allow "everyone" to have "change" access to key directories. The "Key Directory" includes the root directory of each NTFS Volume, the System32 directory, and the Win32App directory.
(8) restrict the number of printed operators. This is because any member of the print operator group has system-level access to the print driver, which is exploited by hackers to insert malicious viruses into the print driver.
(9) properly Configure FTP to ensure that all FTP applications must be verified on the server. Because FTP has a setting option, allowing customers to directly access an account, making it possible to access users' files and folders without authorization.
2. strengthen the security of computer systems:
(1) disable the remote capabilities of the system administrator and only allow him to directly access the console.
(2) do not reinstall WindowsNT software without permission. Because you can reinstall the entire operating system and overwrite the original system, you can get the Administrator privilege.
3. Information system firewall should be established for systems that are particularly important to financial security:
On the firewall, end all TCP and UDP connections from port 135 to port 142, which facilitates control. The safest way is to use Proxy to restrict or deny SMB-based connections on the network. SMB refers to the ServerMessageBlock ). SMB has many "backdoors" that are not yet exposed, allowing you to access other files on SAM and NT servers without authorization. The SMB protocol allows remote access to shared directories, Registry databases, and other system services.