Security threat analysis and prevention methods for broadband account (1)

Broadband users should improve the awareness of network security, and take measures such as strengthening system, restricting open ports, shutting down sharing and so on, so as to prevent hackers from hacking into computers, reducing or avoiding the economic loss caused by embezzlement of accounts. 1. The development of broadband has brought the convenience of information communication to people, but it has also produced some problems. Nearly a period of time, many Chinese telecom ADSL broadband users without knowledge, without the protection of the situation, the account was stolen after the QQ currency value, play Shanda online games and other consumption of things happen. The author is ADSL broadband subscribers, in May 2005, the net fee alone more than 100 yuan "interconnected star" costs. After a lot of inquiries found that 100 yuan from the interconnected stars of the United many SP (service provider services provider) One of "Tencent Technology Co., Ltd.", mainly for QQ account recharge consumption. With the consumption of QQ chat, learned that he is through the "Internet stars a Little pass" into ADSL account for consumption. "Internet Star" is a telecommunications broadband account users launched a landing function. Broadband account users use their own broadband account access to the Internet Star Service site, no need to enter the account name and password, just click on the "Internet stars a Little Pass" button, you can safely log in, and directly using the Internet Star Partners to provide related products and services. Since it is a safe login, how can there be account loss of the matter? 2. Analysis of the reasons for the cost overruns of broadband account at present, the telecommunications department in order to prevent users of broadband account theft, has been a lot of technical precautions, such as the broadband account and dial-up phone number bundled together, and even the broadband account and network card MAC address bundled together, The account can only be used on a fixed computer or telephone line, other places can not use the binding account to surf the Internet. Many users, especially those who are not very professional in computer network security, think this is already safe, the account will not be easy to steal, but the fact is not so, if you do not have a good sense of network security, not your own computer to make the necessary security precautions, computer hackers can easily invade your computer, Remote misappropriation of ADSL accounts, and even steal important information from your computer. Computer hackers can invade users ' computers with open ports and weak passwords or even empty password vulnerabilities. Hackers can access the other side of the network segment (or direct access to IP), using scanning tools (such as: Superscan, X-scan, etc.) scan the user's computer port and obtain IP, Then run the Client Connection tool (for example: Glacier 2.2) intrusion into the user's computer, as long as your network is through the broadband account has been dialed, they can use the internet star of the "Internet Star" function directly to the remote consumption. Family children and friends through your home dialing ADSL account, can also use the "Internet stars a Little pass" function into the Internet sky to order a variety of services. Because the interconnected sky is every bit wideWith the user to provide at least 100 yuan can advance the consumption of "credit limit", these hackers or the children of the family can be unscrupulous in the network in advance consumption, often many users only in the payment will find themselves to pay for others. The internet is a little pass "is for the telecommunications broadband account users launched a landing function. Broadband account users use their own broadband account access to the Internet Star Service site, no need to enter the account name and password, just click on the "Internet stars a Little Pass" button, you can safely log in, and directly using the Internet Star Partners to provide related products and services. Since it is a safe login, how can there be account loss of the matter? 3, Broadband account security measures for the above situation, the author puts forward the following precautions: ⑴ cancellation of the Internet star Account or cancellation of credit line broadband users if not intended to use the Internet sky, should be as soon as possible to the telecom business office to apply for the sale or landing on the internet star www.chinavnet.com, in the " My Star "-My Account"-"I Want to sell" section application for cancellation. If the account is stolen by someone else, immediately modify their ADSL account password, and in the "Internet star" of "My Star" in time to cancel all the ordering services. ⑵ enhanced system to prevent hacker intrusion hardening system: Update operating systems or patches to fix system vulnerabilities, reduce the number of computer administrators, set security options--do not display the last user name, do not open unsolicited email and software programs, do not return to a stranger's mail; Firewall and anti-virus software, and maintain regular updates, the timely killing of computer viruses and Trojans, to prevent hackers to invade computers. In general, the use of powerful anti-black software and software firewalls to ensure that our system security. Enhanced Password: Correctly set the Administrator password (System power-on password) and adsl internet password; numbers are mixed with letters, and contain several types of characters, such as uppercase letters, lower-case letters, numbers, punctuation marks (@,#,! ,$,%,& ... ; The password should be no less than 8 characters; Disable the ability of ADSL dialing software to remember passwords, that is, do not check the "Remember Password" item. ⑶ limit open ports, prevent illegal intrusion by restricting ports to prevent illegal intrusion, close the corresponding open ports, such as Port 3389. Simply put, the main way of illegal invasion can be roughly divided into 2 kinds. (1) Scan the port and penetrate the host through known system bugs. (2) Planting Trojans, using Trojans to open the back door into the mainframe. If we can limit the two kinds of illegal intrusion, it can effectively prevent the use of hacker tools of illegal intrusion. And the two kinds of illegal intrusion methods have one thing in common, is through the port into the host. To keep these dangerous ports from being hacked, you can restrict all ports for individual users because you don't have to provide any service to your machine, and for servers that provide network services, we need to use ports(such as WWW port 80, FTP port 21, mail Service port 25, 110, etc.) open, all other ports are closed. The 139 port is the NetBIOS session port for file and print sharing, and it is worth noting that the UNIX machine running Samba is also open with 139 ports, the same functionality. This port is one of the ports that hackers prefer to use. Turning off the 139-port method is to select the Internet Protocol (TCP/IP) attribute in the local area Connection in the Network and Dial-up Connections window, and enter the Advanced TCP/IP Settings option WINS settings with a "Disable TCP/IP NetBIOS". A tick closes 139 ports. For individual users, it can be set to "disabled" in each service property setting to prevent the service from restarting and the port opening on the next reboot. 3389 Port, the network administrator can remotely install Windows Server or Windows XP Computer Management and maintenance, hackers or illegal attackers can easily get the server's Super Administrator account. The way to shut down in Windows XP is by right-clicking on my Computer--> remote and removing the hook from the Remote Assistance and Remote Desktop two options box. The method of shutting down in Win2000 server is to start the--> program--> the Administrative Tools--> service to locate the Terminal Services service entry, select the property option to change the startup type to Manual, and stop the service. (The method is also applicable in XP) 4899 port is actually a remote control software opened the server port, because these control software powerful, so often hackers used to control their own chickens, and this kind of software generally will not be anti-virus software killing, than the back door is also safe. 4899 is not the system's own services, the need to install themselves, and the need to upload the server to the intrusion of the computer and run services to achieve control purposes. So as long as your computer has a basic security configuration, it's hard for hackers to control you through 4899来. For users with Windows 2000 or Windows XP, you do not need to install any other software, you can use the TCP/IP filtering feature to restrict the server's ports. The specific settings (closed method) are as follows: Click "Start → control Panel → network connection → local connection → right → properties", then select Internet (TCP/IP) → "properties". In the Internet (TCP/IP) Properties dialog box, select the Advanced tab. In the Advanced TCP/IP Settings dialog box, select options → TCP/IP filtering → properties. Here are 3 items, respectively, TCP, UDP, IP protocol. Suppose my system only wants to open 21, 80, 25, 110 These 4 ports, just check "Allow" on "TCP port" and click "Add" in order to add these ports to the inside, then OK. Note: The system prompts you to reboot after the modification so that the settings will not take effect. This way, the system will only open the ports that you have selected and the other ports will not open. ⑷ Turn off default sharing, prohibit null connection the current home computer uses most of the operating system for win XP and Win2000 Pro, the two systems provide default sharing (ipc$,c$,d$,admin$, etc.) is the hacker's favorite intrusion path, broadband users can run cmd input net Share to view sharing on this computer, and if you see an unusual share, you should close it. But sometimes when you turn off the shares and then appear again the next time you boot up, you should consider whether your machine has been controlled by hackers or infected with the virus. Turn off default sharing you can use the net share default share name/delete command (such as net share C $/delete), but this method turns on sharing after the next boot up, so if the broadband user does not use shared services on the local area network, simply place the "Network File and Printer Sharing" is uninstalled, and the default share can be completely shut down. The way to prevent an empty connection is to run Regedit first and locate the following primary key in the registry [Hkey_local_machine\\system\\currentcontrolset\\control\\lsa] Change the key value of RestrictAnonymous (DWORD) from 0 to 1. ⑸ use intrusion detection means, in time to prevent intrusion the most common Trojan is based on the UDP protocol for client-side and server-side communication, since the use of these two protocols, it is inevitable to be on the server side (is a Trojan machine) open listening port to wait for the connection. We can use the view of the local open port to check whether we have been planted Trojan or other hacker programs. We use the netstat command with Windows itself (detailed method can use netstat/? Command query) and the command-line tools FPort under Windows2000, you can more effectively see the port that the computer is open to and some suspicious programs that run through the open port. Closing these ports in a timely manner and removing these suspicious procedures can be more effective in ensuring the security of the computer system. 1 2 Next >> view full-text navigation page 1th: Issues and Precautions page 2nd: The conclusion of the original: the security threat analysis of broadband account and prevention methods (1) Return to the network security home