Re: lock down personal Win XP workstation

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-07-28 sunsadm () gmail com wrote:
> Sometimes I am forced to use Windows XP. I only run a Usenet, web,
> IRC, mail, ssh client and music player. I regularly check for security
> fixes.
>
> To lock down my workstation I enable "Windows Firewall" to block all
> traffic expect the applications mentioned above. I enabled "Automatic
> Updates". Additionally I use "Security Configuration and Analysis" MMC
> console and apply the predefined security template called hisecws.inf.
> I don't use a virus scanner because I am not a license owner.
>
> How secure is this setup? Are there ways an attacker can break my
> system? Where are vulnerabilities? How would you break my system?

The measures you have taken are reasonable, but not sufficient. Some
attack vectors not covered by the measures you described above are:

- exploits against software you use to access the internet (e.g. IRC
  client, web browser)
- email "worms"
- infected media (e.g. the Sony rootkit)

I'd suggest the following as additional measures:

- Work as normal user, use accounts with administrative privileges only
  for administrative tasks.
- Do not use IE, OE or Windows Media Player. Use alternative programs
  instead (Mozilla, Firefox/Thunderbird, Opera, vlc, ...)
- Automatic Updates cover only Microsoft's software. Keep the other
  software up-to-date, too.
- Uninstall OE [1].
- Limit IE to localhost only (via the proxy settings). This can be
  tricky, though, but [2] may help.

As for virus scanners: you don't necessarily need one if you're
cautious, but they can be helpful at times (provided they're kept
up-to-date). If you don't want to buy a license: there are several
scanners free for at least personal use, e.g. AVG [3] or Avast [4].

[1] http://support.microsoft.com/default.aspx?scid=kb;en-us;263837
[2] http://jors.net/jor/ie.pac
[3] http://free.grisoft.com/
[4] http://www.avast.com/eng/avast_4_home.html

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------