Re: lock down personal Win XP workstation

[Mike Peppard <mpeppard () impole com>]

How secure depends on what programs and versions you are currently using 
as well as what ports and applications you have running. It changes 
almost daily.

I suggest first run a port scan on the laptop to see if anything is 
listening on your computer.

Second, OK maybe first... I suggest you should seriously consider a 
virus program. It's small change compared to having to waste a few days 
reinstalling XP and searching for whatever program you forgot to backup.

Third, Windows is inherently unsecured with or without the "firewall" 
on. I suggest using a VPN to connect to a business class hardware 
firewall with real protection. That means you VPN to the business 
network with everything but the tunnel shut off and use it's protection 
to browse the web, or do what ever you need to do.

Fourth, why do you ask? I don't know, but you might want to look into 
the new encryption programs like TrueCrypt, which make it very difficult 
for people to read your data without a key. You can decrypt a drive when 
not attached to a network and know it doesn't matter if they access your 
drive when you're attached to the network because sensitive data is 
encrypted and the password is on a usb drive in your pocket.

Deposit 2c to the charity of your choice
-Mike
> > Hi colleague,
> >
> > Sometimes I am forced to use Windows XP. I only run a Usenet, web,
> > IRC, mail, ssh client and music player. I regularly check for security
> > fixes.
> >
> > To lock down my workstation I enable "Windows Firewall" to block all
> > traffic expect the applications mentioned above. I enabled "Automatic
> > Updates". Additionally I use "Security Configuration and Analysis" MMC
> > console and apply the predefined security template called hisecws.inf.
> > I don't use a virus scanner because I am not a license owner.
> >
> > How secure is this setup? Are there ways an attacker can break my
> > system? Where are vulnerabilities? How would you break my system?
> >
> > Nico
> >
> > ---------------------------------------------------------------------------
> >
> > This list is sponsored by: Norwich University
> >
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The NSA has designated Norwich University a center of Academic
> > Excellence in Information Security. Our program offers unparalleled
> > Infosec management education and the case study affords you unmatched
> > consulting experience. Using interactive e-Learning technology, you
> > can earn this esteemed degree, without disrupting your career or home
> > life.
> >
> > http://www.msia.norwich.edu/secfocus
> > ---------------------------------------------------------------------------
> >
> >
> >
> >     
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>
>   

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------