Author: Black base moderator! Angel
I have been here for so long, and finally got out of the shell. I am working hard, but I am a qualified sailor, the technical version is also the one that cannot be pasted back. (Don't beat me with eggs.) Today, I know it's so hard to write stuff! I heard that many dishes can be written here. Now let's get down to the book. If you're not in a hurry or even too lazy, you have to eat the old book. If you want to write something less than others, you can't remember it for a moment. Please use it first! It is difficult for Bi to write a wrong word. Let's take a look.
The minimum service + minimum permission = maximum security.
First, we need to understand the role of services on our computers. Each Service is bound with a port. For details, refer to the port table and service table. Because that stuff is full of days, too many words are not easy to send here, So ...............
Port table http://hackbase.com/bbs/viewthre... mp; page = 1 # pid358202
Service table http://hackbase.com/bbs/viewthread.php? Tid = 47657
1. Disable common ports to stop services
Disable port 21: Disable FTP Hing Service.
Disable port 23: disable the Telnet service.
Close port 25: Disable the Simple Mail Transport Protocol (SMTP) Service.
Close port 135: Disable Location Service
Close port 139: Network and dial-up connections and local connections-> Internet Protocol (TCP/IP) choose Properties> Advanced TCP/IP Settings> WINS Settings> disable TCP/IP NETBIOS.
Close port 3389: Disable the Terminal Services Service (which is not enabled by default). Because of the popularity of cave N 3389, you may find that your machine provides the Terminal Services Service that day.
1. Do not share C $, D $, or E $.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters
AutoShareServer and REG_DWORD are set to 0.
2. Do not share ADMIN $ by default.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters
Autoscaling wks and REG_DWORD are set to 0.
3. Restrict IPC $ default sharing
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Restrictanonemous and REG_DWORD are set to 1.
2000. server and XP are a little different. If you think the above is too troublesome, you can directly stop the server service. Net stop server can be started at the next startup, this will start from --> program --> management tools --> "disabled" after the service is stopped (if the security protection fire filters out ports 139 and 445, it will not be so much)
There is also system32driversetcservices. There is a well-known port table here. Let's take a look.
It is intended to stop useless ports and services, but it is also a blind stop. Like...
Network connections is used to manage all objects in the Network connection folder. If it is disabled, the Network connection in "Network connection" will be empty, the network configuration cannot be performed either.
The Messenger service is a Messenger service used to transmit net send messages between the server and the workstation. If it is disabled, useful information from the company's network management is also filtered out.
2. Local administrator and guest Account
As we all know, windows 2000 and later operating systems have a guset account, which is a hidden risk for us. If you stop this account, you will use your fingers in the middle to stick to me. A few people do not know how to delete it. Let's just do it! User information of win2000/XP exists in SAM, which is in HKEY_LOCAL_MACHINESAMSAM in the registry. You only need to delete the guest information. However, the user who uses the administrator still does not have this permission. If you do not believe it, you can try it ~~~.
For the 2000 System
1. You need to download the psu.exe tool first (if I cannot find it for you) and save it to the system32 directory.
2. Find the PID value of winlogon and press ctrl + alt + del to find it in the process, which is the last one. The number of bi's employees is 389 (he seems to be changing ).
3. Enter the psu-p regedit.exe-I 389 command at the command prompt.
4. Enter regedit, and the new sam will be able to expand the access. Delete the following two values: HKEY_LOCAL_MACHINESAMSAMdomainsaccountusersamesguset and callback (the above can be an error character. Please try again !)
If not, find the SAM file in the systemconfig directory, right-click the file, and choose Properties> Security Options to grant the same permissions as systrm. Run psu-p regedit.exe-I 389.
For XP, this is much better. For regedit unzip HKEY_LOCAL_MACHINESAMSAM allow, right-click the allow permission and set the administrtaor to the same as the system permission. Delete the above C key values.
Even a cool friend said that gqedit. msc can also delete guest, and I did not find it even after N times. Please give me some advice.
Since the administrator (if it is a blank password, it will die), this idea is renamed (Computer Management-> System Tools-> local users and groups-> users to change the name .), then, delete the administrators group. If you want to delete the same method as the administrator (XP test passed ).
3. Computer group name and functions.
1. The administrator has unrestricted full access to the computer/domain.
2. Backup Operators can replace security restrictions in order to back up or restore files
3. Members in the Guests group have the same access permissions, but the Guest account has more restrictions.
4. Members in the Network Configuration Operators Group have some management permissions to manage the Configuration of Network functions.
5. Applications verified by the Power Users line can also run older applications
6. Remote Desktop Users members in this group are granted the permission to log on remotely.
7. Replicator supports file replication in the domain
8. Users proven files, but cannot run most old applications
9. HelpServicesGroup Help and Support Center Group
To use the shared folder, you must be an Administrators member or a member of the Power Users Group.
Members of the Backup Operators group can back up and restore files on the computer, regardless of the permissions to protect these files. They can also log on to and shut down computers, but cannot change Security Settings
Users in the Users group or Power Users Group are used. When you Log On As A Users member, you can perform routine tasks, including running programs and accessing Internet sites. As a member of the Power Users group, you can perform routine tasks, install programs, add printers, and use most of the projects in the control panel.
We often look at what users are added to your group ----- net localgroup "group name ".
I often look at what is in it. I heard that the Group can also be deleted, but I have not tried it yet. In addition, it is better to enable automatic update to make it easier for us. You can also set access permissions for security records, enable account policies, enable password and password policies, and enable audit policies to protect your computer. Let's take a look at the startup items in msconfig and regedit, win. ini, autoexec. bat ............ Maybe a trojan is secretly hidden!
In addition, what types of groups can be set in "user permission assignment" and what kind of operations can be performed. In the administrative tool "manage local Security Settings", "Allow Local Policies", "allow user permissions", which refer to "benefits: "remote access to the computer", you can delete all other groups, and keep only the administrators, "Force Shutdown remotely" and other settings here. This will be a comprehensive introduction. I won't talk about it here.
This is the debut of Biren. If something is wrong, please kindly advise me. I wish to study with the heroes. Now, let's get there! I'm calling. I have to go to work tomorrow. ^ Q ^
By the way, remember to set IP rules according to your own needs. The default is not necessarily safe. It is not necessarily suitable for you. Anti-virus software also needs to be installed ......