15 minute guide-xp lockdown

15 minute Windows XP15 minute Windows XPLockdownLockdown

Johnny LongJohnny Longhttp://johnny.http://johnny.ihackstuffihackstuff.com.com

The BIG DisclaimerThe BIG Disclaimer

λλ This presentation is based on theThis presentation is based on theSecurityFocus SecurityFocus Checklist by Scott Checklist by Scott GrannemanGrannemanentitled entitled ““A Home User's Security Checklist forA Home User's Security Checklist forWindowsWindows““

λλ Download and use this:Download and use this:http://www.http://www.securityfocussecurityfocus.com/columnists/220.com/columnists/220

λλ Scott did the work. IScott did the work. I’’m here to spread them here to spread theword, keep it simple and show how it can beword, keep it simple and show how it can beabused.abused.

λλ Basic Windows security is possible, and it onlyBasic Windows security is possible, and it onlytakes 15 minutes.takes 15 minutes.

Fix: Know what youFix: Know what you’’re runningre running

λλ ItIt’’s important that you keeps tabs ofs important that you keeps tabs ofthe programs you are running.the programs you are running.

λλ One way to do this is to keep an eye onOne way to do this is to keep an eye onyour task bar in the lower-right of youryour task bar in the lower-right of yourdesktop.desktop.


λλ Hovering the mouse over these iconsHovering the mouse over these iconsshould give you a popup message.should give you a popup message.

λλ Be sure to expand the task list byBe sure to expand the task list byclicking the arrow.clicking the arrow.

λλ Right-click on the icons to get a menu.Right-click on the icons to get a menu.


λλ Get to know these programs.Get to know these programs.λλ Stop programs that donStop programs that don’’t belong.t belong.λλ Many file sharing programs show up inMany file sharing programs show up in

the task bar.the task bar.

Fix: Know what youFix: Know what you’’re runningre runningAnother (better) way to

see running programs isthrough task manager.

Press CTRL-ALT-DEL atthe same time to get to

task manager.Click Applications tab.Kill ‘bad’ applications.

Delete applicationsDelete applications

λλ If you find a If you find a ‘‘badbad’’ program (file sharing, program (file sharing,etc) remove it.etc) remove it.

λλ Get into the Get into the ““Control PanelControl Panel””

Delete ApplicationsDelete Applications

λλ Control Panel may look like this. SelectControl Panel may look like this. Select““Add / Remove ProgramsAdd / Remove Programs””

Delete ProgramsDelete Programs

λλ DonDon’’t go too crazy, but learn whatt go too crazy, but learn whatthese are. Delete unneeded programs.these are. Delete unneeded programs.

Fix: Good, Strong PasswordsFix: Good, Strong Passwords

λλ All accounts on your machine shouldAll accounts on your machine shouldhave strong passwords.have strong passwords.

λλ Unless you know what youUnless you know what you’’re doing,re doing,every account should have a passwordevery account should have a password

λλ Strong Passwords:Strong Passwords:λλ Never appear in any dictionaryNever appear in any dictionaryλλ Contain upper and lower case characters,Contain upper and lower case characters,

numbers and special charactersnumbers and special characters

Fix: Accounts with bad passwordsFix: Accounts with bad passwords……

All accountsshould read“passwordprotected!”If not, set a

strongpassword forthe account!

“Control Panel” ->“User Accounts”

brings up the UserAccount Manager.

Fix: Windows FirewallFix: Windows Firewall

λλ Windows has a built-in firewall that has aWindows has a built-in firewall that has aminimum of features, but is better thanminimum of features, but is better thannothing.nothing.

λλ You can even run the Windows firewall if youYou can even run the Windows firewall if youalready have a firewall.already have a firewall.

λλ If you bought a software firewall, it mayIf you bought a software firewall, it mayautomatically disable the Windows firewall.automatically disable the Windows firewall.This is OK, as long as you keep that firewallThis is OK, as long as you keep that firewallrunning!running!

Fix: Windows FirewallFix: Windows FirewallStart Menu -->Settings -->Network Connections…

Right-Click your InternetAdapter and choose

“Properties”

Fix: Windows FirewallFix: Windows FirewallClick the Advanced tab to find

the option for “InternetConnection Firewall”.

Checking this box turns onyour firewall.

Turning off the firewall(unchecking this box)

produces a warning message.

Fix: Windows FirewallFix: Windows FirewallFrom the Advanced Tab,

click “Settings”

The Services Tab allowsyou to select which

services to allow throughthe firewall. Checkedservices are allowedthrough. Only checkservices if you knowwhat you’re doing…



The Security Logging taballows for various

logging options. Bydefault, nothing islogged! Select “log

dropped”, “logsuccessful” or both to

enable logging.

Fix: Windows FirewallFix: Windows FirewallA “dropped packets” log

might look like this

This log shows information including the date, packet type, and the IPaddress that sent it. This keeps a list of potential attackers.



The “ICMP” tab blocks ICMPmessages by default. AlthoughICMP (the protocol that handlesPING) is fairly benign, it can beused my accomplished hackers

to gather info about yourcomputer. Keep these options

unchecked.

Fix: Test your InternetFix: Test your InternetExposureExposure

The “Shields up”program allows you toscan your machine forvulnerabilities from the

Internet. Run Shields Upoften!

http://grc.com

Problem: Out of DateProblem: Out of DateSoftwareSoftware

λλ ItIt’’s a statistical fact that older softwares a statistical fact that older softwarehas more discovered security holes thanhas more discovered security holes thannewer versions of that software.newer versions of that software.

λλ The easiest way to stay on top of theThe easiest way to stay on top of thelatest security fixes is windows updatelatest security fixes is windows update

Fix: Windows UpdateFix: Windows Update

One way to get intoWindows Update

Settings is via right-clicking on

“My Computer”,selecting “Properties”

and selecting the“Automatic Updates”

Tab.


Another way isfrom Start -->

“Help andSupport Center”

click“WindowsUpdate”


λλ Never follow software updateNever follow software updateinstructions sent via email.instructions sent via email.

λλ This technique is called This technique is called ““phishingphishing”” and andopens the door for malicious usersopens the door for malicious users

Fix: Application updatesFix: Application updates

λλ Always keep on top of updates for applicationAlways keep on top of updates for applicationsoftware you install.software you install.

λλ Keep a list of apps you install and the websiteKeep a list of apps you install and the websitefor that product.for that product.

λλ For example, visitFor example, visithttp://office.microsoft.com/officeupdatehttp://office.microsoft.com/officeupdate for forupdates to MS Office products.updates to MS Office products.

λλ Remember- Microsoft Update does notRemember- Microsoft Update does notnecessarily update all the software on yournecessarily update all the software on yourcomputer!computer!

Problem: Malicious codeProblem: Malicious code

λλ Regardless of your protection from theRegardless of your protection from thenetwork, viruses and other types ofnetwork, viruses and other types ofmalicious code can cause disruption ormalicious code can cause disruption oraffect the security of your computer.affect the security of your computer.

Fix: Anti-Virus ProgramsFix: Anti-Virus Programs

λλ An anti-virus program should be installedAn anti-virus program should be installedλλ The software should be set to:The software should be set to:

λλ automatically scan the computer at least once aautomatically scan the computer at least once adayday

λλ automatically scan email messagesautomatically scan email messagesλλ allow scanning of Instant Messaging downloadsallow scanning of Instant Messaging downloadsλλ automatically update virus signatures via the webautomatically update virus signatures via the web

Fix: Anti-Virus ProgramsFix: Anti-Virus Programs

λλ AVG is free. http://free.AVG is free. http://free.grisoftgrisoft.com.com

Problem: Malicious EmailProblem: Malicious Email

λλ Email is often used to propagateEmail is often used to propagatemalicious codemalicious code

λλ Depending on the configuration of yourDepending on the configuration of youremail reader, malicious code can enteremail reader, malicious code can enteryour system without even being readyour system without even being read

λλ ““Web bugsWeb bugs”” can track your location and can track your location andyour activitiesyour activities

Attack: Fake Email scamsAttack: Fake Email scams……

Malicious userscan pose as

respected websites via email. Is

this real? How canyou know?

If you trust thesite, go to the

website by typingthe URL in yourbrowser. Don’t

click links in email!

Fix: Email reader configurationFix: Email reader configuration

λλ Turn off the preview paneTurn off the preview paneλλ Always know who an email is from before youAlways know who an email is from before you

open itopen it

λλ Disable Disable JavascriptJavascriptλλ HTML-based email is nice, but HTML-based email is nice, but Javascript Javascript in anin an

email message can be very dangerousemail message can be very dangerous

λλ Go offlineGo offlineλλ Email tracking (web bugs) do not work in offlineEmail tracking (web bugs) do not work in offline

mode.mode.

Fix: Email safetyFix: Email safety

λλ Never open attachments that areNever open attachments that areprogramsprograms

λλ Only open attachments that you areOnly open attachments that you areexpectingexpecting

λλ Always scan attachments for viruses,Always scan attachments for viruses,even if you think your virus scanner iseven if you think your virus scanner isdoing it automatically.doing it automatically.

Fix: Email safetyFix: Email safety

λλ Never reply to spam, even to beNever reply to spam, even to be““removedremoved”” from their mailing list from their mailing list

λλ Remember that secure web sites willRemember that secure web sites willnever request you to change yournever request you to change yourpassword, enter your PIN, or answerpassword, enter your PIN, or answerother sensitive questions via emailother sensitive questions via email

Problem: Browser SecurityProblem: Browser Security

λλ There are many different ways anThere are many different ways anattacker can deliver malicious code viaattacker can deliver malicious code viayour web browser.your web browser.

λλ Configure your web browser safely.Configure your web browser safely.λλ Scott wrote a terrific article entitledScott wrote a terrific article entitled

““Securing PrivacySecuring Privacy““ available from available fromhttp://www.http://www.securityfocussecurityfocus.com/.com/infocusinfocus/1585/1585

Fix: Web Browser SecurityFix: Web Browser SecurityTestsTests

λλ Run browser security checks regularly.Run browser security checks regularly.λλ The Browser Security TestThe Browser Security Test

λλ http://bcheck.scanit.be/bcheck/http://bcheck.scanit.be/bcheck/

λλ PC FlankPC Flank’’s Testss Testsλλ http://www.pcflank.com/about.htmhttp://www.pcflank.com/about.htm

λλ Jason LevineJason Levine’’s Toolboxs Toolboxλλ http://www.http://www.jasonsjasons-toolbox.com/-toolbox.com/BrowserSecurityBrowserSecurity//

Problem: Problem: SpywareSpyware

λλ Spyware Spyware is software designed to trackis software designed to trackInternet users.Internet users.

λλ This invasion of privacy can also beThis invasion of privacy can also bedisruptive and subversive to your onlinedisruptive and subversive to your onlineactivities.activities.

Fix: Anti-Fix: Anti-Spyware Spyware ProgramsPrograms

λλ You should install and implement andYou should install and implement andanti-anti-spyware spyware program.program.

λλ You should keep up with updates,You should keep up with updates,automatically if the program allows it.automatically if the program allows it.

λλ http://www.anti-spyware-review.toptenreviews.com/http://www.anti-spyware-review.toptenreviews.com/

lists reviews of the most popular anti-lists reviews of the most popular anti-spyware spyware programs.programs.

ClosingClosing

λλ Be sure to download ScottBe sure to download Scott’’s completes completechecklist for all the details.checklist for all the details.λλ http://www.securityfocus.com/columnists/220http://www.securityfocus.com/columnists/220

λλ This presentation can be downloadedThis presentation can be downloadedfrom my websitefrom my websiteλλ http://johnny.ihackstuff.comhttp://johnny.ihackstuff.com

15 minute guide-xp lockdown

Documents