Secure configuration of your Windows XP operating system

Windows XP is respected for its stability, strong personal and network capabilities, and its "NT Kernel" allows us to enhance security protection.

1. General Safety Protection

The so-called "conventional security protection" is the same as the WINDOWS98 installation of anti-virus software, upgrade the system, prohibit ping three forms of security. To emphasize is that Windows XP and its predecessor Windows2000, the loopholes are endless, to upgrade the system can not be as sloppy as the Windows98, in addition to installing Microsoft for the "Shock wave" patch of vulnerability, it is recommended that Windows XP Upgrade to the latest SERVICEPACK1 (the upgrade will increase resource occupancy, but increase security and stability).

2. Prohibit Remote Assistance, shielding unused ports

On Windows XP, there is a feature called Remote Assistance, which allows users to send Remote Assistance invitations to friends on MSN to help them with their queries when they have difficulty using their computers.

This "Remote Assistance" feature is the manifestation of the RPC (Remoteprocedurecall) service that the "shockwave" virus is trying to attack on Windows XP. It is recommended that you do not use this feature, and you should also install the RPC Vulnerability tool and the "Shockwave" immune program that Microsoft provides. The main point to prevent Remote Assistance is to open the System Properties dialog box (right "My Computer", "Properties") and remove "√" from "Allow Remote Assistance invitations from this computer" in the "remote" key.

Use the system's own "TCP/IP Filtering service" to qualify ports. The essentials are as follows: Right-click on Network Connections, select Properties, open the Network Connection Properties dialog box, select Internet Protocol (TCP/IP) in the general item, and then click the Properties button below, in Internet Protocol (TCP/IP) properties window, click the [Advanced] button below, in the Advanced TCP/IP configuration window that pops up, select the options item, click the Properties button below, and finally eject the TCP/IP filter window and add TCP, UDP, IP, respectively, through the "Allow only" radio box in the window. such as network protocol allows the port, does not provide a variety of services, you can screen out all the ports. This is the best form of safety precaution.

3. Prohibit Terminal Services remote control "Terminal Services" is a service form that is left behind by Windows XP on the Windows2000 system (Windows2000 server hosting that uses this service to implement remote servers). The user uses the terminal to realize the remote control. There is a certain difference between Terminal Services and Remote Assistance. Although all of the implementation of remote control, Terminal Services more attention to the user's login management rights, its each connection requires the current system of a specific login ID, and mutual isolation, "Terminal Services" independent of the current computer user's invitation, can be independent, Be free to log on to the remote computer.

Under Windows XP, Terminal Services is turned on by default, (Windows2000 systems need to install the appropriate components to enable and use Terminal Services) that is, if someone knows a user's login ID on your computer and you know the IP of the computer, It can take full control of your computer.

The essentials of closing Terminal Services in a Windows XP system are: Right-click "My Computer", "Properties", select "Remote", and remove "√" before "allow users to connect remotely to this computer".

4. Turn Messenger Service off

The Messenger service is a communication component of Microsoft's Integrated Windows XP system, which is also opened by default. Use it to send information, as long as you know the other side of the IP, and then input text, the other side of the desktop will pop up the corresponding text information window, and in the case of the Messenger service is not shut down forcibly accepted.

Many users do not know how to close it, and suffer from information harassment. In fact, the essentials are very basic, go to the "Control Panel", select "Administrative Tools", start the inside of the "service" item, and then click on the Messenger Item right button, select "Stop" can be.

5. Prevent IPC default sharing

After the default installation, Windows XP allows any user to get all of the system accounts and shared lists through an empty user connection (ipc$), which is intended to facilitate the sharing of resources and files by users of the LAN, but any remote user can use this empty connection to get a list of your users. Hackers use this feature to find the system's user list and use some dictionary tools to perform attacks on the system. This is the more popular IPC attack on the Internet.

To protect against IPC attacks, you should start with the default configuration of the system by modifying the registry to remedy the vulnerability:

The first step: Configure the Hkey_local_machinesystemcurrentcontrolsetcontrollsa RestrictAnonymous item to "1" to prevent null user connections.

Step Two: Open the Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters entry for the registry.

For the server, add the key value "AutoShareServer", the type is "REG_DWORD", and the value is "0".

To the client, add the key value "AutoShareWks", the type is "REG_DWORD", and the value is "0".

6. Rational management of the administrator

WINDOWS2000/XP system, the system will be installed by default to create an administrator user, it has the highest administrative rights of the computer. And some users at the time of installation, not to the administrator user Configuration password. Hackers use this to use advanced users to log on to each other's computers. Therefore, individual users should properly keep the "administrator" user information, Windows2000 log in, the request to enter the administrator user's login password, and Windows XP after normal startup, is not see the administrator user's , it is recommended to use Windows XP users to enter Safe mode, and then in the "user account" in the "Control Panel" to add a password for the administrator user, or delete it, so as not to leave hidden dangers.