Text / Jianghai off (seak@163.net)
windows95/98 系统是国内个人用户的主要OS平台,而这个系统的确是一个非常易用又非常不安全的系统,我认为对95/98来说,最大的威胁来源于本机而不是网上,因为毕竟95/98能对外开放的服务十分有限,又不会担当重要服务器的角色,可以说黑客即缺乏攻击的兴趣,也缺少不借助后门工具的有效手段。 windows95/98 system is the individual user's primary OS platform, and this system is really a very easy to use and very secure system, I think the 95/98, the biggest threat comes from the machine rather than online, because After all, 95/98 to open the service is very limited, and will not play an important role of the server, hackers can be said that the lack of interest in the attack, but also the lack of tools is not an effective means through the back door. 但95/98分级设置权限的能力比较弱,可谓是一旦别人用上你的机器,你根本没有秘密可言。 However, the ability to set permissions 95/98 classification is relatively weak, can be said is that once someone else to spend your machine, you do not secret at all. 当你的机器被他人使用时,你面临的安全威胁主要包括: When you use the machine by others when you are faced with security threats, including:
1、 你的所有文件信息都将暴露在使用者面前,他可以很容易的查看、COPY、删除你的一切文件、做掉你的硬盘等等,95/98为用户保存桌面和个性设置也是根本没有安全性可言的。 1, all of your file information will be exposed to the user before he can easily view, COPY, delete all your files, do so out of your hard drive, 95/98 for the user to save the desktop and personal settings are also fundamental there is no security at all.
2、 你的各种密码可以很容易的被使用者查看到,有些密码本身就是明文的,比如ICQ的密码,你的拨号密码、MAIL、FTP密码如果保存在相应工具的密码栏中,以*显示的,但使用者可以依靠一些小工具轻松看到。 2, a variety of password you can easily see to be the user, the password itself is clear that some, such as ICQ's password, your dial-up password, MAIL, FTP password if the password stored in the corresponding tool bar to * shows, but the user can rely on some small tool to easily see. 另外,你与服务器的连接密码也可以被轻松查到。 In addition, your connection to the server password can also be easily found. 你CMOS密码也可以被查到,或者被解除。 Your CMOS password can also be found, or be removed.
3、 你的COOKIE和Temporary Internet Files目录可能会暴露你某些网上资源的密码,文档、查找、运行、浏览器等的历史记录会暴露你的一些近期行为。 3, COOKIE and your Temporary Internet Files directory may be exposed to some online resources you the password, documentation, find, running, browser history, etc. will be exposed to some of your recent behavior.
4、 使用者可能在你机器上安置如BO、NETBUS的后门工具,以便从远程控制你的系统、监视你的行为。 4, the user may be placed on your machine, such as BO, NETBUS the back door of tools to remotely control your system, monitor your behavior. 因此可以看出,95/98系统保证安全的最大可能是作到专机专用, So you can see, 95/98 most likely to ensure the safety of done special plane
1、 锁好你的门,关好你的机箱:谁都明白被盗可能最严重的损失,更没有任何一种窃取信息的方法比直接偷走你的硬盘更有效。 1, lock your doors, shut your case: everyone knows that theft may be the most serious losses, but there is no one way to steal information to steal your hard disk than the more direct and effective. 同时,你的开机密码可以轻松的被通过改变主板上的跳线或者DIP开关解除。 Also, your power-on password can easily be changed by the motherboard jumpers or DIP switches on the lift. 这使你的一切防范都没有意义。 This makes no sense to prevent you all. 对有锁的机箱,你应当充分利用,对于一般螺丝固定的机箱,你可以在机箱接缝处上加一小块不干胶条,即使你无法防止你的机箱被他人打开,至少你要保证你能随时发现蛛丝马迹, There are locks on the chassis, you should make full use of screws for general chassis, the chassis seams you can add a small piece of adhesive bar, even if you can not prevent your case opened by others, at least you should ensure that You can easily find clues,
2、 设置好你的开机密码:这可能是最有效的防线,只要非法使用者无法猜出你的密码就没有办法,特别注意的是,有些版本的BIOS是有通用密码的,比如早期AWORD的BIOS。 2, set up your power-on password: This is probably the most effective line of defense, as long as the illegal user can not guess your password there is no way, special attention is that some version of the BIOS is a common password, such as the early AWORD BIOS. 这种情况下你一定注意对你的BIOS升级。 This case, you must pay attention to your BIOS upgrade.
3、 WINDOWS开机密码与权限设置:有人说WINDOWS密码没有任何意义,这是不对的,事实上,WINDOWS可以通过修改注册表实现一些用户分级的能力。 3, WINDOWS power-on password and permissions settings: Some people say there is no sense WINDOWS password, this is wrong, in fact, WINDOWS can modify the registry's ability to achieve some of the user classification. 通过分级你可以达到以下目的,你自己可以使用一切资源,但非法用户用ESC跳过登录或者起新用户名登录时,可以无法使用计算机的一些资源,不能查看任何驱动器上的文件目录列表、程序菜单中没有任何东西、桌面上空空如也、他不能执行任何操作包括打开MS-DOS的窗口也不能关机到MS-DOS状态等等。 You can achieve the following by classification purposes, you can use all the resources, but unauthorized users from using the new ESC to skip login or username, you can not use the computer some of the resources, can not view any file directory on the drive list Nothing in the program menu, desktop, empty, he can not do anything, including MS-DOS window open can not be shut down to MS-DOS state, and so on. 关于对注册表的具体设置,《电脑商情报》家庭版98年4月7日,《谈谈win95系统安全的实现》一文,论述的十分具体,我这里如果具体论述,难免雷同。 With regard to the specific registry settings, "电脑商情报" family edition April 7, 1998, "to talk about the win95 implementation of system security," the article discusses the very specific, I am here if specific discussion, it is inevitable duplication. 如果你对注册表不熟,你可以借助WIN98光盘上的系统策略编辑器。 If you are unfamiliar with the registry, you can use on the CD WIN98 System Policy Editor. 另外,如果你的环境中有NT或者NOVELL的SERVER,你可以把默认登录方式改为登录到它们。 In addition, if your environment has NOVELL NT or the SERVER, you can change the default login to log on to them.
4、 屏幕保护:实际上屏保是非常重要的一级防护,为你的屏保设上可靠的密码和把屏保激活时间设为很短都有助于保护你的机器。 4 Screen Saver: screen saver is actually a very important protection for your screen saver password based on reliable and activate the screen saver is set to a very short time will help to protect your machine. 你可以把你的屏保建立一个快捷方式,当你暂时离开机器时,你可以点击一下就进入屏保状态。 You can create a shortcut to your screen saver mode, when you temporarily leave the machine, you can click on to enter the screen saver state. 屏保是扩展名为scr的文件,在windows\system目录下,你在桌面或者工具条上拖出一个快捷方式就可以了。 Scr screen saver is a file extension in windows \ system directory, you drag the toolbar on the desktop or a shortcut to it. 我特别提醒大家的是,把你的光盘自动运行的特性关闭,破解屏保的办法除了猜到密码外,就是通过一个AUTORUN的光盘,AUTORUN指向的程序可以破解你的屏保密码,禁止自动运行的操作在系统/设备管理器/你CRROM型号设备/属性/设置中,你将自动插入通告的选项去掉就可以了。 I remind you that your CD-ROM auto-run feature off, crack screensaver way in addition to guess the password, is that through an AUTORUN CD, AUTORUN point program can crack your screen saver password, disable the automatic running of the operation In the System / Device Manager / model you CRROM equipment / properties / settings, you will automatically insert notification option to remove it. 可以看出一点,整个的保护要充分依赖于你的密码不被猜出,注意,讨论的密码不单单指你的开机、95和屏保密码,更包括你的上 It can be seen that the whole must fully rely on the protection of your password is not guessed, note that the discussion not only refers to the password you boot, 95 and screensaver password, but also include on your
网、MAIL、CHATROOM、BBS中的密码。 Network, MAIL, CHATROOM, BBS's password. 很难说怎样的密码就是安全的密码,但以下的情形一定是不安全的。 Hard to say what kind of password is a secure password, but the following circumstances must be unsafe.
1、 纯数字的密码,特别是123456、或者888888这样的数字,过短的密码显然是不安全的。 1, Pure Digital's password, in particular, is 123456, or 888888 this number is obviously too short passwords unsafe.
2、 以你或者有关人的相关信息构成的密码,比如生日、电话、姓名的拼音或者缩写、单位的拼音或者英文简称等等。 2, to you or the person related information consisting of the password, such as birthdays, telephone number, name or initials of the alphabet, Pinyin or English units short, and so on.
3、 长时间不变的密码,非法用户有足够的时间试探密码或通过窥视你击键动作来猜测密码。 3, time constant of the password, unauthorized users have enough time to test the password, or spy on your keystrokes by guessing passwords.
4、 多个资源共用一个密码,这是一种把所有鸡蛋都放在一个篮子里的情况,一旦你的一个密码泄露,你所有的资源都受到威胁。 4, a number of resources share a password, which is a put all our eggs in one basket case, once you reveal a password, all your resources are threatened.
当然有时对于个人应用来说,由于信息的含金量往往有限,往往简便要比安全更重要,每周更换一次的,长度与WIN98序列号一样的密码可能是安全的,但也是非常不方便的。 Of course, sometimes for individual applications, gold is often limited because the information is often more important than the security simple, changed weekly, the length of the WIN98 serial number with the same password may be safe but also very inconvenient. 我建议大家选择一些安全或者好用的方法,比如用一句话的拼音字头作为你的密码,比如wmdsjhjc,是什么意思? I suggest that you select some safe or easy way, such as the alphabet with a word prefix as your password, such as wmdsjhjc, What does it mean? 是“外面的世界很精彩”,再插入一些特殊字符构成比如$wmdsj!hjc,这样的密码应当是比较安全的,又是容易记忆的。 Is the "outside world is very exciting," and then insert some special characters such as the composition $ wmdsj! Hjc, this password should be relatively safe, is easy to remember.
另外一点不要怪我没有提醒你,就是小心WIN95/98系统的共享目录,你要知道你共享的内容暴露给所有网内用户,比如说,一个169用户的共享目录可以被所有169网内用户访问,而如果你的机器独占一个真实的IP地址,那么你的共享目录暴露给所有的internet用户了,另外,win95/98的共享目录密码有重大缺陷,可以被远程用户轻松破解,这个BUG是由很有名气的网络高手,海信集团的程序员袁哥发现的。 Another point not to blame I do not have to remind you, is careful WIN95/98 system shared directory, you should know that you share the contents of the net exposure to all users, for example, a 169 user directory can be shared within the network users to access all 169, If you are a real machine exclusive IP address, then your shared directory exposed to all internet users, the other, win95/98 shared directory password has significant flaws, remote users can be easily cracked, this BUG is very famous web master, Hisense Group, programmers Yuan brother found.
Tidak ada komentar:
Posting Komentar