Omnisecure.net

Windows Security

• Disable some of these Windows services. Here are some links to view which services can be disabled. Services can be configured from the Control Panel's Administrative Tools.
  • Snakefoot's WinNT, Win2k, WinXP Services
  • Windows XP Home and Professional Service Configurations by Black Viper
  • 3DSpotlight Windows XP Services Tweak Guide
  • At least set the "Remote Registry Service" to manual.
• Uninstall MSN messenger, if you're not using it. It has been known to contain security problems in the past, and Windows does not easily allow you to totally remove it from your system. To remove it, run this command from the "Run..." dialog or command prompt "RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove"
• Install the latest copy of Norton Anti-Virus, McAfee VirusScan or some other reliable anti-virus software.
• Use a firewall. Computer firewalls keep unwanted probes and unwanted internet traffic from accessing some of your computers resources and information. The firewall that comes with Windows XP is sufficient, but other firewall packages, like Zone Alarm has more advanced features that some people may want. The hardware firewall that some broadband routers contain is also sufficient. Firewalls are not fool proof, but they do reduce your risk to hackers and worms while using the Internet.
• Always make sure that your e-mail client is set to the most secure settings. It only needs to view e-mail, it doesn't need to view web pages or run executables. Web pages can contain Javascript, ActiveX or VBscript. Also viewing some spam with an image can be dangerous since the viewed picture is really an executable on a web server identifying your existence to the spammers.
• Stop many of the Windows programs from starting up by default. For example, Yahoo! Messanger, AIM, MSN Messanger, RealPlayer and many other programs have all required security updates, and you may not need them.
  1. Run "regedit"
  2. Go to "HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run"
  3. Backup the key with "Registry|Export Registry File..." and save it somewhere.
  4. Delete most of the keys that you don't need. Except the following:
     • (Default)
     • Your Antivirus software
     • Any others that you might need.
  5. You also can do steps 3-4 on the key "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run"
  6. Exit "regedit"
  7. Go to your Windows startup folder.
  8. Delete all the shortcuts that you don't need.
  9. From the run dialog or command prompt run "msconfig". This will verify that you caught all of the places that start programs when Windows starts up.
     1. Select the "startup" panel.
     2. Look at all of the programs that are started.
     3. Go to each location of each startup item (outside of this program) and delete the keys or program shortcuts that you don't need.
  10. For advanced users, you can install and run AutoRuns from Microsoft's sysinternals. This works the same way as msconfig, but it provides even more hidden locations on where programs are started up.
  11. Reboot your computer (notice how quickly it starts up now).
• Consider making backups of your files on a regular basis, and put those backed up files in a secure location. If you didn't secure your computer properly, at least you something to fallback to.
• Occasionally look at the events your OS logs from "Control Panel|Administrative Tools|Event Viewer". Sometimes important information is logged there.
• Never run IIS. Uninstall all of its services, including IIS on workstations. It is very insecure, and most people don't need to run a web server.

Advanced Windows Security

• You can use "netstat -an" or "netstat -ano" for Windows XP from the command prompt to see what ports are open and available to the network on your computer. Here is how you can disable some of the ports that you see on a typical Windows machine. After following the steps to close these ports, you need to restart Windows after making these changes.
  

  TCP/UDP Port	Usual Service Using The Port	Description On How To Close The Port
  123	NTP	Set the Windows Time service to manual. This will disable automatic synchronization of your clock.
  135	RPC	See the disable DCOM page. You must disable DCOM and remove all default protocols to close this port.
  445	Windows File Sharing (also known as CIFS, SMB, Samba)	Create a DWORD key called the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\NetBT\Parameters\SmbDeviceEnabled and set it to 0. Set the Workstation and Server services to manual, and remove Client for Microsoft Networks from your network connections.
  500	IPSEC	If you don't use VPN (Virtual Private Network), you can set the IPSEC service to manual.
  1024	DCOM	See the disable DCOM page. You must disable DCOM to close this port. Removing all default protocols from that dialog will also close port 135.
  5000	Universal Plug and Play	Set the SSDP Discovery Service to manual. This is Network Plug and Play. It has nothing to do with Plug and Play on a computer.

• Some computers have more than one protocol installed. Normally, you should only have TCP/IP installed for your modem or ethernet card. If you are on a Windows domain or workgroup, you can have Windows file and printer sharing enabled. NetBEUI and SPX are usually not needed and they should be removed from your network connections and DCOM settings.
• If you need to share files on the network, at least password protect the shared directories.
• More advanced and detailed Windows security topics can be found in the book "Windows Security Inside and Out."