Nowadays, viruses and Trojans are attacked in a variety of ways, especially computer ports, which are the key part of the virus. Have you ever encountered such a situation, when we installed a firewall such as Skynet to access the Internet, we only saw an exclamation point. It looks like "XXX. xxx. xxx. xxx tries to connect to the xxx port of the local machine, and this operation is denied "and other operation prompts. This is the performance of some virus and Trojan attack ports. Today, we will teach you how to use the system's IP security policies to prevent virus intrusion.
Concept knowledge
Before solving the above problems, we should first understand some common sense concepts, especially the knowledge about ports. What is a port? In network technology, a port has two meanings: one is a physical port, for example, ADSL modem, Hub, switch, router is used to connect other network equipment interface, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service.
The port mentioned in this Article refers to the port in the logic sense. It is the logical interface connecting a computer to an external network and the first barrier of a computer. By default, many windows ports are open. when accessing the Internet, network viruses and hackers can connect to your computer through these ports. In order to change your system to a copper wall, we need to remove some important ports, such as port 80 for web site services, port 21 for FTP services, and port 25 for e-mail SMTP services; port 110 is for the E-mail POP3 Service, port 1433 is for the SQL Server service, and some ports without services can be closed, for example, TCP 135, 139, 445, 593, and UDP 1025, 135, 137, 138, and 445, and some popular Backdoor Ports (such as TCP 2745, 3127, and 6129 ), and remote service access port 3389. For some ports without services, in addition to using some network firewalls to disable them, using IP Security Policies to disable them can be a good way to prevent intrusions, next we will customize the IP policy.
Understanding IP Security Policies
The IP security policy is a policy for communication analysis. It compares the communication content with the set rules to determine whether the communication is consistent with expectations, and then decides whether to allow or reject communication transmission, it makes up for the "random Trust" major security vulnerabilities in the traditional TCP/IP design, and can achieve more careful and accurate TCP/IP security, that is, after configuring the IP security policy, we have a free, but well-functional personal firewall.
Real-world IP Security Policy
1. Create an IP Security Policy
Step 1: click the "Start" menu and select "Settings> Control Panel". In the displayed "Control Panel", double-click the "Management Tools" icon, go to "Administrative Tools", double-click the "Local Security Policy" icon, and enter the "Local Security Policy" dialog box.
Step 2: Right-click "IP Security Policy" and select the "Create IP Security Policy" command
In the displayed "IP Security Policy wizard" dialog box, click "Next" and enter the IP Security Policy Name.
For example, "shield port 135", click the "Next" button again to keep the default parameter settings unchanged until the location is complete, so that a "shield port 135" security policy is created, click OK.
2. Set IP Filter
Right-click "IP Security Policy" and select "manage IP Filter and Filter Operations" to go to the corresponding dialog box. On the "manage IP Filter list" page, click "add". In the "IP Filter list" displayed, enter the name "Mask port 135", click "add", and then click "Next. Select "my IP Address" in the target address, click "Next", and select "TCP" in the Protocol (this option is generally selected based on the specific port settings, for example, when the ICMP protocol is disabled, select ICMP here. 3, click "Next", select any port from the IP protocol port, and enter 135 in this port, click "Next" to complete port 135 blocking and click "OK" to return. The settings for other ports are similar.
3. Filter Operations
In the "manage IP Filter and Filter Operations" dialog box, go to the "manage Filter Operations" page, click "add", and then click "Next, enter "reject" in the name and click "Next. In the filter operation, select "Block" and click "Next". In this way, "deny" is added to the filter operation.
Click "close" to return to the "Local Security Settings" dialog box.
In the "Local Security Settings" dialog box, double-click "IP Security Policy on local computer" in the left-side window. We can see that port 135 is blocked in the window on the right, right-click the newly created IP Security Policy "Mask port 135" and select "properties ". Select "add" in the rule, click "Next", select "this rule does not specify a tunnel", and then click "Next, select "all network connections" in "select network type", click "Next", and select "shield port 135" in the IP Filter list.
Click "Next", select "deny" added in the previous operation in the displayed window, and click "Next, in this way, the filter is added to the IP Security Policy named "Mask port 135", and click "OK" to return.
4. Assign
The IP Security Policy for "shielding port 135" has been created, but it does not work until it is assigned. Right-click "Mask port 135" and select "Assign". The IP Security Policy takes effect. You only need to repeat the above steps to shut down other useless ports on the computer, so that we can create a secure network firewall.
