How to turn off network service information

Turn off the "source" of information harassment-reminder service In the local area network environment, I believe many friends have frequently received spam harassment from other workstations in the local area network, which has seriously affected their daily work. In fact, the "source" of these information harassment is because the Windows system may have opened Alert service or Messenger service. Microsoft's original intention is to bring convenience to network administrators to inform LAN users. However, with the strong attack of MSN and QQ communication tools, Alert service or Messenger service has little substantive effect, but its existence can bring convenience to illegal attackers to send malicious spam to LAN. 1. Reasons for shutting down An illegal attacker can send malicious spam to a specific workstation or a specific subnet in the local area network through a special spam mass sending tool or directly using the "net send" command built into the Windows system, thus achieving the purpose of destroying the normal work of a specific workstation or a specific subnet. Therefore, by default, workstation systems using Windows XP SP2 service pack will automatically turn off the alarm service or messenger service. For other types of workstation systems, once we see the alarm service or messenger service started, we can stop it manually, which can reduce the danger of the workstation system being attacked by spam. In addition to sending spam attacks to designated targets through alarm service or messenger service, some virus programs or Trojan horses will automatically replace alarm service or messenger service with their own virus files. Once we enable the alarm service or messenger service of the workstation system at will, we are actually helping the virus program or Trojan horse to carry out destructive operations. Because all system files corresponding to the alarm service or messenger service have been replaced by virus files, whenever we see that the alarm service or messenger service has been enabled under any circumstances, we must immediately close them. 2. Closing operation When closing the Alert service or Messenger service, we can execute the "Start"/"Run" command in turn, enter the string command "services.msc" in the pop-up system running box, and click Enter to open the service list interface of the workstation system; Double-click the reminder service or messenger service in the list interface to open the service attribute setting interface as shown in figure 1, click the stop button in the interface, set the startup type of the corresponding service to disabled, and finally click the OK button. Close the "channel" of information leakage-server service Some network administrators may encounter a strange phenomenon, that is, there is a file server in the company that stores important private information, and the server rarely shares the data content on the hard disk with other workstation users in the LAN. It is said that as long as the network administrator does not operate the file server, the hard disk signal light in the server should not keep flashing, but sometimes the opposite is true. Unfortunately, if the server's hard disk does not stop working when no one is operating, it is likely that the server's hard disk has become a "warehouse" for others to save data. I believe this fact is unacceptable to many people. In fact, this phenomenon is largely related to the server opening server service; The original intention of Microsoft to provide server services for managers is actually to facilitate managers to complete some file transfer operations in the LAN environment through shared services. However, once improperly used, server services are likely to become a "channel" for hackers to attack servers. 1. The reason for shutting down is that as long as the server service is enabled, an illegal attacker can log in to the server system through IPC, and then map each partition in the server hardware to the local disk of the illegal attacker with the help of the "net use" command built into the Windows server system, so that the illegal attacker can not only obtain important private information for himself at will, but also make a more vicious move, that is, copy some viruses or Trojan horses to the server, so that every move on the server can not escape the illegal attacker. Therefore, those network administrators who often manage the server should pay attention to it. If they seldom share information in the server, they should not hesitate to shut down the server service to cut off the "channel" for illegal attackers to access the private information of the server! 2. Closing operation When closing the server service in the server, we can execute the "Start"/"Run" command in turn, enter the string command "services.msc" in the pop-up system running box, and click Enter to open the service list interface of the server system; Double-click the server service in the list interface to open the service attribute setting interface as shown in Figure 2, click the Stop button in the interface to set the startup type of the corresponding service to disabled, and finally click the OK button.

Figure 2 Closes the "platform" of privacy exposure-scrapbook service. Some friends often like to copy and paste user name and password information, which seems to be very efficient. I don't know that this way of entering accounts often saves private information such as passwords in the local clipboard, but once the ClipBook service in the local system is started, some people with ulterior motives may connect to the local workstation through the network and remotely obtain all kinds of privacy saved in the local clipboard through the ClipBook service. Obviously, if the information stored in the local clipboard is your bank account number and password, opening the ClipBook network service at will may bring you huge economic losses. 1. Shutdown Reason Once the ClipBook network service is opened in the local workstation and the administrator account of the local system uses a weak password, an illegal attacker may crack the IPC login password by exhaustive methods. Once the password is successfully cracked, the illegal attacker can use IPC account to access the local workstation and access various shared resources of the local system at will. Moreover, an illegal attacker can open the clipboard viewer of the local workstation, and then execute the "Connect Remote Clipboard" menu command in the viewer interface, so as to obtain the private information saved in the local clipboard. 2. Close operation When you close the scrapbook service in the local workstation, you can first open the service list interface of the local workstation system according to the above operation method; Double-click the scrapbook service in the list interface to open the service attribute setting interface as shown in Figure 3, click the Stop button in the interface to set the startup type of the corresponding service to disabled, and finally click the OK button.

Fig. 3 "Path" to Close Hacker Intrusion-Remote Registry Service As we all know, the remote registry service provided by Microsoft Company for managers is designed to facilitate managers to remotely manage local systems through this service; However, once the service is enabled, any user connected to the network may illegally modify the registry of the local system through the service, and the registry is the core of the computer system. As long as a little change is made, some functions of the computer will be "abnormal", and in severe cases, the computer system will be "paralyzed" directly. 1. shutdown reason If the local workstation system has started the remote registry service, the hacker can only try to get the login password of the system administrator and log in to the local system through IPC, and then the hacker opens the registry editing window of his computer and executes the "File"/"Connect to the network registry" command in the menu bar of the editing window. In the subsequent computer selection dialog box, select the computer name of the local workstation and click the "OK" button. The hacker can enter the registry editing window of the local workstation system, and then only need to add network virus or Trojan in the startup item or other location of the system, so that the local workstation system will be maliciously attacked by hackers. Once the remote registry service is closed, no remote user can open the registry editing window of the local workstation, let alone destroy the registry. 2. Close operation When closing the remote registry service in the local workstation, you can first open the service list interface of the local workstation system according to the above operation method; Double-click the remote registry service in the list interface to open the service attribute setting interface as shown in Figure 4, click the Stop button in the interface to set the startup type of the corresponding service to disabled, and finally click the OK button.

Figure 4 Turn off the "carrier" of illegal attacks-Task Scheduler service Task Scheduler service was originally designed by Windows system to facilitate local users or remote users to arrange time reasonably, but some hackers will also use this service to execute virus destruction plans on local workstation systems. 1. Reasons for shutting down If the local workstation runs the task scheduler service, some hackers can first transfer virus programs or Trojan viruses to the hard disk of the local workstation through special methods, then use the built-in "net time" time of Windows system to check the current system time of the local workstation, and then create a task plan to run virus programs at an appropriate time through the "at" command. After the specified time, the local workstation will be "ravaged" by virus programs or Trojan horses pre-implanted in the hard disk. If we shut down the task scheduler service, hackers will not be able to create virus attack plans through the "at" command. 2. When closing the task scheduler service in the local workstation, you can first open the service list interface of the local workstation system according to the above operation method; Double-click the task scheduler service in the list interface to open the service attribute setting interface as shown in Figure 5, click the Stop button in the interface to set the startup type of the corresponding service to disabled, and finally click the OK button.

Editor's Note of Figure 5: In fact, each system service has its own existence value and built-in security mechanism. For example, the server service mentioned in this article can't share files normally without it. In addition, most security incidents caused by system services are caused by users' wrong settings rather than the service itself, such as too simple passwords. As long as the correct settings are made, most security problems should be solved. After all, we can't shut down all services because many services are what we need. However, shutting down some services that are not usually used can really reduce the chance of being attacked. But before closing, be sure to understand the functions of these services and make sure that you really don't need this service. Many inexplicable system failures are caused by related services not being started. Therefore, please shut down the service carefully. Source: Internet Forum