Basic settings
1. Four misunderstandings about online safety
The Internet is actually a world of coming and going, and you can easily connect to your favorite sites, while others, such as hackers, can also easily connect to your machine. In fact, many machines accidentally leave a "backdoor" in the machines and systems because of their poor online security settings, which is equivalent to opening the door for hackers. The more time you spend online, the greater the possibility that others will be invaded by machines through the Internet. If hackers discover security vulnerabilities in your settings, they will attack you, which may be general harassment, such as slowing down your speed or crashing your machine; it may also be more serious, such as opening your confidential files, stealing passwords and credit card passwords. But many people don't think so, because theyCybersecurityThere are four other misunderstandings:
Misunderstanding 1: I don’t connect to other networks, so I’m very safe. Yes, connecting INTERNET requires access to the Internet, but the independent machines that can access the Internet still have some or even all the same network protocols used compared to machines in a commercial network center. A machine in a commercial network center may also have a public firewall or have personnel specifically responsible for security. In sharp contrast, some personal computers used in homes, offices, and small companies are indeed open to the public and have no ability to prevent hackers at all. This threat is realistic: if you use cable modem or DSL to access the Internet and spend a long time online, there may be 2-4 despicable hackers trying to attack you in a day.
Misunderstanding 2: I use dial-up to surf the Internet, so my machine is safe. Every time you start dialing up and surfing the Internet, the IP address you use will be different, that is, dynamic IP, so compared to users with static IP. Hackers are hard to find you, but there are some hackerssoftwareIt has developed to the ability to scan tens of thousands of IP addresses one by one within an hour, so as long as hackers use these tools, even users who dial up to surf the Internet may be attacked.
Misunderstanding 3: I used antivirus software, so I am very safe. A good virus software is indeed an indispensable part of online security, but it is also a very small part. It can protect you by detecting viruses and similar problems, but they are powerless to prevent hackers and "legal" programs with malicious intentions.
Misunderstanding 4: I used a firewall, so I am very safe. Firewalls are very useful, but if your machine always uses insecure methods to receive and send data, and you rely solely on some additional programs to provide security, it is equivalent to putting all the eggs in one basket. Once there are bugs or vulnerabilities in the firewall software, you are in danger. In addition, firewalls have no ability to prevent virus-like software, especially those programs that secretly send or extract data to your machine with malicious intentions. Finally, some firewall software may also help because their manufacturers introduce the characteristics of the product in advertising, which may lead to some attacks specifically targeting their weaknesses.
But there are solutions, you can use the tools you already have, and this article will also tell you what is the safe setting and how to choose security software.
2. One-minute basic knowledge of the Internet
When you see this content, you may want to scan it or jump directly, but it only takes one minute and is very helpful for you to understand the following content. Simply put, you can divide your connection to the network into three layers. The deepest layer is how you physically connect with the network, including hardware. For example, dial-up Internet access, you need to use a "dial-up adapter" to "talk" with your MODEM; if it is a LAN, you need a network card and driver to allow your PC to exchange data with your network card, and DSL, cable, etc. also need a network card. A PC can use multiple hardware adapters at the same time. For example, you can use cable modem to access the Internet, connect to the MODEM for dialing up, and also in the local area network. In this way, there are two network adapters and one dial-up adapter in the network settings of the system.
The middle layer of connection is composed of communication protocols and languages used by your machine to communicate with other machines on the network, such as the TCP/IP protocol, and others include NetBEUI and IPX/SPX. These protocols can also work in parallel. One protocol can be bundled to multiple hardware devices at the same time, and a hardware device can also bundled multiple protocols at the same time. The top-level connection is network devices, login to the Internet, file sharing and print sharing, and top-level client programs, to complete the tasks you need to do on the network, but unfortunately, it is two-way and can also allow hackers to perform their operations on you. So, the trick to keep your security is to make sure there are no dangerous settings and devices. For example, if you don't need to access from the Internet, "file and print sharing" is completely unnecessary, which is a place that hackers often use. In other words, carefully setting up what to bundled can ensure that your machine is less easily accessible, despite some devices and protocols that are less secure in themselves.
3. How to ensure the connection is safe
Before modifying the system settings as I mentioned below, it is best to back up the key data in your system first, or write down your original settings so that you can restore it when needed. If you are on a LAN or have special network requirements, please discuss with the administrator first. Let's check your network settings first: right-click "Network Neighbor" and select "Properties". Now we want to delete some of the INTERNET protocols that are easy to connect to your INTERNET protocol: TCP/IP.
If you are not using dial-up to access the Internet, you can jump directly to the next paragraph. Double-click "Dial Up Adapter" and "Binding", remove all the content except TCP/IP, return to the main interface, double-click "TCP/IP -> Dial Up Adapter", you may see a warning that if you modify it, there will be danger. No matter it, there will be danger if you don't modify it! Click "Binding". If you select "microsoft network user" and "file and print sharing", select them, so that only TCP/IP is left. You will get a warning: TCO/IP is not bound to any drivers." Answer NO. If you use a network card, click the corresponding TCP/IP for each card. For example, I used a cheap Realtek network card, then click "TCP/IP -> Realtek RT8029(as) PCI Ethernet NIC." and click "Binding" to confirm that "micrcosoft network user" and "file and print sharing" are not selected. But if you are on a LAN and want to share files and printers locally, there is also a way to add a non-INTERNET protocol IPX/SPX or NetBEUI is OK. Add the appropriate "micrcosoft network user", select "File and Print Sharing" and you can share files and print!
Now go back and check each adapter and protocol in the system to make sure that "micrcosoft Network User" and "File and Print Sharing" are selected only in IPX/SPX and/or NetBEUI. At the same time, it is also confirmed that these two items are not selected in TCP/IP. Then repeat this checking process for all machines in the LAN. In this way, your machine only uses TCP/IP on INTERNET, and uses non-INTERNET protocols on LANs to share printers and files. Because hackers have to use TCP/IP, they need to spend more time accessing the shared printers and files. It should be noted that any changes to your network settings may reset bindings and other settings, even content you have not touched on. When you or the software you installed has modified your network settings, you must perform the steps described above to check the TCP/IP connection to make sure it remains "clean" and is not bound to "micrcosoft Network User" and "File and Print Sharing". AOL (American Online) has something disgusting: it adds its own (usually unnecessary) adapter to your network settings and may modify your binding settings incorrectly. Some users report after installing AOL that their "file and print sharing" is bound to TCP/IP, meaning that printers and files are provided to anyone who wants to connect. The tips described above are also effective in avoiding AOL.
You can do a lot of work to improve your network security, which we will discuss below, but the above settings will eliminate the most common and prominent network security issues of WINDOWS PC, block the most obvious vulnerabilities, and give you a safer online operation basis. Once you learn the above method and only take a few minutes to check, you basically don’t need other auxiliary software. The advantage of doing this is that you don’t have to spend money!
1. Four misunderstandings about online safety
The Internet is actually a world of coming and going, and you can easily connect to your favorite sites, while others, such as hackers, can also easily connect to your machine. In fact, many machines accidentally leave a "backdoor" in the machines and systems because of their poor online security settings, which is equivalent to opening the door for hackers. The more time you spend online, the greater the possibility that others will be invaded by machines through the Internet. If hackers discover security vulnerabilities in your settings, they will attack you, which may be general harassment, such as slowing down your speed or crashing your machine; it may also be more serious, such as opening your confidential files, stealing passwords and credit card passwords. But many people don't think so, because theyCybersecurityThere are four other misunderstandings:
Misunderstanding 1: I don’t connect to other networks, so I’m very safe. Yes, connecting INTERNET requires access to the Internet, but the independent machines that can access the Internet still have some or even all the same network protocols used compared to machines in a commercial network center. A machine in a commercial network center may also have a public firewall or have personnel specifically responsible for security. In sharp contrast, some personal computers used in homes, offices, and small companies are indeed open to the public and have no ability to prevent hackers at all. This threat is realistic: if you use cable modem or DSL to access the Internet and spend a long time online, there may be 2-4 despicable hackers trying to attack you in a day.
Misunderstanding 2: I use dial-up to surf the Internet, so my machine is safe. Every time you start dialing up and surfing the Internet, the IP address you use will be different, that is, dynamic IP, so compared to users with static IP. Hackers are hard to find you, but there are some hackerssoftwareIt has developed to the ability to scan tens of thousands of IP addresses one by one within an hour, so as long as hackers use these tools, even users who dial up to surf the Internet may be attacked.
Misunderstanding 3: I used antivirus software, so I am very safe. A good virus software is indeed an indispensable part of online security, but it is also a very small part. It can protect you by detecting viruses and similar problems, but they are powerless to prevent hackers and "legal" programs with malicious intentions.
Misunderstanding 4: I used a firewall, so I am very safe. Firewalls are very useful, but if your machine always uses insecure methods to receive and send data, and you rely solely on some additional programs to provide security, it is equivalent to putting all the eggs in one basket. Once there are bugs or vulnerabilities in the firewall software, you are in danger. In addition, firewalls have no ability to prevent virus-like software, especially those programs that secretly send or extract data to your machine with malicious intentions. Finally, some firewall software may also help because their manufacturers introduce the characteristics of the product in advertising, which may lead to some attacks specifically targeting their weaknesses.
But there are solutions, you can use the tools you already have, and this article will also tell you what is the safe setting and how to choose security software.
2. One-minute basic knowledge of the Internet
When you see this content, you may want to scan it or jump directly, but it only takes one minute and is very helpful for you to understand the following content. Simply put, you can divide your connection to the network into three layers. The deepest layer is how you physically connect with the network, including hardware. For example, dial-up Internet access, you need to use a "dial-up adapter" to "talk" with your MODEM; if it is a LAN, you need a network card and driver to allow your PC to exchange data with your network card, and DSL, cable, etc. also need a network card. A PC can use multiple hardware adapters at the same time. For example, you can use cable modem to access the Internet, connect to the MODEM for dialing up, and also in the local area network. In this way, there are two network adapters and one dial-up adapter in the network settings of the system.
The middle layer of connection is composed of communication protocols and languages used by your machine to communicate with other machines on the network, such as the TCP/IP protocol, and others include NetBEUI and IPX/SPX. These protocols can also work in parallel. One protocol can be bundled to multiple hardware devices at the same time, and a hardware device can also bundled multiple protocols at the same time. The top-level connection is network devices, login to the Internet, file sharing and print sharing, and top-level client programs, to complete the tasks you need to do on the network, but unfortunately, it is two-way and can also allow hackers to perform their operations on you. So, the trick to keep your security is to make sure there are no dangerous settings and devices. For example, if you don't need to access from the Internet, "file and print sharing" is completely unnecessary, which is a place that hackers often use. In other words, carefully setting up what to bundled can ensure that your machine is less easily accessible, despite some devices and protocols that are less secure in themselves.
3. How to ensure the connection is safe
Before modifying the system settings as I mentioned below, it is best to back up the key data in your system first, or write down your original settings so that you can restore it when needed. If you are on a LAN or have special network requirements, please discuss with the administrator first. Let's check your network settings first: right-click "Network Neighbor" and select "Properties". Now we want to delete some of the INTERNET protocols that are easy to connect to your INTERNET protocol: TCP/IP.
If you are not using dial-up to access the Internet, you can jump directly to the next paragraph. Double-click "Dial Up Adapter" and "Binding", remove all the content except TCP/IP, return to the main interface, double-click "TCP/IP -> Dial Up Adapter", you may see a warning that if you modify it, there will be danger. No matter it, there will be danger if you don't modify it! Click "Binding". If you select "microsoft network user" and "file and print sharing", select them, so that only TCP/IP is left. You will get a warning: TCO/IP is not bound to any drivers." Answer NO. If you use a network card, click the corresponding TCP/IP for each card. For example, I used a cheap Realtek network card, then click "TCP/IP -> Realtek RT8029(as) PCI Ethernet NIC." and click "Binding" to confirm that "micrcosoft network user" and "file and print sharing" are not selected. But if you are on a LAN and want to share files and printers locally, there is also a way to add a non-INTERNET protocol IPX/SPX or NetBEUI is OK. Add the appropriate "micrcosoft network user", select "File and Print Sharing" and you can share files and print!
Now go back and check each adapter and protocol in the system to make sure that "micrcosoft Network User" and "File and Print Sharing" are selected only in IPX/SPX and/or NetBEUI. At the same time, it is also confirmed that these two items are not selected in TCP/IP. Then repeat this checking process for all machines in the LAN. In this way, your machine only uses TCP/IP on INTERNET, and uses non-INTERNET protocols on LANs to share printers and files. Because hackers have to use TCP/IP, they need to spend more time accessing the shared printers and files. It should be noted that any changes to your network settings may reset bindings and other settings, even content you have not touched on. When you or the software you installed has modified your network settings, you must perform the steps described above to check the TCP/IP connection to make sure it remains "clean" and is not bound to "micrcosoft Network User" and "File and Print Sharing". AOL (American Online) has something disgusting: it adds its own (usually unnecessary) adapter to your network settings and may modify your binding settings incorrectly. Some users report after installing AOL that their "file and print sharing" is bound to TCP/IP, meaning that printers and files are provided to anyone who wants to connect. The tips described above are also effective in avoiding AOL.
You can do a lot of work to improve your network security, which we will discuss below, but the above settings will eliminate the most common and prominent network security issues of WINDOWS PC, block the most obvious vulnerabilities, and give you a safer online operation basis. Once you learn the above method and only take a few minutes to check, you basically don’t need other auxiliary software. The advantage of doing this is that you don’t have to spend money!