Security Basics mailing list archives
RE: XP box maintainance and lockdown
From: "Jones, Steve" <sjones () LMIT com>
Date: Wed, 31 Dec 2003 13:12:23 -0600
It's always a good idea to rename the Administrator account. Try renaming your Administrator account to Guest(you'll also need to rename the original Guest account). I mean, who the hell would want access to the guest account anyway? ;) -Steve -----Original Message----- From: J. Yoon [mailto:supercool9000 () hotmail com] Sent: Tuesday, December 30, 2003 1:30 PM To: security-basics () securityfocus com Subject: XP box maintainance and lockdown I'm doing a routine maintainance and locking down an XP box Please advise if there's anything I've missed. Preliminaries : run a simple disk cleanup, spyware scan, and a quick virus scan Hardware Drivers. - Update all Drivers for soundcard/diskcontrollers/videocards/usb/etc/... - Update BIOS and do a new flash if needed. - Update Router firmware Software Patches - download latest XP patches from windowsupdate.microsoft.com - download latest virus definitions (I'm using 2 virus scanners, Grisoft AVG http://www.grisoft.com and Norton Antivirus ) - download latest updates for your IDS or software Firewall (such as Sygate Personal Firewall from http://smb.sygate.com/support/documents/spf/spf_download.htm ) (By the way, is there any significant benefit in using a software firewall if i already have a router.. other than it working like an IDS)? - latest updates for Ad-Aware (a spyware removal software from www.lavasoft.de/software/adaware/ ) Scan / Fix (Unplug computer from internet at this point in time) - run a full system cleanup and get rid of all cookies/temp files/junk/ etc - run a full spyware scan using "deep scan" - run virus scan to check for ALL files with heuristics (and/or 'houndog') turned on, - run scandisk or diskdoctor of some sort - run a full defragmentation using defrag/speedisk/diskkeeper of some sort Account configuration - change all passwords so that it has a combination of upper/lowercase letters, numbers, and does not use any words from the dictionary from any language - create a user account for yourself and others so that you don't get in the habit of using the administrator account all the time. Router Configuration - take care of any license issues - disable all ports/services (so that we can enable services on a "need"-only basis) - Refer to history/log of applications that has been running to obtain protocol, local port, remote port, and IP address needed to grant access. - If additional security is needed, assign to mac address instead of IP For Sygate Personal Firewall only : - Enable intrusion detection, port scan detection, anti-mac spoofing, anti-ip spoofing - Enable driver level protection, OS fingerprint masquerading - configure so that it blocks all traffic when service not loaded - enable stealth mode browsing but disable this if too much problem seems to occur. - Enable DLL authentitation and check automatically allow known DLL's - enable smart DNS, smart DHCP, and SmartNETBIOS - Automatically block attackers IP for.. a number of seconds - you may also want to set it so that it notifies you via email of any attacks. Browser Configuration - disable all scripting, java, flash, active-x, and plug-ins and enable only as needed - delete all existing cookies - disable 3rd-party cookies and/or set cookie policy according to privacy settings - configure popup window blocking feature if needed - use encryption when storing sensitive data - configure so that it warns you if you're entering/leaving unecrypted page - configure client certificate selection and CRL/OCSP (certificate status protocol) as needed Mail Configuration - set any POP/Mail clients to use encryption/ SSL so that passwords are not sent unencrypted - disable cookies in Mail and Newsgroups - disable defaut viewing of images as they can be used for tracking purposes by spammers - set a filter so that any email address that does not contain the @ "at sign" and . "dot" are automatically rejected. - you may also wish to set a filter so that if your own email address does not appear in the "To:" or "CC:" field, the email be considered as spam. Access Control - set and verify folders that need to have access restrictions - enable ecryption on private files if necessary Recovery Disk - make a boot disk from your Operating System - make a password recovery disk - make a virus boot disk as well now you have 3 ways to get back on your feet in case something happens Test - Run a port scanner such as Blue Globe Software, for example, offers a program called Port Scanner (www.islandnet.com/~cliffmcc/portscanner.html) Raw Logic Software's NetView Scanner (www.rawlogic.com/products.html) provides details about vulnerable ports and additional tools for detecting network clients that have Windows file and print sharing enabled I've heard that Nessus is also great. i suppose you can use others such as Insecure.org's NMAP (www.insecure.com/nmap) and cotse but i don't know if they work on XP. Backup - locate and backup private keys and additional configuration files - backup all the latest drivers you've downloaded so far - make a full backup to a removable storage Opt-Out / Proactive Privacy protection - goto www.doubleclick.com and search for a link where you can tell them not to track or abuse your personal information - not posting private email or personal information when posting to online newsgroups or mailing lists may also help - not sure if they are still in effect but the national donotcall registry might help reduce some unwanted spams _________________________________________________________________ Enjoy a special introductory offer for dial-up Internet access - limited time only! http://join.msn.com/?page=dept/dialup --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: XP box maintainance and lockdown Jones, Steve (Jan 02)
- <Possible follow-ups>
- RE: XP box maintainance and lockdown Shawn Jackson (Jan 02)
- Re: XP box maintainance and lockdown Jimi Thompson (Jan 05)