Protect system security with local security policy _windowsxp

Source: Internet
Author: User
The local security policy with Windows XP systems is a good system security management tool that can make our system more secure.

First, let's say how to start the local security policy. When you click Control Panel Administrative Tools Local Security policy, you enter the main interface of the local security policy. Here you can set various security policies by using the commands on the menu bar, and you can choose how to view, export lists, and import policies.

Let's explore the magical uses of the local security strategy.

   prohibit enumeration of accounts   

We know that some worm viruses with hacker behavior can scan the Windows 2000/XP system's specified port and then guess the administrator system password through a shared session. Therefore, we need to guard against such intrusions by setting the Prohibit enumeration account in the local security policy, as follows:
  


  

In the security settings tree of the list on the left side of local security policy, expand Local Policy security options, level by layer. View the list of related policies on the right, where you find network access: Do not allow anonymous enumeration of SAM accounts and shares (Figure 1), right-click, select Properties in the pop-up menu, and then pop up a dialog box that activates the enabled option, and finally clicks the Apply button to make the setting effective.

   Account Management  

To prevent intruders from exploiting vulnerabilities to log on to the machine, we will set up renaming the Administrator account name and disabling the Guest account here. Set the method to: in the local Policy Security Options branch, locate the account: Guest account status policy, click Properties in the right-click pop-up menu, and then set its status to deactivated in the pop-up Properties dialog box, and then "OK" to exit.

Next, we look at the "Account: Rename administrator Account" policy, bringing up its properties dialog box, where you can customize the account name in the text box (Figure 2).


   Assigning local user rights  

If you are a system administrator, you can assign specific rights to a group account or to a single user account. In security settings, locate in local policy, user rights assignment, and then in the settings view to the right of it, you can make security settings for each of the policies under it (Figure 3).
   For example, if you want to allow a user to take ownership of any available object in the system: including registry keys, processes and threads, and NTFS file and folder objects (the default setting for this policy is administrator only). You should first find the "Take ownership of files or other objects" policy in the list, right-click, select Properties from the pop-up menu, click the "Add User or Group" button, enter the object name in the pop-up dialog box, and confirm the operation.

   Utilize IP policy   

We know that no matter what kind of hacker program, mostly through the port as a channel.

Therefore, we need to turn off the ports that may become intrusion channels. You can search the Internet for information about dangerous ports in order to have a ready fight. Let's use the 23 port that Telnet uses as an example to explain (the author's operating system is Windows XP).

First click Run to enter "MMC" in the box and return to the console window. We then select File Add/Remove Snap-in, click ' Add ' in the Standalone tab bar, IP Security Policy Management, and then follow the prompts to complete the operation. At this point, we have added "IP Security policy, Local computer" (hereinafter referred to as "IP Security Policy") to the Console root node (Figure 4). You can now double-click IP Security Policy to create a new administrative rule. Right-click IP Security Policy and choose Create IP Security Policy from the shortcut menu that pops up. Open the IP Security Policy Wizard and click Next to the name defaults to ' New IP Security Policy ' and ' next ' ' Do not have to choose ' Activate the default response rule ', note: Click ' Next ' to confirm this time ' Edit the property is selected, then select Finish, the new IP Security Policy Properties window appears (Figure 5), select "Add", and then click "Next" without selecting the "Use Add Wizard" option.


At the source address of the addressing bar, select "Any IP address", and the destination address selects "My IP Address" (No mirroring is selected). In the Protocol tab bar, note that the type should be TCP and set the IP protocol port from any port to this port 23, and then click OK. A new IP filter appears in the IP filter list, selects it, switches to the Filter Actions tab bar, and clicks Add to default to ' new filter action ' to ' add ' to block ' finish '.

The new policy needs to be activated to work by right-clicking on the new IP security policy and selecting "Assign" the policy just developed.

Now, when we telnet from another computer to the fortified one, the system will report a login failure; scan the machine with the scan tool and discover that 23 ports are still serving. In the same way, you can kill any other suspicious port, let the uninvited guests shout "bad" go.

   Tighten password security  

In security settings, first set in the "Account Policy" "Password Policy", in its right setting view, you can set the appropriate settings, so that our system password is relatively safe and difficult to crack. An important way to prevent cracking is to update the password regularly, you can make the following settings: The right mouse click Password Maximum age, in the pop-up menu, select Properties, in the pop-up dialog box, you can customize a password settings can be used after the length of time (limited to 1 to 999).

In addition, with local security settings, you can also track user accounts for accessing files or other objects, logon attempts, system shutdown or restart, and similar events by setting Audit object access. Such security settings, and so on. In practical applications, we will gradually find that "local security settings" is indeed an indispensable system security tool.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.