Just modify 10 items to create a safe and secure and easy-to-use computer

1. View local shared resources??

Run cmd input net share, if you see an unusual share, it should be closed. But sometimes you turn off the share and then appear again the next time you boot up, you should consider whether your machine has been controlled by hackers, or the virus.

　　2. Delete Share (one at a time)??

NET share admin$/delete??

NET share C $/delete??

NET share d$/delete (if there is e,f, ...) can continue to delete)??

　　3. Delete ipc$ null connection??

Enter regedit in the registry and find the numeric data in the Hkey_local_machine_system_current Controset_control_lsa entry RestrictAnonymous from 0 to 1.

　　4. Close your own 139 ports, where the IPC and RPC vulnerabilities exist.

The 139 port is closed by selecting the Internet Protocol (TCP/IP) attribute in local Area Connection in network and dial-up connections, and entering advanced TCP/IP settings, WINS settings, which has "Disable TCP/IP NetBIOS". The 139 port is closed when the check is made.

　5. Prevent RPC vulnerabilities??

Open Administrative Tools-services-Find the RPC (Remote Procedure call (RPC) Locator) service-the first failure in recovery, the second failure, and subsequent failures, all set to no action.

XP SP2 and Pro SP4 do not have this vulnerability.

　6.445-port shutdown??

Modify the registry and add a key value??

Hkey_local_machinesystemcurrentcontrolsetservicesnetbtparameters in the right window to establish a smbdeviceenabled for the REG_DWORD type key value is 0 That's OK.

　7.3389 off??

XP: Right-click on my Computer--> remote, the Remote Assistance inside and Remote Desktop two options box to remove the check.

Win2000server begins--> program--> the admin tool--> service to find the Terminal Services service entry, select the property option to change the startup type to manual and stop the service. (This method also applies to XP)??

With friends of Win2000pro, there are a number of articles on the web that say--> services services are found at the beginning of the--> Settings--> Control Panel--> admin tools Terminal Service. Select the Properties option to change the startup type to manual and stop the service, you can turn off 3389, but there is no Terminal Services in the 2000pro.

　　8.4899 of the precautions??

There are many intrusion methods on 3389 and 4899 on the network. 4899 is actually a remote control software opened the service port, because these control software powerful, so often hackers used to control their own chickens, and such software generally will not be anti-virus software killing, than the back door is also safe.

4899 is not like 3389, is the system's own services. You need to install it yourself, and you need to upload the server to the compromised computer and run the service to achieve the control goal.

So as long as your computer has a basic security configuration, it's hard for hackers to control you through 4899来.

　　9. Disable Service

Open the Control Panel, access the management tools-services, turn off the following services??

1.alerter[notifies selected users and computers to manage alerts]

2.clipbook[Enable ClipBook Viewer to store information and share it with remote computers.

3.Distributed file system[merges dispersed file shares into a single logical name, shared out, and the remote computer is not able to access the share after shutdown?

4.DISTRIBUTED Link Tracking server[applicable to the local area network Distributed Link Tracking Client service]?

5.Human Interface Device access[enable universal Input access to human learning Interface devices (HID)?

6.IMAPI cd-burning COM service[Management CD recording]??

7.Indexing service[provides indexed content and attributes of files on local or remote computers, revealing information]??

8.Kerberos Key Distribution center[Authorization protocol login network]??

9.License logging[Monitor IIS and SQL if you don't install IIS and SQL, stop it.

10.messenger[alert]??

11.NetMeeting Remote Desktop sharing[netmeeting Company left the customer information collection]?

12.Network dde[provides dynamic data exchange for programs running on the same computer or on different computers]??

13.Network DDE dsdm[managing Dynamic Data Exchange (DDE) network sharing]??

14.Print spooler[Printer service, no printer to prohibit it?

15.Remote Desktop help manager[Manage and control Remote Assistance]??

16.Remote registry[enable remote computer users to modify the local registry]??

17.Routing and Remote access[provide routing services on LAN and WAN. Hacker reason routing service spying on registration information]

18.server[supports this computer's file, print, and named pipe sharing over the network]?

19.Special Administration Console helper[allows administrators to use the Emergency Management Services remote access command line prompt]

20.tcp/ipnetbios helper[provides support for NetBIOS and NetBIOS name resolution on network clients on TCP/IP services to enable users to share files, print, and log on to the network]

21.telnet[allow remote users to log on to this computer and run programs]??

22.Terminal services[allows users to connect interactively to remote computers]??

23.Window S Image Acquisition (WIA) [Photography services, applications and digital cameras]??

If you find that the machine has opened some very strange services, such as r_server services, you must immediately stop the service, because it is entirely possible to use the hacker control program server.

　10, the security principle of account password

First disable the Guest account, the system built the Administrator account name renamed (the more complex the better, better to change to Chinese), and to set a password, preferably 8-digit alphanumeric symbol combination.

If you are using another account, it is best not to add it into the administrators, if you join the Administrators group, must also set a safe enough password, ditto if you set the password of the administrator, it is best to set in Safe mode, Because I found that the system has the highest access to the account, not the normal login under the administrator account, because even with this account, the same can be logged into the security mode, the SAM file deletion, so as to change the system administrator password! This is not the case for an administrator who is set up in Safe mode because it is not known that the administrator password is inaccessible to Safe mode. Maximum privilege This is a password policy: Users can set the password according to their own habits, the following is my recommended settings (about password security settings, I have said above, here no longer wordy.)

Open Administrative Tools. Local Security settings. Password policy??

1. Passwords must conform to complex requirements. Enable

2. Minimum password value. I set it to 8?

3. Maximum password age. I am the default setting of 42 days??

4. The minimum password use period 0 days?

5. Enforce password history remember 0 passwords

6. Store password with reversible encryption disable