Windows XP operating system security

Windows XP operating system security (a)

Microsoft once boasted: "Windows XP users will no longer need to worry about network access security", visible Windows XP The NT kernel type operating system is more powerful than any Windows system, but there are also many worrying issues.

Here, let's take a look at the security of Windows XP. Let's look at its advantages:

Security

First, perfect user management function

Windows XP uses the Windows 2000/NT kernel and is very secure in user management. Any additional users can see it when they log in. Unlike Windows 2000, users who have been added an administrator group by hackers can't find it. Using the NTFS file system, you can restrict user access to a folder by setting a folder's security options, such as when a normal user accesses another user's document. You can also enable auditing for a file (or folder) and log the user's access to the file (or folder) to a security log file to further enhance the supervision of file operations.

Second, transparent software restriction policy

In Windows XP, software restriction policies use a "transparent" way to isolate and use unreliable, potentially harmful code for user data. This protects your computer from viruses, Trojans, and worms that spread through email or web pages, ensuring data security.

3. Support NTFS file system and encrypted file system (EFS)

The encrypted file system (EFS) in Windows XP is based on public key and utilizes the default EFS setting of CryptoAPI structure, EFS You can also use the extended Data Encryption Standard (DESX) and Triple-DES (3DES) as encryption algorithms. Users can easily encrypt files.

When encrypting, EFS automatically generates an encryption key. When you encrypt a folder, all the files and subfolders in the folder are automatically encrypted, and your data is more secure.

Fourth, secure network access features

The new features are mainly in the following aspects:

1, the patch is automatically updated, for users to reduce the burden

2, the system comes with Internet connection firewall

comes with Internet firewall, supports LAN, VPN, dial-up connection. Support "custom settings" and "log view" to build a "hacker defense" for the security of the system.

3, close the "back door"

In the previous version, the Windows system has a few "back doors", such as 137, 138, 139 and other ports are "open the door", These ports are now closed in Windows XP.

Windows XP operating system security (2)

Insecure

Windows XP increases with usage time , gradually exposed some vulnerabilities, below, to talk about several drawbacks of Windows XP security.

First, several vulnerabilities caused by UPnP service

UPnP is the abbreviation of "Universal Plug and Play", which is a service that allows the host to locate and use devices on the LAN. Vulnerabilities:

1, NOTIFY buffer overflow

UPnP buffer overflow problem, when processing the Location field in the NOTIFY command, if the IP address, port and file name part is too long, A buffer overflow will occur. Causes the contents of the server program process memory space to be overwritten. Note that the server program listens to broadcast and multicast interfaces so that an attacker can attack multiple machines at the same time without knowing the IP address of a single host. The UPnP service runs in the context of the System, and if the attacker succeeds in exploiting the vulnerability, the host can be fully controlled.

2, generate DoS, DDOS attack

send a UDP packet to the 1900 port of the system running UPnP service, where the address of the "LOCATION" domain points to the Chargen port of another system, possibly Put the system into an infinite connection loop. The system CPU is 100% occupied and cannot provide normal service. In addition, an attacker can use this vulnerability to initiate a DDOS attack. As long as a fake UDP packet is sent to a network with a large number of XP hosts, the XP host may be forced to attack the specified host.

Workaround: 1 Go to the Microsoft website to download the patch.

2Set the firewall to prohibit the connection of the external network packets to the 1900 port.

3 Close the UPnP service (Figure 1).
Figure 1

Second, remote desktop plaintext account name transfer vulnerability

When the connection is established, Windows XP Remote Desktop sends the account name in clear text to the client connecting it. The account name sent is not necessarily the user account of the remote host, but also the account name most commonly used by the client. The sniffing program on the network may capture the account information.

Workaround: Stop remote desktop use (Figure 2).


Figure 2

Windows XP operating system security (3)

Three, fast account switching function The account lock vulnerability is caused.

The design of the Windows XP quick account switching function is problematic. Users can use the account fast switching function to quickly re-attempt to log in a user name. The system considers that there is a violent guessing attack, resulting in all non-administrators. The lock of the account.

Workaround: Disable the account fast switching function (Figure 3).


Figure 3

Compared with the previous Windows system, Windows XP is undoubtedly more secure!