At present, more and more users are using ADSL. Because ADSL users are online for a long time and fast speed, they have become targets of hackers. Now there are various increasingly detailed "IP address libraries" on the Internet. It is very easy to know that the IP of some ADSL users. How to protect your network security? Let's take a look at the following methods.
1. Cancel the folder hidden sharing
If you use Windows 2000/XP system, right-click on the C drive or other disk and select "Share", you will be surprised to find that it has been set to "Share this folder", but you can't see these contents in "Online Neighbors". What's going on?
It turns out that by default, Windows 2000/XP will enable hidden sharing of all partitions. Select "System Tools/Share Folder/Share" from the "Control Panel/Administrative Tools/Computer Management" window to see that each partition name on the hard disk is added with a "$" after it. However, as long as you type "\\Computer Name or IP\C$", the system will ask for the user name and password. Unfortunately, the password of most individual users' system Administrator is empty, and the intruder can easily see the content of the C drive, which poses great hidden dangers to network security.
How to eliminate default sharing? The method is very simple. Open the registry editor, go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Sevices\Lanmanworkstation\parameters", create a new double-byte value called "AutoShareWKs", set its value to "0", and then restart the computer, so the sharing will be cancelled.
2. Reject malicious code
Malicious web pages have become one of the biggest threats to broadband. I used Modem before, because the speed of opening web pages was slow, closing malicious web pages before opening them completely could avoid being hit. Broadband is so fast now that it is easy to be attacked by malicious web pages.
Generally, malicious web pages are destructive because they are added with malicious code written. These malicious codes are equivalent to some applets, and they will be run as long as the web page is opened. Therefore, to avoid malicious web page attacks, just prohibit the operation of these malicious codes.
Run IE browser, click "Tools/Internet Options/Security/Customization Level", define the security level as "Security-High", set items 2 and 3 of "ActiveX Controls and Plugins" to "Disable", set other items to "Tip", and then click "OK". After this setting, when you use IE to browse the web page, you can effectively avoid the attacks of malicious code in malicious web pages.
3. Block the "backdoor" of hackers
As the saying goes, "no wind can cause waves." Since hackers can enter, it means that the system must have a "back door" opened for them. As long as the back door is blocked and the hackers have nowhere to start, there will be no worries!
1. Delete unnecessary agreements
For servers and hosts, it is generally enough to install the TCP/IP protocol only. Right-click "Network Neighbor", select "Properties", and then right-click "Local Connection", select "Properties", and uninstall unnecessary protocols. Among them, NETBIOS is the root of many security flaws. For hosts that do not need to provide file and print sharing, NETBIOS bound to the TCP/IP protocol can also be turned off to avoid attacks against NETBIOS. Select "TCP/IP Protocol/Properties/Advanced", enter the "Advanced TCP/IP Settings" dialog box, select the "WINS" tab, check the "Disable NETBIOS on TCP/IP" item, and close NETBIOS.
2. Turn off "File and Print Sharing"
File and print sharing should be a very useful feature, but it is also a good security vulnerability for hackers when it is not needed. So without the need for "file and print sharing", we can turn it off. Right-click "Network Neighbors", select "Properties", and then click the "File and Print Sharing" button to remove the hooks from the two check boxes in the pop-up "File and Print Sharing" dialog box.
Although "File and Print Sharing" is closed, it cannot ensure security. You must also modify the registry to prohibit others from changing "File and Print Sharing". Open the registry editor, select the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NetWork" primary key, and create a new DWORD type key value under this primary key. The key value is named "NoFileSharingControl". Setting the key value to "1" means prohibiting this function, thereby achieving the purpose of prohibiting changes to "File and Print Sharing"; the key value is "0" means allowing this function. In this way, "File and Print Sharing" will no longer exist in the "Properties" dialog box of "Network Neighbors".
3. Disable Guest account
Many intrusions are used to further obtain administrator passwords or permissions through this account. If you don’t want to use your computer as a toy, it’s better to forbid. Open the Control Panel, double-click Users and Passwords, click the Advanced tab, and then click the Advanced button to pop up the Local Users and Groups window. Right-click on the Guest account, select Properties, and select "Account has been disabled" in the "General" page. In addition, rename the Administrator account to prevent hackers from knowing their administrator account, which will greatly ensure computer security.
4. Prohibit empty connection establishment
By default, any user can connect to the server through an empty connection, enumerate the account and guess the password. Therefore, we must prohibit the establishment of empty connections. There are two methods:
The first method is to modify the registry: open the registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA" and change the key value of the DWORD value "RestrictAnonymous" to "1".
Finally, I suggest that you patch your system. Microsoft's endless patches are still very useful!
4. Hide IP address
Hackers often use some network detection technologies to view our host information, and their main purpose is to obtain the IP address of the host in the network. IP address is a very important concept in network security. If an attacker knows your IP address, it is equivalent to preparing the target for his attack. He can launch various attacks on this IP, such as DoS (denial of service) attacks, Floop overflow attacks, etc. The main way to hide an IP address is to use a proxy server.
Compared with direct connection to the Internet, using a proxy server can protect the IP address of the Internet users, thereby ensuring Internet security. The principle of a proxy server is to set up a "transfer station" between the client (the computer on which the user is surfing the Internet) and the remote server (such as the user wants to access the remote WWW server). When the client requests the service request to the remote server, the proxy server first intercepts the user's request, and then the proxy server forwards the service request to the remote server, thereby realizing the connection between the client and the remote server. Obviously, after using the proxy server, other users can only detect the IP address of the proxy server instead of the user's IP address, which achieves the purpose of hiding the user's IP address and ensuring the user's Internet security. There are many websites that provide free proxy servers, and you can also use proxy hunters and other tools to find them yourself.
5. Close unnecessary ports
Hackers often scan your computer's ports during intrusions. If a port monitoring program (such as Netwatch) is installed, the monitoring program will have a warning. If you encounter this kind of intrusion, you can use tool software to close unused ports. For example, use "Norton Internet Security" to close ports 80 and 443 used to provide web services, and some other less commonly used ports can also be closed.
6. Change the administrator account
The Administrator account has the highest system permissions, and once the account is exploited, the consequences will be unimaginable. One of the common methods of hacking is to try to get the password of the Administrator account, so we need to reconfigure the Administrator account.
First, set a powerful and complex password for the Administrator account, then we rename the Administrator account, and then create an Administrator account without administrator privileges to deceive the intruder. In this way, it will be difficult for the intruder to figure out which account really has administrator rights, which reduces the risk to a certain extent.
7. Eliminate Guest account intrusion
A Guest account is called a guest account, which can access the computer but is restricted. Unfortunately, Guest also opened a convenient door for hackers! There are many articles online that introduce how to use Guest users to obtain administrator privileges, so we must prevent system intrusions based on Guest accounts.
Disable or completely delete a Guest account is the best way, but in some cases where you have to use a Guest account, you need to use other ways to defend yourself. First, you need to set a strong password for Guest, and then set the access permissions of the Guest account to the physical path in detail. For example, if you want to prevent Guest users from accessing the tool folder, you can right-click the folder and select the "Safety" tab in the pop-up menu to see all users who can access this folder. Just delete all users except the administrator. Or set permissions for the corresponding users in the permissions, for example, you can only "list folder directories" and "read", etc., which is much safer.
8. Install necessary security software
We should also install and use necessary anti-black software in our computers, anti-virus software and firewalls are essential. Turn them on while surfing the Internet so that even if hackers attack our security, it is guaranteed.
9. Prevent * Procedure
* programs will steal useful information embedded in the computer. Therefore, we must also prevent hackers from implanting * programs. Common methods are:
● When downloading files, first put them in your newly created folder, and then use antivirus software to detect them to play a role in preventing them in advance.
● Check whether there are unknown running projects in the "Start" → "Program" → "Startup" options. If so, just delete them.
● Delete all suspicious programs prefixed with "Run" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in the registry.
10. Don't reply to strangers' emails
Some hackers may impersonate the name of some formal websites and then write a high-sounding reason to send a letter asking you to enter the user name and password of the Internet. If you press "OK", your account and password will enter the hacker's email. So don't reply to strangers' emails casually, even if they say them beautifully or temptingly, they won't be fooled.
Make IE security settings
ActiveX controls and Applets have strong functions, but they also have hidden dangers of being exploited. Malicious code in web pages is often a mini program written using these controls. As long as the web page is opened, it will be run. Therefore, to avoid attacks on malicious web pages, you can only prohibit the operation of these malicious codes. IE provides a variety of options for this. The specific setting steps are: "Tools" → "Internet Options" → "Security" → "Customization Level". It is recommended that you disable ActiveX controls and related options. There is nothing wrong with being cautious!
In addition, in the security settings of IE, we can only set the Internet, local intranet, trusted sites, and restricted sites. However, Microsoft has hidden the security settings of "My Computer" here. By modifying the registry to turn on this option, we can have more choices when dealing with ActiveX controls and Applets, and have a greater impact on local computer security.
The following is the specific method: Open "Run" in the "Start" menu, enter in the pop-up "Run" dialog box, open the registry editor, click the "+" sign in the previous order to expand to: HKEY_CURRE-NT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0, find the DWORD value "Flags" in the right window, the default key value is 21 hexadecimal (decimal 33), double-click "Flags", change its key value to "1" in the pop-up dialog box, and close the registry editor. No need to restart the computer, reopen IE, click the "Tools → Internet Options → Security" tab again, and you will see an additional "My Computer" icon, where you can set its security level. Set its safety level higher, so that the prevention will be tighter.