By default, Windows has many open ports. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to turn your system into an iron wall, you should close these ports, mainly TCP 135,139,445,593, 1025 and UDP 135, 137,/kloc-0. The following describes how to close these network ports under WinXP/2000/2003:

Step 1: Click Start Menu/Settings/Control Panel/Management Tools, double-click to open the local security policy, select the IP security policy on the local computer, right-click the blank position in the right pane to pop up the shortcut menu, and select Create IP security policy (as shown in the right figure), and a wizard will pop up. Click Next in the wizard to name the new security policy; Press Next again, and the Secure Communication Request screen will be displayed. Remove the check mark to the left of "Activate default mapping rule" on the screen, and then click "Finish" to create a new IP security policy.

Step 2: Right-click the IP security policy, remove the hook on the left side of the Use Add Wizard in the properties dialog box, then click Add to add a new rule, and then the new rule properties dialog box pops up, and then click Add to pop up the IP filter list window. In the list, first remove the check mark on the left of "Use the Add Wizard", and then click the "Add" button on the right to add a new filter.

Step 3, enter the Filter Properties dialog box. The first thing you see is the address. Select "any IP address" as the source address and "My IP address" as the destination address. Click the "Protocol" tab, select "TCP" in the "Select Protocol Type" drop-down list, then enter "135" in the text box under "To this port" and click the "OK" button (as shown in the left figure), thus adding a filter to block the TCP 135(RPC) port.

Click OK and return to the filter list dialog box. You can see that a policy has been added. Repeat the above steps, continue to add TCP 137, 139, 445, 593 ports and UDP 135, 139, 445 ports, and establish corresponding filters for them.

Repeat the above steps, add the shielding policies of TCP ports 1025, 2745, 3 127, 6 129 and 3389, establish the filters of the above ports, and finally click OK.

Step 4: In the "New Rule Properties" dialog box, select "New IP Filter List", then click the circle on its left to add a dot to indicate that it has been activated, and finally click the "Filter Action" tab. In the Filter Actions tab, remove the hook to the left of Using the Add Wizard, click the Add button, and then add the Block action (right): in the Security Measures tab of the New Filter Action Properties, select Block, and then click the OK button.

Step 5: Enter the "New Rule Attribute" dialog box and click "New Filter Action". A dot will be added in the circle on the left to indicate that it has been activated. Click Close to close the dialog box; Finally, return to the "New IP Security Policy Properties" dialog box, check the "New IP Filter List" on the left, and then press "OK" to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and select Assign.

So after the restart, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer.