Security Basics mailing list archives

Re[2]: lock down personal Win XP workstation

From: gmx <pal_adam () gmx net>
Date: Thu, 3 Aug 2006 21:29:31 +0200

Hello Michael,

Make sure you dont have unsafe accounts turned on,
use ( compmgmt.msc ), the other view wont provide all info.
Make sure such accounts as guest and so on are turned OFF,
Avoid nullsessions, make sure _every_ account is password protected,
there should be no account which can be entered by no password.

Disable also useless functions, you can use msconfig for that, but
always consult some web-faq`s when you are not experienced.
Eg. if you dont need DHCP client, you can turn it off (can be
misused).
Messenger service an be also turned off ( services.msc ).
If more users use the PC, autoplay function should be disabled too
(gpedit.msc).

Just my 2 cents


cheers!
Adam


Tuesday, August 1, 2006, 6:16:56 AM, you wrote:

<==============Original message text===============
MK> I would definitely not use IE (use Firefox) nor use Outlook (Thunderbird?).

MK> Make sure your local administrator account password is secure.

MK> Clanwin is a free antivirus product which I highly recommend (I am with
MK> you, why pay for it?).

MK> IRC is cleartext, I believe, so if you're on a laptop, be sure you use
MK> IRC over public wireless sparingly. Sames goes for mail. Also for a
MK> laptop with wireless, be sure Windows is set to not automatically
MK> connect to any open wireless in the area.

MK> The good thing about your setup is that you know what you're using it
MK> for, and nothing else. Anything else odd will hopefully stick out,
MK> including errant processes and such.

MK> Those are just some ways I would attack you if you were a mark. If
MK> you're on a desktop, you don't have much to worry about other than email
MK> attachments and viewing web pages in IE. If you're on a laptop, I can
MK> learn a lot about you at a public hotspot, such as your email address (I
MK> can then send you crafted stuff), your SSH servers that you connect to,
MK> your IRC servers, etc. I can learn a lot and possibly prey on you
MK> directly, but it all requires you to be careless. Sounds like you're
MK> pretty vigilant as it is, so that should be ok.

MK> sun sadm wrote:

Hi colleague,

Sometimes I am forced to use Windows XP. I only run a Usenet, web,
IRC, mail, ssh client and music player. I regularly check for security
fixes.

To lock down my workstation I enable "Windows Firewall" to block all
traffic expect the applications mentioned above. I enabled "Automatic
Updates". Additionally I use "Security Configuration and Analysis" MMC
console and apply the predefined security template called hisecws.inf.
I don't use a virus scanner because I am not a license owner.

How secure is this setup? Are there ways an attacker can break my
system? Where are vulnerabilities? How would you break my system?

Nico

---------------------------------------------------------------------------

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



MK> ---------------------------------------------------------------------------
MK> This list is sponsored by: Norwich University

MK> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
MK> The NSA has designated Norwich University a center of Academic Excellence
MK> in Information Security. Our program offers unparalleled Infosec management
MK> education and the case study affords you unmatched consulting experience.
MK> Using interactive e-Learning technology, you can earn this esteemed degree,
MK> without disrupting your career or home life.

MK> http://www.msia.norwich.edu/secfocus
MK> ---------------------------------------------------------------------------

<===========End of original message text===========




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: lock down personal Win XP workstation Michael Krymson (Aug 01)
- Re: lock down personal Win XP workstation Mike Peppard (Aug 02)
- Re: lock down personal Win XP workstation Ivan . (Aug 02)
  - Re: lock down personal Win XP workstation Gyenyami InvestinLoss (Aug 10)
- Re[2]: lock down personal Win XP workstation gmx (Aug 04)
- <Possible follow-ups>
- Re: lock down personal Win XP workstation Ansgar -59cobalt- Wiechers (Aug 01)