|
Windows Security
- Disable some of these Windows services. Here are some links to
view which services can be disabled. Services can be configured from
the Control Panel's Administrative Tools.
- Uninstall MSN messenger, if you're not using it. It has been
known to contain security problems in the past, and Windows does not
easily allow you to totally remove it from your system. To remove it,
run this command from the "Run..." dialog or command
prompt "RunDll32
advpack.dll,LaunchINFSection
%windir%\INF\msmsgs.inf,BLC.Remove"
- Install the latest copy of Norton Anti-Virus, McAfee VirusScan
or some other reliable anti-virus software.
- Use a firewall. Computer firewalls keep
unwanted probes and unwanted internet traffic from accessing some of your
computers resources and information. The firewall that comes
with Windows XP is sufficient, but other firewall packages, like
Zone Alarm has more advanced
features that some people may want. The hardware firewall that some
broadband routers contain is also sufficient. Firewalls are not fool
proof, but they do reduce your risk to hackers and worms while using
the Internet.
- Always make sure that your e-mail client is set to the most
secure settings. It only needs to view e-mail, it doesn't need to view
web pages or run executables. Web pages can contain Javascript, ActiveX
or VBscript. Also viewing some spam with an image can be dangerous
since the viewed picture is really an executable on a web server
identifying your existence to the spammers.
- Stop many of the Windows programs from starting up by default.
For example, Yahoo! Messanger, AIM, MSN Messanger, RealPlayer and many
other programs have all required security updates, and you may not need
them.
- Run "regedit"
- Go to "HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run"
- Backup the key with "Registry|Export Registry File..." and
save it somewhere.
- Delete most of the keys that you don't need. Except the
following:
- (Default)
- Your Antivirus software
- Any others that you might need.
- You also can do steps 3-4 on the key "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run"
- Exit "regedit"
- Go to your Windows startup folder.
- Delete all the shortcuts that you don't need.
- From the run dialog or command prompt run "msconfig".
This will verify that you caught all of the places that start programs
when Windows starts up.
- Select the "startup" panel.
- Look at all of the programs that are started.
- Go to each location of each startup item (outside of
this program) and delete the keys or program shortcuts that you don't
need.
- For advanced users, you can install and run AutoRuns from Microsoft's sysinternals. This works the same way as msconfig, but it provides even more hidden locations on where programs are started up.
- Reboot your computer (notice how quickly it starts up now).
- Consider making backups of your files on a regular basis, and
put those backed up files in a secure location. If you didn't secure
your computer properly, at least you something to fallback to.
- Occasionally look at the events your OS logs from "Control
Panel|Administrative Tools|Event Viewer". Sometimes important
information is logged there.
- Never run IIS. Uninstall all of its services, including IIS on
workstations. It is very insecure, and most people don't need to run a
web server.
Advanced Windows Security
- You can use "netstat -an" or "netstat -ano"
for Windows XP from the command prompt to see what ports are open and
available to the network on your computer. Here is how you can disable
some of the ports that you see on a typical Windows machine.
After following the steps to close these ports, you need to restart
Windows after making these changes.
TCP/UDP Port | Usual Service Using The Port | Description On How To Close
The Port |
123 |
NTP |
Set the Windows Time service to manual. This will disable
automatic synchronization of your clock. |
135 |
RPC |
See the disable
DCOM page. You must disable DCOM and remove all default protocols
to close this port. |
445 |
Windows File Sharing (also known as CIFS, SMB, Samba) |
Create a DWORD key called the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\NetBT\Parameters\SmbDeviceEnabled and set it to 0. Set
the Workstation and Server services to manual, and remove Client for
Microsoft Networks from your network connections. |
500 |
IPSEC |
If you don't use VPN (Virtual Private Network), you can
set the IPSEC service to manual. |
1024 |
DCOM |
See the disable
DCOM page. You must disable DCOM to close this port. Removing all default protocols
from that dialog will also close port 135. |
5000 |
Universal Plug and Play |
Set the SSDP Discovery Service to manual. This is Network
Plug and Play. It has nothing to do with Plug and Play on a computer. |
- Some computers have more than one protocol installed. Normally,
you should only have TCP/IP installed for your modem or ethernet card.
If you are on a Windows domain or workgroup, you can have Windows
file and printer sharing enabled. NetBEUI and SPX are usually not
needed and they should be removed from your network connections and
DCOM settings.
- If you need to share files on the network, at least password
protect the shared directories.
- More advanced and detailed Windows security topics can be found
in the book "Windows Security Inside and Out."
|