Author: skid Source: CCID community time: 14:07:44
Some basic commands often play a major role in protecting network security. The following commands play a very prominent role.
Detect Network Connections
If you suspect that someone else has installed a Trojan on your computer or is infected with a virus, but you do not have a complete tool in your hand to check whether such a thing has actually happened, you can use the network commands that come with windows to check who is connecting to your computer. The specific command format is: netstat-An. This command can be used to view all the IP addresses that are connected to the local computer. It contains four parts: PROTO and local address), foreign address (the address that establishes a connection with the local device), State (the current port status ). With the detailed information of this command, we can fully monitor the connection on the computer to control the computer.
Disable unknown services
Many friends may find that the computer speed slows down after the system is restarted one day. No matter how slow the optimization is, no problem can be found with anti-virus software, at this time, it is very likely that someone else opens a special service to you by intruding into your computer, such as the IIS information service, so that your anti-virus software cannot be found. But don't worry. You can use "Net start" to check whether any service is enabled in the system. If you find that it is not your own service, we can disable this service in a targeted manner. You can directly enter "Net start" to view the service, and then use "net stop server" to disable the service.
Easily Check Accounts
For a long time, malicious attackers like to use the clone account method to control your computer. The method they use is to activate a default account in the system, but this account is not commonly used, and then use tools to escalate this account to administrator permissions. On the surface, this account is still the same as the original one, however, this cloned account is the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. To avoid this situation, you can use a simple method to detect the account.
First, enter the net user in the command line to view some users on the computer, and then use "Net user + User Name" to view the permissions of this user, generally, administrators are in the Administrators group, but not administrators! If you find that a system-built user belongs to the Administrators group, you are almost certainly intruded, and someone else cloned your account on your computer. Use "Net user username/del" to delete this user!