Create a personal computer security ultimate defense line

xiaoxiao2021-03-31  211

Create a personal computer security ultimate defense line

REFER TO: http://www.yuese.com/bbs/viewthread.php?tid=226546

Newly created personal computer security ultimate line, suitable for Windows 2000 or later.

[1. Prohibition of default sharing] 1. First check the local shared resource to run "CMD" -> Enter "Net Share" 2. Remove Share (one Enter one) NET Share Admin $ / Delete Net Share C $ / Delete Net Share D $ / Delete (if there is e, f, ... can continue to delete) 3. Remove IPC $ Empty Connection to find "HKEY_LOCAL_MACHINE" in the registry -> "system" -> "currentControset" -> "control" -> "LSA "Numerical data of the Numerical Name RestrictAnonymous is changed from 0 to 1. 4. Off 139 port (IPC and RPC vulnerability exists) Turns off the 139 port: Select" Local Connection "in" Network and Dial Connections " Internet Protocol (TCP / IP) "property, enter" Advanced TCP / IP Settings "," WINS Settings "has a" NetBIOS for TCP / IP ", and the tick closes the 139 port and prohibits the RPC vulnerability. [Second, Set the service item, do a good internal defense] A program: Service Policy Opens "Control Panel" -> Administrative Tools -> "Services", close the following services: 1.alerter [Notify the selected user and computer management alert] 2 .Clipbook [Enable "Scrapbook Viewer" storage information and share with remote computer] 3. Distributed file system [Share the scattered file into a logical name, share it, close the remote computer can not access the sharing 4.distributed link tracking Server [Applicable LAN Distributed Link Tracking Client Services] 5.Human Interface Device Access [Enable General Input Access to Human Interface Equipment (HID)] 6.Imapi CD-Burning COM Service [Manage CD Recording] 7.indexing Service [Provide index content and properties of files on local or remote computers, leak information] 8. KeBeros Key Distribution Center [Authorized Protocol Logging Network] 9.License Logging [Monitor IIS and SQL If you don't have IIS and SQL, stop] 10 .Messenger [Alert] 11.Netmeeting Remote Desktop Sharing [NetMeeting Leaved Customer Information Collection] 12.NET Work DDE [Provides dynamic data exchange for programs running on the same computer or different computers] 13.Network DDE DSDM [Manage Dynamic Data Exchange (DDE) Network Sharing] 14.Print Spooler [Printer Service, no printer is prohibited] 15.Remote Desktop Help Session Manager [Manages and Controls Remote Assist] 16.Remote Registry [Modify Local Registry] 17.ROUTING AND Remote Access [Provide routing service in LAN and Wangee, hacker reasons Registration information] 18. Server [Support this computer through the network file, print, and named pipe sharing] 19.Special Administration Console Helper [Allow administrators to use emergency management services remote access command line prompt] 20.TCP / IPNetBIOS Helper [ Provide support for NetBIOS and network clients on the TCP / IP service to support support for users to share files, print, and log in to the network] 21.Telnet [Allow remote users to log in to this computer and run the program] 22.Terminal SERVICES [Allow users to connect to remote computers in interactive] 23.Windows Image Acquisition (WIA) [Photo Service, Applications and Digital Camera] B Program: Account Policy Opens "Administrative Tools" -> Local Security Settings ->

"Password Policy" 1. Password must be compliant with complex requirements to enable 2. The minimum value. I set it 10 3. The password longest use. I am the default setting 42 days 4. Password shortest use deadline 0 days 5. Mandatory password History Remember 0 passwords 6. Storage passwords with reducible encryption to disable C Programs: Local Policy Opens Administrative Tools -> "Local Security Settings" -> Local Policy -> Review Policy 1. Audit Policy Change success failure 2. Review login event success failure 3. Audit object access failed 4. Audit Tracking Process No audible 5. Audit Directory Service Access Failure 6. Audit Privilege Failure 7. Audit System Event Success Failure 8. Audit Account Logging Time Successful Failure 9. Audit Account Management Success Failed to "Administrative Tools" -> "Event Viewer" -> "Applications" -> Right Key "Properties", set the log size upper limit (can set 512000KB selection does not overwrite the event); Sex "-> Right key" Properties ", set the log size upper limit (can set the 512000KB selection without overwrite;" system "-> right key" Properties ", set the log size upper limit (can set 512000KB selection without overwrite events) D Program: Security Policy Opens Administrative Tools -> "Local Security Settings" -> "Local Policy" -> "Security Options" 1. Interactively login. Do not need to press CTRL Alt DEL (Be enabled according to personal needs) 2 Network access. No anonymous enumeration of SAM accounts is enabled 3. Network access. Anonymous shares will delete the later value 4. Network Access. Anonymous named pipe Delete the back value 5. Network access. Remote access The registry path will delete the later value 6. Network access. The subpath of the registry remotely access will delete the rear value 7. Network access. Limit anonymous access Named pipes and share 8. Account. Rename the guest account Guest It is best to write one you can remember the Chinese name, let hackers go to guess Guest, but also have to delete this account, have a detailed explanation) 9. Account. Rename the system administrator account (recommended to take the Chinese name) E Program: User Permission Assignment Policy Opens Administrative Tools -> Local Security Settings -> "Local Policy" -> User Rights Assignment 1. From the network access computer, there are 5 users in the computer, except for admin, we delete 4 , Of course, wait for us to build an id 2. From the remote system to shut down, the admin account is also deleted, one does not stay 3. Refuse to access this computer to delete ID 4. From the network Access this computer Admin can also be deleted, if you don't use similar 3389 services 5. Allow logins to delete Remote through the terminal Desktop Users F Program: Terminal Services Open Administrative Tools -> Terminal Services 1. Open, point connection, right-click, attribute, remote control, point does not allow remote control 2. Regular, encryption level, high, Use the standard Windows verification on the point! 3. Network card, set up the maximum number of connections to 0 4. Advanced, will delete the permissions inside, then click the server settings, on Active Desktop, set disable, and limit each one Session G Program: User and Group Policy 1. Open Administrative Tools -> Computer Management "->". Local User and Group. User "2. Delete Support_388945a0 users, etc., leaving only the ADMINISRATOR permission you change your name 3. Open "Computer Management" -> "->" Group ". We will not group. Division experience (no matter what he. Default setting) h Program: DIY Policy (according to personal needs) 1. When the login time is running out of the user (local) to prevent hacker password penetration. 2. The last login name is not displayed on the landing screen (remote) If the 3389 service is open, if you log in, you will not have your username. Let him guess your username. 3. Additional limitations for anonymous connections 4. Disable by Alt CRTL DEL 5. Allow the shutdown to be turned off before logging in (prevent remote shutdown / start, forced shutdown / start) 6 Only local landing users can access CD-ROM 7. Only local landing users can access floppy drive 8. Tips for canceling the reason 1) Open the control panel window, double-click the "Power Option" icon,

In the Subsequent Power Properties window, enter the "Advanced" tab; 2) At the "Power Button" setting item at this page, set "Shut down", click "when pressing the computer power button. Determine the "button to exit the setting box; 3) When you need to shut down, you can press the power button directly to close the computer directly. Of course, we can also enable sleep function keys to achieve fast shutdown and boot; 4) If there is no sleep mode in the system, you can open the power option, enter the sleep tab, and will be "in it" Enable Horm option is selected. 9. Prohibit Shutdown Event Tracking "Start" -> "Run" -> Enter "gpedit.msc", in the left side of the window, select Computer Configuration -> Manage Template -> "System", on the right Window Double-click "Shutdown Event Tracker" in the dialog box that appears, click "Disable", click "OK" to save this, you will see a shutdown window similar to Windows 2000. [Third, modification rights to prevent damage system such as virus or Trojans] The current wooden horse still likes to reside in the System32 directory, if we use the command to limit the write and modify the permissions with the command, then they have no way to write inside Look at the command: a command: Cacls C: Windowssystem32 / g Administrator: r Prohibition, write C: WindowsSystem32 directory Cacls C: Windowssystem32 / g Administrator: f Recovery modification, write C: windowssystem32 directory such viruses, etc. Go, if you feel that this is not safe enough, you can also modify the other dangerous directories, such as direct modification of the permissions of the C drive, but after modifying the software, you need to restore the permissions when you install the software. B Command: Cacls C: / G Administrator: r Prohibition, write CACLS C: / G Administrator: f Recovery modification, write to this method to prevent viruses, if you think that some virus firewall consumes too big memory, This method can be solved slightly. C Command: The following command is recommended to the advanced administrator (because the WIN version is different, please modify the parameters yourself) Cacls% SystemRoot% System32cmd.exe / E / D IUSR_COMSPEC prohibits network users, local users use CMD CaCls% under command line and GUI Systemroot% System32cmd.exe / E / D IUSR_LSA Restore network users, local users use cmd cacls% systemroot% system32tftp.exe / e / d iUSR_LSA from command line and GUI to use TFTP under command line and GUI . EXE CACLS% SystemRoot% System32TFTP.EXE / E / D IUSR_LSA Restore network users, local users use TFTP.EXE CACLS% SystemRoot% System32TFTP32.EXE / E / D IUSR_LSA to prohibit network users, local users in commands in command line and GUI Using TFTP32.EXE CACLS% SystemRoot% System32TFTP32.EXE / E / D IUSR_LSA to restore network users, local users use TFTP32.exe in command line and GUI [four, important file name encryption [NTFS format]] this command The purpose can encrypt the Windows password file, QQ password, etc. Command line mode encryption: Enter the "Cipher / E file name (or folder name)" in the DOS window or "Start" -> "Run" command line.

Decrypt: Enter the "Cipher / D file name (or folder name)" in the DOS window or "Start" -> "Run" command line. [V. Modify Registry Defense DDoS] In the registry "hkey_local_machine" -> "system" -> "currentControlSet" -> "Services" -> "TCPIP" -> "parameters" can help you defense a certain strength DoS attacks. SynAttackProtect REG_DWORD 2 EnablePMTUDiscovery REG_DWORD 0 NoNameReleaseOnDemand REG_DWORD 1 EnableDeadGWDetect REG_DWORD 0 KeepAliveTime REG_DWORD 300,000 PerformRouterDiscovery REG_DWORD 0 EnableICMPRedirects REG_DWORD 0 more new defensive skills Please search for other information, [VI] to create a more secure firewall only open the necessary ports To close the remaining port. Because the system is installed by default, there is generally open to the outside of the export, hackers will use the scan tool to scan those ports available, which is a serious threat to security. The author will now publish the ports you know as follows: Port Protocol Application 21 TCP FTP 25 TCP SMTP 53 TCP DNS 80 TCP HTTP Server 1433 TCP SQL Server 5631 TCP PCANYWHERE 5632 UDP PCANYWHERE 6 (non-port) IP protocol 8 (non-port) The IP protocol, then according to our own experience, close the following port to close TCP 21 22 23 25 TCP SMTP 53 TCP DNS 80 135 EPMAP 138 [Shock Wave] 139 SMB 445 1025 DCE / 1FF70682-0A51-30E8-076D-740BE8CEE98B 1026 DCE / 12345778-1234-abcd-ef00-0123456789ac 1433 TCP SQL SERVER 5631 TCP PCANYWHERE 5632 UDP PCANYWHERE 3389 4444 [blast] 4489 UDP 67 [blast] 137 netbios-ns 161 An SNMP Agent is running / Default community names of the SNMP Agent on UDP Generally only the Tencent OICQ will open 4000 or 8000 ports, then we only run this machine to use 4000 ports, you will line [Seven, protect personal privacy] 1, TT browser selection to browse the website with another browser. I recommend TT Using TT is reasonable .tt can identify scripts in the web, Java programs, can resist some malicious scripts, etc., and TT even infected, you delete it and reinstall one is. (But some people I like to use myie, of course, it can be) 2. Move "My Document" into the resource manager, right click "My Document", select "Properties", point "Move" button in the Target Folder tab, select Press "OK" after the target disk. In Windows 2003, "My Document" is difficult to see, the desktop, the start, etc. can not be seen, it is recommended to use friends who use often to put a shortcut to the desktop.

转载请注明原文地址:https://www.9cbs.com/read-130928.html

New Post(0)