【 Weak current College 】 against hacker attacks seven strategy---Power By 【 China power house network 】

★ Strategy 1: host service port closed
Host provide most WWW, Mail, FTP, network services, such as daily BBS, each network host principle can also provide several services, a host that offers so many services? because, Unix/Windows system is a multi-user, multitasking system, network service is divided into many different ports, every port provides a different service, a service may have a program to monitor port activity at all times, and give proper answer. And the interpretation of the port has become the norm, such as: FTP port is 21 service, Telnet service port is 23, the WWW service port is 80.
Hackers often use some tools such as Portscan software, on the target host to a range of ports to perform the scan. This can all get the target host port. There is a good tool Haktek, this is a very practical tool software, it will be integrated with many uses, including: Ping, IP address range scan, target host port scan, mail bombs, filtering mail, Finger host are very useful tools. Complete the target host scanning task, first tell Haktek target host location, i.e. the domain name or IP address. Choose the port scanning, enter the scanning range, start scanning, the screen will soon return to the activation of the port number and corresponding services. On the data collection is very fast and complete. Therefore, if you suspect or confirmed host was attacked by hackers, it is first necessary to immediately close the host may be hackers use service ports to block hackers.
★ Strategy 2: terminate processes to prevent the use of dangerous processes
For Windows operating system, press CTRL + Alt + Del to open Task Manager, terminate suspicious process. Find suspicious process, use the Windows search function to find the process is detailed path, a path can know that the process could not be justified, for example, by the path "C:\ProgramFiles\3721\assistse.exe" knows that the program is a process, 3721. If you are unable to process can be of two mindsof due process, you can copy the full name of the process, such as: "xxx.exe" to such global search www.baidu.com engine to search on. The process is the process that should first hacker kill the process, for Windows9x system, select the process, click on the following "end task" button, Windows2000, Windowsxp, Windows2003 system is in the process, right-click on the pop-up menu, choose "end task". Terminate process after finding the path of the process, and remove the finished best again antivirus, this foolproof. Once the application process manager kill processes of meticulous process goes like this: "through the process name and path of the judgment could not suspect — kill process — delete process program". By hackers, in addition to kill the processes in the system, you should prevent the use of dangerous may be hackers use process.
★ Strategy 3: host the modify account number and password
According to the usual experience, some systems there are always some customary common account number, account number is the system for any use and configuration. For example: Windows operating system administrator account, creating a WWW site account might be html, www, web, etc, to install the Oracle database can be Oracle's account number, user training or tutorial and user1, user2 configured, student1, student2, client1 and client2, accounts, some of the common English name is also often used, for example: tom, john, a hacker can under system services, and in its home page to get the staff name information to guess.
End a process diagram on many hacking system analysis indicates that the instance, as a normal user on system security is not careful identification, passwords are easily guess, general user of the original password is the same as the majority and the account number, this is not a little security, get their account information and then get it password; the password is also part of the application, for example: more basic will account for the first letter upper case, followed by a number, or the use of basic numbers 0, 1, as the password. There are pairs of account number and password, for example: username is admin, password is manager, etc. In the ordinary users to execute the test password, you can target host system's major account Executive to guess, such as: some system administrator root password for host names, like Sun, Digital, sparc20, alpha2100, Oracle database account password for oracle7, oracle8, frequent system security incidents.

Therefore, subjected to hackers, shall promptly modify the master account and password, to prevent hackers again through the account number and password into your host.
★ Strategy four: host system check and backup the log
The host system's logging provides a detailed audit of system activities, these logs are used to evaluate, review system runtime environment and a variety of actions. For general information, logging, including logging user login, logon, and to do so, if used properly, logging to system administrators related hazards safety violations or intrusion attempts and other useful information.
In Unix systems, for example, provides detailed logging of all kinds, as well as the related logs lots of tools and utilities. These audit records are typically generated automatically by a program, is part of the default configuration, toUnix administrator to find the help system in doubt, it is useful for system maintenance. There are also some logging, need administrator performs configuration to take effect. Most of the logging file is saved in/var/log directory, in this directory in addition to save the system build log, including some log files using the software. Of course the/var directory of other subdirectories also logs some other kinds of logging file, depending on the use of careful configuration. System logon log saves each user logon records, this information includes the user name, login, starting end time, and where to login into the system, and so on.
When attacked by hackers, shall, without delay, check and backup the master system log, destroyed by the hacker system perform the restore time.
★ Strategy five: key data backup
Data backup is data to be saved in some form so that the system damage or other specific circumstances, be used by a process. Data backup of its fundamental purpose is the application again, that is to say, the core of the backup job is restored. Data backups as the storage space is a major component, its location in the storage system and the role that cannot be ignored. For a complete enterprise IT systems, the backup job is one of the essential components. Its significance lies not only in preparedness for unexpected events, but also the historical data saved the best form of archive. In other words, even if the system is functioning properly, without any data loss or damage occurs, backup jobs still have very big meaning — as we perform historical data query, statistics and analysis, as well as the main information provided may be archived.
If your host was tragically intrusion of hackers, you first have to do is backup host key data in surviving, in order to restore the system back to normal operation after restoring the system data in a timely manner.
★ Strategy six: query firewall log detailed records, modify the firewall security policy
As the network attacks and information security skills development, a new generation of more powerful, more secure firewall is already available, this stage of the firewall has exceeded original traditional firewalls, has evolved into a full range of security skills integrated system, we call it the fourth-generation firewall, it can withstand current common network attacks, such as IP address spoofing, Trojan horse attacks, Internet worms, password search attacks, mail attacks, and so on.
However, as the saying goes "road always prevails over the force of Justice", features and powerful firewall also need to manually configure security policy, since users different levels of network security, hackers can use the firewall security policy vulnerabilities to bypass firewall implementation on a host of attacks. Firewall logs are meticulous records of hacking tools and processes that were hacked, we shall, in accordance with the firewall log and detailed records, targeted to modify the firewall security policy to enable it to respond to emerging forms of attack, so that the firewall security policy became more comprehensive.
★ Policy 7: use of data on the hard disk DiskRecovery skills to perform restore
In the worst case, hackers can damage or even delete the hard drive of all key data. In such cases, it is first necessary to stay calm when data cannot be read or the hard drive is formatted, often can be restored without tension.
The data could restore? this depends mainly on the hard disk data storage. Hard drive consists of a set of metal materials for grass-roots of disc, disc, a magnetic coating on the attachment depends on the hard disk itself rotates and head movement to read and write data. Of these, the outermost one circle known as the "0" track. It records the hard drive specifications, models, master boot records, directory structure, and a series of the most important information. We kept on the hard drive of each file are documented here. In reading the file, the first thing to look for 0 tracks relevant files of the original sector, then the map, to find the location of the file. Deleted, the system merely on 0 tracks file information on deleted flag, but the file itself is not cleared. Just file takes up space in the system are displayed as free, but, when you next to the files stored on your hard disk, the system will give priority to real space, only these areas are used later, will overwrite the deleted files the actual possession of space. In addition, even if the hard disk formatted (such as Format), as long as timely rescue, I still have a lot of hope. We can pick out some professional data restore software to restore the data by hackers, for instance, EasyRecovery, this is a powerful and very powerful hard disk data restore tools that can help you restore the missing data and rebuild the file system.

If you do not have the hard drive data restore knowledge, there are many professional data restore companies also provide hard drive data restore service. If we want to restore data involving trade secrets, then we have to do is prepare new blank hard drive as a data carrier, after restore will not restore the data to other people's machines, not because they were assured has been deleted, since they can restore the data on your hard disk, you must also restore you temporarily present their data on your hard disk. And restore the data of the best has to process the whole monitoring was to prevent the disclosure.