The technical explanation of Windows system security technology concept

The Windows operating system, while leaving us with many unpleasant memories, has to admit that Windows is still one of the most widely used systems. Faced with such a large and numerous operating systems, it is imperative to protect their security. For the current security technology and concepts on Windows, this article will enumerate some common problems to help users better understand the Windows security mechanism.

　　One, port

Ports are the channels through which computers communicate with the outside world, and they control the transmission of data and instructions like a door. All types of packets are added to the port information at the end of the packet to be identified after the packet is received. We know that many worm viruses use port information to achieve malicious harassment. Therefore, for the original fragile Windows system, it is necessary to put some dangerous but not commonly used ports shut down or blocked to ensure information security.

Similarly, in the face of cyber attacks, ports are critical for hackers. Each service corresponds to the corresponding port, for example, when we browse the Web page, we need the server to provide WWW service, the port is 80,smtp is 25,ftp is 21, if the server in the enterprise is only file services or do intranet exchange, close part of the port may not be. Because after the port is closed, the security of the system can be further ensured.

The method of closing the port is very simple and can be configured in the control Panel → administrative tools → services.

Here is the emphasis on the 139 port, 139 port is the NetBIOS session port, for file and print sharing, the way to close the 139 port is to select the Internet Protocol (TCP/IP) attribute in local Area connection and go to advanced TCP/IP settings. WINS settings, there is a "NetBIOS with TCP/IP disabled", which closes port 139 when selected.

Why do you want to turn off port 139? This involves a 139-port intrusion problem. If the hacker identifies a host with a 139-port vulnerability. Scan with scan tool, then use nbtstat-a IP This command to get the user's situation, and finally complete the illegal access operation

　　Second, Group Policy deployment

Group Policy and the registry are important two consoles in the Windows system. For security deployment in the system, Group Policy is more favored by users in its visual manifestation. We can prohibit the third party from illegally changing the address through Group Policy, or we can prevent others from arbitrarily modifying the firewall configuration parameters, and can improve the share password strength from being cracked.

For example, in a specific network environment, if some users work together to use the same station for network access, security risks will be revealed, if we do not delimit the security of the Internet area, which will cause the workstation authority disorder, resulting in a system crisis. The light causes the system to be paralyzed, the heavy person may suffer the long-distance invasion, loses the precious material. Therefore, in order to protect the local network and the local workstation security, we can try in the public computer system, by setting the method of Group Policy for ordinary users to define a secure Internet area, forced access to the system users can only in the set within the security zone to surf the Internet.

Because Group Policy has intuitive names and functional explanations, it is simple to use and convenient for both administrators and end-users, but its functionality is far from limited and can be used as a security tracking tool. For example, you can use Group Policy to find traces of shared directory access.

This is very important for user monitoring within the LAN. Because in the network, once the illegal users, most of the sharing intrusion and access to share resources, at this point, the query shared directory access information can be traced to the original, find the real killer. After you open Group Policy, in the list area on the left, local computer policy → computer configuration → Windows settings → security settings → local policies → audit policy options, find Audit object access in the Audit policy, select the failed, successful item in the Properties interface, You will be able to access the system security log files to view related event records when problems arise

　　Third, EFS

When it comes to system security, you have to say the EFS concept. EFS (Encrypting File System, encrypting filesystem) is a feature in the Windows system that allows users to encrypt files and data in an NTFS partition so that they can quickly improve data security.

EFS encryption is based on a public key policy. When encrypting a file or folder with EFS, the system first generates a FEK consisting of pseudo-random numbers, which is the file encryption key, and then creates the encrypted file using the FEK and data extension standard x algorithms, and stores the original file.

The system then encrypts the FEK with the public key and stores the encrypted FEK in the same encrypted file. When accessing the encrypted file, the system first decrypts the FEK using the current user's private key, and then decrypts the file using FEK. While there are some breakthroughs that threaten EFS encryption, we still have reason to believe that relying on the security of the system's own technology can do the most rapid protection, even if it is for emergency protection.

Security concepts in Windows systems are fairly extensive, from digital certificates to firewalls, from data encryption to password authentication. The system itself in the security point of the consideration is very comprehensive, for system-level protection, although there will be omissions, but for today's more and more secure means more and more rich, there is absolutely no need to worry too much. This is especially important in enterprise-class workstation protection.