As the saying goes , " smoke ", since the hacker can enter, that the system must exist for them to open the " back door ", as long as the back door, so that hackers have no place to start, there is no worries!
1. Remove unnecessary agreements
for servers and hosts, it is common to install onlyTcp / ipthe agreement is enough. Mouse Right-click“Network Neighborhood”, select“Properties”, and then right-click“Local Connection”, select“Properties”, uninstall unnecessary protocols. WhichNETBIOSis a source of many security flaws, for hosts that do not need to provide file and print sharing, you can also bindTcp / ipof the AgreementNETBIOSclose, avoid targetingNETBIOSthe attack. SelectThe TCP/IPProtocol/Properties/Advanced”, enter“AdvancedTcp / ipSet”dialog box, select"WINS"label, Tick“DisabledTcp / ipon theNETBIOS "One, closeNETBIOS.
2. Turn off file and print sharing
file and print sharing should be a very useful feature, but it's also a good security hole for hacking when you don't need it. So there is no need to " property " button that will pop up the "
although " file and print sharing " hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciesnetwork ' Nofilesharingcontrol ' , the key value is set to "1" " means allow this feature. So in "
3. Disable the Guest account
There are many intrusions through this account to further obtain administrator password or permissions. If you do not want to give your computer to others as toys, it is still forbidden good. Open the Control Panel, double click Users and Passwords , click the Advanced tab, and then click the Advanced button to bring up the Local Users and Groups window. Right-click on the Guest account, select Properties, and in the " General " page , click " account deactivated ". In addition, renaming the Administrator account will prevent hackers from knowing their administrator account, which will largely guarantee the security of the computer.
4. prohibit the establishment of an empty connection
By default, any user can connect to the server via an empty connection, enumerate the accounts, and guess the password. Therefore, we must prohibit the establishment of an empty connection. There are two ways to do this:
method One is to modify the registry: Open the Registry "Hkey_local_machinesystemcurrentcontrolsetcontrollsa"and the DWORD value " RestrictAnonymous " key value changed to " 1 " can be.
Final Security Management We recommend that you patch your system, Microsoft's endless patches are still useful!
How the user can seal the hacker's "backdoor"