A SID is a variable-length binary value used to identify entities acting in a window system.
In the windows system, the administrator‘s UID is 500, the normal user’s UID start from 1000
All user's passwords are stored in the file which is located in C:\windows\system32\config\SAM with their own hash value.
The type of the account in the window is varied but mainly we are focus on are
Administrator
Guest
System
The type of services group also varied but we should pay more attention about:
System
Local services
Network service
The DOS command
net user (user name)(new password) # change password
Net user (user name)(password) /add#add new user
Net user (user name)# check the user account information
Net user ( user name)(password ) /del#delete user
Net user (user name) / active:yes/no# active or not account
net localgroup#check the local group
net localgroup (groupname)# check the localgroup name
net localgroup (groupname)/add#create group
net localgroup (groupname)(username) /add#add new member to group
net localgroup (groupname)(username /del#delete member from group
net share#list out the share file
net share (sharename) /del#delet files
about the port 445
I recommend blocking port 445 on internal firewall to segment your network.this will prevent internal spreading of the ransomware. Note that blocking TCP 445 will prevent file and printer sharing. Wannacry ransomware is spreading by port 445.
Check your opened port on your computer use the commandnetstat -an
If you identify the number 445 and that is the time to action
UseWIN +Rto open the run
Then typeservices.msc
Find service then set startup type to disabled
also to maintain your safety online environment we should always keep eyes on the most common ports which hackers may use to invade and monitor your system
Port numberprotocol
23telnet
445SMB
3389RDP(remote desktop protocol)
67/68DHCP
53DNS
80HTTP
443HTTPS
20/21FTP
22SSH
25SMTP
1433SQL
1521ORACLE
3306MYSQL
FAQs
We also recommend blocking port 445 on internal firewalls to segment your network and prevent lateral movement – this will prevent internal spreading of the ransomware.
Why is port 445 blocked? ›
Hackers have used port 445 to infiltrate devices on a network, most famously by the WannaCry ransomware attack.
How do I stop port 445 from listening? ›
Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 445 under specific local ports, select TCP and press next.
Does port 445 need to be open? ›
Port 445 is a Microsoft networking port which is also linked to the NetBIOS service present in earlier versions of Microsoft Operating Systems. It runs Server Message Block (SMB), which allows systems of the same network to share files and printers over TCP/IP. This port shouldn't be opened for external network.
Why is port 445 vulnerable? ›
The cybersecurity risks of TCP 445
Despite its utility, TCP 445's open nature can also be its Achilles' heel, exposing networks to unauthorized access and malicious exploits. Cybercriminals can leverage vulnerabilities in this port to inject malware, ransomware, or carry out Denial of Service (DoS) attacks.
Why should you close ports? ›
Open port vulnerabilities pose a significant security risk to your organization. If left exposed, ports are a gateway for hackers to breach your network and steal your data.
How do I unblock 445? ›
It's likely that your ISP is blocking the port on their end. It's recommended to reach out to your ISP's customer support to request that they unblock port 445.
How do I check if my ISP is blocking port 445? ›
On the diagnostics page, you can check the status for both ports 445, and 1433, and internet speed. If either 445 or 1433 are blocked you will receive an error when performing the respective test. For internet speed, if you are in an office environment, we recommend a minimum of 50 Mbps each way (Download & Upload).
How to secure port 445? ›
Use firewalls to block incoming and outgoing SMB traffic from external sources. This measure is particularly important for port 445, which should never be accessible from the internet.
How to check if a 445 port is open? ›
Type: “netstat –na” and hit enter. Find port 445 under the Local Address and check the State. If it says Listening, your port is open.
Here are the steps for Windows:
- Find the process ID (PID) of the port (replace the 'portNumber' with the number) netstat -ano | findstr :portNumber. Copy the PID number for the next step.
- Kill the process. First, try this (replace typeyourPIDhere with the number you copied above): taskkill /PID typeyourPIDhere /F.
What Windows service uses port 445? ›
Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing.
What app uses port 445? ›
Today, port 445 is used by Microsoft Directory Services for Active Directory (AD) and for the Server Message Block (SMB) protocol over TCP/IP.
What is the port 445 for file sharing? ›
Windows uses port 445 for file sharing across the network. From Windows 2000 onward, Microsoft changed SMB to use port 445. Microsoft directory services, often known as Microsoft-DS, use port 445. TCP and UDP protocols both use port 445 for numerous Microsoft services.
What is the difference between port 139 and 445? ›
SMB uses either IP port 139 or 445. Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack.
Which ports should be closed on firewall? ›
2. What are risky network ports?
- Ports 137 and 139 (NetBIOS over TCP) and 445 (SMB)
- Port 22 (SSH)
- Port 53 (DNS)
- Port 25 (SMTP)
- Port 3389 (remote desktop)
- Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)
- Ports 20 and 21 (FTP)
- Port 23 (Telnet)
Which TCP ports should be closed? ›
Common High-Risk Ports
Port | Protocol | Recommended Action |
---|
25 | TCP | Disable always. Use SMTPS instead. |
110 | TCP | Disable always. Use POP3S instead. |
143 | TCP | Disable always. Use IMAPS instead. |
80, 8000, 8080, and 8888 | TCP | Disable recommended. Use HTTPS instead. |
28 more rowsApr 6, 2023
Should port 443 be open or closed? ›
Network Security: While keeping Port 443 open is crucial for secure web communication, it's also important to implement additional security measures: Firewall Configuration: Ensure that your firewall is properly configured to allow only necessary traffic on Port 443 while blocking potentially harmful requests.
Why block outgoing ports? ›
Monitoring and controlling outbound traffic via firewall rules are important tasks for security teams as they can prevent the exfiltration of sensitive data or other activities involving malware and malicious insiders.