ظاهرا دوستان كمكي نمي خواهند بكنند ولي انچه را كه خودم در اينترنت يافتم براي علاقمندان مي گذارم
Disable unnecessary services
An unnecessary service is an unnecessary hacker hole, as well as a drain on system resources. You can disable services via Control Panel > Administrative Tools > Services
You may wish to consider disabling the following services:
• Disable IIS - Luckily, IIS in not installed by default in Windows XP. If you enabled it during your installation, and aren't using it you should disable it. If you are using IIS on your workstation, you need to take extra precautions to lock it down and stay on top of security vulnerabilities specific to web services.
• Netmeeting Remote Desktop Sharing
• Remote Desktop Help Session Manager - If you haven't disabled this via Group Policy already
• Remote Registry
• Routing & Remote Access - if your not dialing into your machine.
• SSDP Discovery Service - this disables the Universal PNP Service, which leaves TCP Port 5000 wide open.
• Universal Plug and Play Device Host - This is designed to allow your computer to automatically connect to network-enabled appliances. Although there are no practical uses for this technology yet, several severe security flaws have already been discovered. Use the UnPlug and Pray utility from Gibson Research to disable "Universal Plug and Play". Gibson's web site has additional information about why this is necessary
• Telnet
Disable AutoRun for the CD-ROM
One of the easiest ways for a hacker with physical access to a company's PC's to distribute malicious code is via the CD-ROM. By creating a custom CD with a payload set to launch from the autorun feature in any machine, a hacker can affect any number of unlocked systems without ever leaving a fingerprint or touching a keyboard. Or he/she can simply leave a few of these lying around the office marked "MP3's", or "Payroll Data" and wait for an unsuspecting user to simply pick it up and insert it into their machine. You can disable this function in Windows XP Professional by clicking Start > Run > and type GPEDIT.MSC Then go to Computer Configuration > Administrative Templates > System > Locate the entry for Turn autoplay off
Disable default shares
Windows XP automatically creates a number hidden administrative shares that the operating system uses to manage the computer environment on the network. These default shares can be disabled via the Computer Management console in the Control Panel, but they are re-enabled by the system after you restart your computer. The default hidden shares are:
Path and Function
C$ D$ E$ Root of each partition. For a Windows XP Professional computer, only members of the Administrators or Backup Operators group can connect to these shared folders.
ADMIN$ %SYSTEMROOT% This share is used by the system during remote administration of a computer. The path of this resource is always the path to the Windows XP system root (the directory in which Windows XP is installed: for example, C:\Winnt).
FAX$ This used by fax clients in the process of sending a fax. The shared folder temporarily caches files and accesses cover pages stored on the server.
IPC$ Temporary connections between servers using named pipes essential for communication between programs. It is used during remote administration of a computer and when viewing a computer's shared resources
NetLogon This is used by the Netlogon service to process log on requests
PRINT$ %SYSTEMROOT%\SYSTEM32\SPOOL\DRIVERS Used during remote administration of printers.
To prevent these shares from being created at startup, open RegEdit and edit the following key: HKeyLocalMachine\SYSTEM\CurrentControlSet\Services \LanManServer\Parameters Create a DWORD value called AutoShareWks and set the parameter to 0. (Note: This does not disable the IPC$ share in our tests, we're still working on a solution). You should test the functionality of your programs and services after you disable the default administrative shares. Some Windows services depend on the existence of these shares. In addition, some third-party programs may require that some of the administrative shares exist. For example, some backup programs may require these shares. You may be able to restore functionality by manually creating the required shares.
مجوز های ارسال و ویرایش
LinkBack URL
About LinkBacks
