Response to ms08-067 Windows System Emergency Security Configuration Guide

Source: Internet
Author: User
Tags manual versions firewall

This configuration guide is not a comprehensive Windows system Security Configuration Guide, but is a guide for Windows users to avoid the impact of mainstream attacks through simple, cost-less methods. This manual will be revised every time a major vulnerability occurs. The current manual includes an effective countermeasure against the RPC Vulnerability (ms08-067) impact that occurred in October 2008 24.

Latest Vulnerabilities Bulletin

The revisions to this report were made in response to the RPC Vulnerability (ms08-067), which occurred in October 2008 24, as a vulnerability to an attack on a 139, 445-Port RPC service. Direct access to system control.

Based on MS messages this attack cannot penetrate DEP protection, so for genuine users, this vulnerability is not valid for versions of XP SP2 (including SP2) and Server 2003 SP1 (including SP1) systems. Therefore, the main users who are under threat should be the Windows 2000 and Windows XP SP2 previous versions of the user.

However, the above information can only be used for reference because some piracy has been used to reduce security levels or to modify security mechanisms.

Basic disposal recommendations

When major remote vulnerabilities occur, for systems that do not require real-time connectivity, you may consider breaking the network detection security configuration first, and then using the firewall and security strategy to ensure the security of the network patching time to play patches.

Stand-alone firewall configuration

Related introduction:

A stand-alone firewall is an important security link, there are a lot of free and paid firewall brands, mainstream anti-virus products are often brought with the firewall, starting from the Windows XP version of Windows also brought a firewall.

Desktop Users, workstation users

Desktop system refers to browsing, downloading, games, work and other direct user interaction as the main application mode, most of its network operations for users to initiate the external connection, rather than by virtue of local listening port for external users to provide services. Using this feature we can make the following configuration.

Configured to prohibit external initiate connection mode

If the desktop system does not provide shared printing, does not need to be used as a host in LAN games (such as CS, FIFA, etc.), you can block all connections initiated to this host by setting up a connection mode to prohibit publishing. The relevant settings do not affect the operator's browsing, chatting, downloading, online video, common games and other operations.

Effect: This section operates independently of ms08-067 attacks without relying on other patches and configurations.

Advantages: Not only can block the ms08-067 attack, but also can block all the same attacks against the host fixed port.

Disadvantage: If the host provides print sharing, network sharing directory services will be invalidated, in the CS, FIFA and other games can not be used as host. may be in conflict with Rambo Broadband dialer.

Windows Vista, Windows Server2003 Self-firewall support is configured to prohibit externally initiating connection mode.

Users can configure Windows to bring their own firewalls in the following diagram steps.

Step 1: Locate the firewall in the Control Panel.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.