Introduction
Many organizations rely heavily on their network firewalls to protect workstations and servers fromInternet. This method often seems powerful, but it is vulnerable. Microsoft recommends that you use the networkFirewallAndWorkstationSecurity features. This method provides consistent internal and external powerful security protection. NetworkWormBeing able to enter the firewall of an organization means that only firewall is far from enough.
Attackers on the Internet create worms and viruses that can damage the information stored on the client computer or cause the loss or theft of the information. These attacks can lead to loss of private information and company secrets, prevent computers from being started, and even initiate attacks against other computers. These attacks are a real threat to computers connected to the Internet.
Most attack methods attempt to exploit known computer security issues. To run Microsoft WindowsXPService Pack 2 (SP2) client computers provide powerful protection:
• Personal Firewall (Windows Firewall)
• Update Service Pack and patches (Automatic Updates)
• Anti-virus software that includes the latest virus feature Library (Windows Live OneCare)
• Anti-Spyware (Windows Defender) that contains the latest virus feature Library)
Before getting started
You should first understand the following information and then apply the suggestions provided in this document.
Required creden
Most tasks described in this document require a management account. Normal users cannot execute these tasks.
Suggestions
Microsoft recommends that all Windows workstations be upgraded to Windows XP SP2. Because it includes the latest security features, many of which are enabled by default.
Microsoft also recommends that you upgrade all installed versions of Internet Explorer to the latest version.
Default settings
The default security settings used by the tools mentioned in this document are recommended by Microsoft. These recommended settings can balance the functions and security of Windows XP SP2. Many organizations have their own unique security requirements. Therefore, all these security features are configurable or can be disabled.
Windows Live OneCare
Microsoft provides Windows Live OneCare, a self-update PC maintenance service that runs in the background in an unattended manner. It provides Persistent protection against viruses, hackers, and other threats, and helps you optimize your PC and back up important documents.
Windows Live OneCare provides a console to check the status of multiple security-related services on Windows XP workstations. This screen displays the virus protection, patch level, system running status, and latest data backup status.
Virus protection
Computer viruses are software programs designed to interfere with computer operation. Viruses can record, destroy, or delete data, or spread itself to other computers, and then spread across the Internet, which usually slows down the operation, this process causes other problems.
Similar to the severity classification of human viruses (from common flu viruses to Ebola viruses), computer viruses are equally important. Light viruses only produce some interference, and serious ones completely destroy the system. Computer viruses will also appear in new and different forms. Fortunately, as long as you take preventive measures and have basic knowledge, the possibility of virus threats will be greatly reduced and the impact of the virus will be reduced.
After Windows Live OneCare is installed, the antivirus feature library and operating system security patches are automatically updated to keep your computer up-to-date without manual intervention.
Firewall monitoring
Windows Firewall runs on a single computer to protect your computer from hacker attacks when sending and receiving files. Windows Live OneCare is responsible for continuously monitoring Windows Firewall.
Windows Defender
Windows Defender can be downloaded from Microsoft, which helps protect your computer's private information from Internet attacks. Windows Live OneCare monitors the status of Windows Defender.
Update
Windows Live OneCare are automatically updated to ensure that the protection against viruses, firewalls, and spyware is always up to date, helping you protect yourself from the latest threats.
File backup and Restoration
With Windows Live OneCare, you can create copies of important files and documents and store them on a CD, DVD, or external hard disk to prevent emergencies. This operation can be performed manually or automatically by Windows Live OneCare, so you do not have to remind yourself to regularly back up files and documents. If you encounter problems, Windows Live OneCare can also help restore the backup files to your computer.
Windows Defender
Spyware is usually related to software that displays advertisements (called advertising software) or software that tracks personal or sensitive information. However, this does not mean that all software that provides advertisements or tracks online activities is harmful. For example, you can register and apply for a free music service, but the "price" of the service is to agree to receive targeted advertising. If you are aware of these terms and agree to accept them, it means that you believe this is a fair transaction. You may also agree to have the company track your online activities to determine which ads are displayed to you.
Other types of undesirable software will change your computer without authorization, causing interference or even slowing down or crashing your computer. These programs can change the home page or search page of your web browser, or add unnecessary or undesirable additional components to your browser. These programs also make it difficult for you to change back to the original settings. This type of undesirable program is also known as spyware.
Windows Defender (beta2) is a security technology that helps protect Windows users from the threat of spyware and other potentially unwanted software. Known spyware on the PC can be detected and deleted, which helps reduce the negative impact of spyware, such as poor PC performance, annoying pop-up ads, unnecessary changes to Internet Settings, and unauthorized use of your private information. Continuous protection improves the security of Internet browsing. It can block more than 50 ways for spyware to access your computer. Participants in the Global SpyNet community play an important role in determining which suspicious programs are categorized as spyware. Microsoft researchers quickly developed a response to these spyware attacks, and the update program automatically downloads it to your PC to keep it up to date.
After downloading Windows Defender (Beta 2), perform the following steps to install it.
1. The following dialog box is displayed when you download Windows Defender (Beta 2. Click Run ".
2. The "Welcome to Windows Defender Installation Wizard" screen is displayed. Click "Next ".
3. The "Windows Defender License Agreement" is displayed (as shown in the following screen snapshot ). Read the terms of the agreement.
To continue the installation, select "I accept the terms of the license agreement" and click "Next ".
4. On the "Windows protection help" screen (as shown in the following screen snapshot), select "use Recommended settings ". To read the privacy statement, click "privacy statement. Click "Next ".
5. On the "installation type" screen (as shown in the following screen snapshot), select "full" and click "Next ".
6. When the following "Windows Defender ready for installation" screen is displayed, click "Install" to start installation.
7. After the installation process is completed, the following "Windows Defender installation completed" screen is displayed.
Make sure that the "check updated definitions and Run quick scan now" option is selected, and then click "finish ".
Note that this step requires an Internet connection.
8. When the following screen is displayed, click "check for updates" to obtain the latest update.
Windows Firewall
A firewall is a security system that acts as a protective boundary between the network and the outside world. Windows XP SP2 contains Windows Firewall, which has the same functions on each client computer.
Windows Firewall is installed with Windows XP Professional SP2, which is highly configurable. By default, this software is enabled to protect your computer from network attacks. Windows Live OneCare also monitors Windows Firewall and provides you with a management console that gives you a comprehensive understanding of the security status of your PC. The rest of this document describes how to change the settings of Windows Firewall through the Windows Security Center in the control panel.
Note that Windows Firewall is not designed to replace the functions of network firewall. Windows network is still enabled and can use Windows Firewall, which means you can still communicate with other network computers and print and access network shared resources. However, we recommend that you use the network firewall to protect the ports opened by the above functions.
General settings
You can configure the following options in the general settings of Windows Firewall:
• "Open" (recommended ).
• "Close" (not recommended ). Disabling Windows Firewall will make your computer more vulnerable to viruses, worms, and intruders.
1. To open the windows Security Center, click Start and then click Control Panel ". The following screen is displayed.
2. In the select a category section, click Security Center ". The "Windows Security Center" screen is displayed (as shown in the following screen snapshot ).
Configuration notification
By default, when programs on your computer attempt to communicate with other computers, Windows Firewall will block the program and display a notification dialog box. This dialog box is shown in the following screen snapshot:
This dialog box specifies the program to be blocked. You can choose whether to allow the program to continue running. Available options include:
• Keep blocked. With this option, the program will not accept connections from the Internet or the network without your permission.
• Cancel blocking. With this option, the program will be placed in the Windows Firewall exception list.
• Ask later. You can select this option if you are not sure whether to block or cancel the program. To ensure higher security, this option will block this program. The message will appear again the next time this program is blocked.
Understand Why applications use ports
A port is a connection point used by a program to communicate with other programs (especially programs running on other computers. Each port is identified by a transport protocol and a port number. A specific port is associated with each type of application or service. For example, the standard port of the Web server is TCP port 80, and the standard port of the file transfer protocol (FTP) server is TCP port 21, the file and print sharing Windows Server Service receives messages through the following four ports: UDP ports 137 and 138, TCP ports 139 and 445.
Windows Firewall prevents all ports from receiving unsolicited inbound messages. This feature protects your computer because it blocks messages that malicious code commonly uses to access your computer. Windows Firewall does not impede most legal commercial software because it generally does not send unsolicited messages to client computers.
Because the firewall limits the communication between the Internet and your computer, you may need to adjust the settings for some programs that prefer to use open connections. You can set these programs as exceptions so that they can communicate through Windows Firewall.
Allow Exceptions-risks
Every time an exception is set to allow a program to communicate through the Windows Firewall, your computer is more likely to be attacked. The exception is like a hole in the firewall. If there are too many holes, the firewall will not be able to defend against attacks. Hackers usually use software scanning the Internet to find computers with unprotected connections. If your computer has many exceptions and open ports, your computer may be more vulnerable to attacks.
To help reduce security risks, perform the following operations:
• Allow exceptions only when exceptions are required.
• Do not set exceptions for uncertain programs.
• Delete exceptions when they are no longer needed.
Allow Exceptions despite Risks
Sometimes, despite the risks, you may want someone to connect to your computer, for example, the file you want to receive instant messaging programs over the Internet.
If you want to exchange instant messages with people who send you files (such as workbooks), Windows Firewall displays a prompt asking if you want to cancel the connection and allow file transfer. In addition, you can add the instant messaging program as an exception so that Windows Firewall can allow the connection to your computer.
To add programs to the exception list, complete these steps.
1. Click start, and then click Control Panel ".
2. In control panel, click Security Center, and then click Windows Firewall ".
3. Select the check boxes next to the programs or services to be allowed under "programs and services" on the "exceptions" tab, as shown in the following screen snapshots. Click OK ".
If the program (or service) You want to allow is not listed, perform the following operations:
1. Click Add program ".
2. In the "add program" dialog box, select the program you want to add and click "OK ".
3. Click OK ".
Prompt if the program (or service) You want to allow is not listed in the "add program" dialog box, click "Browse" to find the program to be added, and then double-click the program. (Generally, programs are stored in the Program Files folder on the computer .) In this case, the program appears under "program" in the "add program" dialog box.
The final method is to open the port
If you still cannot find the program, open the port. The port is like a small door on the firewall that allows communication. To specify the port to open, click Add port on the "exceptions" tab ". (If you open the port, remember to close it after use .)
The reason for adding an exception is as follows:
• Easier operation.
• You do not need to know the port number to use.
• Adding an exception is safer than opening a port because the firewall is open only when the program waits to accept the connection.