Security Basics mailing list archives
Re: lock down personal Win XP workstation
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 1 Aug 2006 03:29:31 +0200
On 2006-07-28 sunsadm () gmail com wrote:
Sometimes I am forced to use Windows XP. I only run a Usenet, web, IRC, mail, ssh client and music player. I regularly check for security fixes. To lock down my workstation I enable "Windows Firewall" to block all traffic expect the applications mentioned above. I enabled "Automatic Updates". Additionally I use "Security Configuration and Analysis" MMC console and apply the predefined security template called hisecws.inf. I don't use a virus scanner because I am not a license owner. How secure is this setup? Are there ways an attacker can break my system? Where are vulnerabilities? How would you break my system?
The measures you have taken are reasonable, but not sufficient. Some attack vectors not covered by the measures you described above are: - exploits against software you use to access the internet (e.g. IRC client, web browser) - email "worms" - infected media (e.g. the Sony rootkit) I'd suggest the following as additional measures: - Work as normal user, use accounts with administrative privileges only for administrative tasks. - Do not use IE, OE or Windows Media Player. Use alternative programs instead (Mozilla, Firefox/Thunderbird, Opera, vlc, ...) - Automatic Updates cover only Microsoft's software. Keep the other software up-to-date, too. - Uninstall OE [1]. - Limit IE to localhost only (via the proxy settings). This can be tricky, though, but [2] may help. As for virus scanners: you don't necessarily need one if you're cautious, but they can be helpful at times (provided they're kept up-to-date). If you don't want to buy a license: there are several scanners free for at least personal use, e.g. AVG [3] or Avast [4]. [1] http://support.microsoft.com/default.aspx?scid=kb;en-us;263837 [2] http://jors.net/jor/ie.pac [3] http://free.grisoft.com/ [4] http://www.avast.com/eng/avast_4_home.html Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: lock down personal Win XP workstation Michael Krymson (Aug 01)
- Re: lock down personal Win XP workstation Mike Peppard (Aug 02)
- Re: lock down personal Win XP workstation Ivan . (Aug 02)
- Re: lock down personal Win XP workstation Gyenyami InvestinLoss (Aug 10)
- Re[2]: lock down personal Win XP workstation gmx (Aug 04)
- <Possible follow-ups>
- Re: lock down personal Win XP workstation Ansgar -59cobalt- Wiechers (Aug 01)