Windows Operating System Security Settings

I. System and disk format Selection

1. Do not use Windows XP with ghostversion

When selecting the operating system, it is best not to select the Windows XP system of ghostversion, because users using this system version will automatically enable the remote terminal service by default, there will also be a new account in the form of a weak password, the two are easily exploited by hackers, resulting in the last computer intrusion by someone with ulterior motives. Of course, it does not matter if only the Windows XP system of ghostversion is installed, but note that after the system is installed, click "start"> "run" in sequence, in the open "run" dialog box, enter services. run the MSC command and press enter to start the "service" List dialog box. Find the Terminal Services Service item and change its attribute to disabled option.

2. NTFS format is used for Disks

The NTFS partition format is generated with the Windows NT operating system, and as the Windows NT4 enters the ranks of the main partition format, it has the advantage of excellent security and stability, it is not easy to generate file fragments during use. NTFS partitions impose very strict restrictions on user permissions. Each user can only perform operations according to the permissions granted by the system, any unauthorized operation will be forbidden by the system. At the same time, it also provides a fault-tolerant structure log, which can record all user operations, thus protecting the system's security. NTFS file system also has other advantages, such as: For hard disks larger than 4 GB, using NTFS partition can reduce the number of disk fragments and greatly improve the utilization of hard disks. NTFS supports up to 64 GB of file size, which is much larger than 4 GB of FAT32, and supports long file names.

3. collect evidence to arrest hackers

As we all know, Audit Logon is a security function in the local policy, so we need to use Audit logon to prevent illegal intrusion by hackers. First, you should start the Local Security Policy. The specific operations are as follows: click "start"> "run". In the "run" dialog box that appears, enter the "control admintools" command and press Enter, on the displayed "Administrative Tools" Page, double-click the "local policy" tab. The "Local Security Settings" dialog box is displayed. Expand the local policy option on the left, click the Audit Policy tab, and then double-click the Audit Logon event option on the right, after selecting "successful" and "failed" in "Review of these operations", the "review account management" and "review account logon events" will be performed in the same way ", after "Audit Directory Service Access" is set up, the system will record the remote intruder information to the log, so that we can "catch hackers. In the "run" dialog box, enter eventvwr. MSC to open the "Event Viewer.

Ii. system permission settings

1. Set disk Permissions

To set disk permissions, make sure that your system is a Win2k or later operating system, except for Windows XP family Edition users, and that all disk drives are in the NTFS file format, both are indispensable. Then you can right-click the drive letter you want to set, select the "attribute" option, add adminitrator and system, and then select the Everyone user to delete it, click "advanced" to check "Reset permissions for all sub-objects and allow propagation to inherit Permissions.

2. permission settings for some files

If you want to set the permissions of a single file, you can set the permissions of the file by running the cacls command in the command line. It is not ruled out that many people are unfamiliar with the use of the cacls command. You can enter the cacls /? Command to display the detailed usage of the command in the area under its CMD command line. Take the 123.txt file as an example. Enter the cacls 123.txt/e/g administrator: F command in the command line and press enter to process the file. After the cursor starts another line, enter type 23.txt to test the situation, and a message indicating Access Denied appears. In addition, moving the file to the root directory of the system disk can also prevent trojans from loading it to a certain extent.

3. permission settings for registry startup items

To prevent malicious attacksProgramModify some important settings in the startup items of the Registry. You can set relevant permissions to avoid such malicious situations. In the "run" dialog box, enter the regedt32 command and press Enter. In the "Registry" dialog box that appears, expand the master component on the left to hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun, right-click the key and select "permission. Click "advanced" to remove the permission items that can be applied to sub-objects from the parent project, including those explicitly defined here (I, click OK to delete users other than the Administrator and system accounts. After the operation is complete, select "inherit permission projects that can be applied to sub-objects from the parent item, including those explicitly defined here (I.

3. Security Operations of system services

To view the service list, click Start> run on the desktop. In the displayed dialog box, enter services. run the MSC command and press enter to open the "System Service list" dialog box.

All installed program services in the current system are listed on the right of the service list. If you do not know much about a service, double-click the service column, in the pop-up "properties" dialog box, you can see the description of the service. Of course, sometimes you may encounter a situation where the description is left blank, or the description and name are "irrelevant", then they are likely to be the services loaded to the system by Trojans, I suggest you close such a suspicious service immediately to avoid unnecessary troubles.

1. Disable the alter/messeng messenger service.

Based on the alter/messeng messenger service, although administrators can send messages to other users on the network, the emergence of QQ and msn.pdf software is sufficient to replace all functions of its services, moreover, the two chat software are more powerful in communication than service-based messaging. In addition, malicious users can use this service to send spam information to users on the network, which can affect users' normal internet access. Therefore, you 'd better double-click the messeng Messenger Service in the list service dialog box. In the displayed Properties dialog box, set the start type of the messenger service to disabled, you can close the service.

2. Disable the ClipBook Service

The Clipbook service enables administrators to easily view the content in the local clipboard. However, this service is also used by hackers to conveniently view the clipboard. If you want to copy the password to the clipboard and paste it to the relevant location, you can imagine the consequences of being used.

Therefore, in the service "list" dialog box, locate and double-click the ClipBook Service name. In the displayed "Related Properties" dialog box, select Disabled as the startup Item List, you can close the service.

3. Disable the remote registry service.

Although the Remote Registry Service can allow administrators to remotely manipulate the registries of other computers, it poses potential security risks. For example, if the other party obtains the account and password of our local computer and the IPC $ null Connection Service is started, then hackers can load a self-starting malicious program in the startup Item Based on this service, it can be imagined that your computer will be able to listen to him in the future. Therefore, the remote registry service must also disable it. The operation method is the same as above.

4. Disable the Task Scheduler Service.

Generally, after a remote attacker connects to the victim host through the IPC $ NULL command, the remote control Trojan is uploaded to the victim host to facilitate subsequent remote control, then, use the AT command to activate the uploaded Trojan and make it take effect. The at command is run based on the task sched program service. To prevent hackers from activating trojans on their hosts, disable the Task Scheduler Service, in this way, even if your machine is uploaded by hackers, it will not be able to activate and run its Trojan.

5. Disable the Terminal Services Service.

The Terminal Services Service, which is often called a remote terminal, allows multiple users to connect to and control a machine and display desktops and applications on a remote computer, allows you to view and manipulate videos intuitively. If a hacker uses the Terminal Services Service to log on to the host, the consequences are self-evident. Therefore, to prevent services from happening. In the service list, open the "Terminal Services Service" attribute dialog box, change its Startup type to "disabled", and click "OK" to bring it into effect. Right-click the "my computer" icon and select the "properties" option. In the "System Properties" dialog box that appears, click the "remote" tab on the top, remove the check box "Allow Remote Assistance from this computer.

4. Make good use of the security center provided by Windows XP to effectively prevent external attacks

Although Microsoft has many vulnerabilities, the security center of Windows XP is a "comfort" for the majority of users to defend against attacks ". The security center not only provides users with firewall functions, but also provides defense measures for virus protection software and automatically updating system vulnerabilities. If you want to enter the security center, you can open the "Security Center" dialog box by clicking the "Start> Control Panel> Security Center" option on the desktop.

To prevent other website pop-up windows, click the "Internet Options" tab below. In the "Internet properties" dialog box that appears, click the "privacy" tab on the top, in this case, you will find that the "window blocking" program bar is displayed, and then click the "Settings" button in the column. In the "blocking program setting" dialog box that appears, enter the website address you want to allow in the text box, so that you can only accept some of your own settings of the formal website pop-up window.

In addition, the security center provides the firewall function. You only need to click the "Windows Firewall" tab under it to bring up the "Windows Firewall" dialog box, select the "enable" option and click "OK" to enable the built-in firewall to defend against external attacks. In addition, if you do not want to go to the Microsoft website to download the patch, you can click the "Auto Update" tab below and set the Update Time in the "Auto Update" dialog box that appears, the system automatically updates the system to download the security patch at the specified time.