Windows XP Security
(Page 1 of 6 )
With always-on connections to the Internet becoming more and more common, it becomes increasingly important to secure your Windows XP computer. This article will help you to protect it from outside threats. It is taken from chapter four of
Hardening Windows by Jonathan Hassell (Apress, 2004; ISBN: 1590592662).
THE ADVENT OF ALWAYS-ON connections and the increase of business connectivity to the Internet has resulted in Windows XP computers being directly connected to the Internet, which is a hotbed of potentially dangerous people and computers. In this chapter, you’ll look at ways to specifically protect your Windows XP computers from threats that reside abroad.
Implementing a Firewall It’s simply a given that on Windows XP, you should install a firewall. If you have a case of the cheaps, you should use the included Internet Connection Firewall (ICF) to control access to services running on the machine. It’s a simple process to configure the ICF, and by doing so you harden the exterior interfaces to the machine from public access.
To configure the ICF, do the following:
- Open Control Panel, and double-click Network Connections.
- Double-click the connection that refers to your external interface. The connection status window appears.
- Click the Properties button.
- Navigate to the Advanced tab, and select the box titled Protect My Computer and Network by Limiting or Preventing Access to This Computer from the Internet.
- Click OK.
Your computer is now protected by the ICF. You can also click the Settings button on the Advanced tab to open specific ports for certain services you might be running.
You should also enable ICF logging on critical computers directly connected to the Internet. Doing so will provide you with an audit trail for later forensic analysis; you can automatically see what changes a hacker or cracker may have made to your system so you can reverse them efficiently. To enable logging, navigate to the Security Logging tab in the Advanced Settings dialog box, as shown in Figure 4-1.
Figure 4-1. Enabling ICF security logging
You can choose whether to log successful connections and packets that are dropped because of firewall rules, and you can also specify a custom location for the log file itself.
TIP Another reason to upgrade to XP: NT 4 is nearing the end of its life. Users should plan an upgrade to Windows XP or 2003. Users of Windows 2000 Desktop should consider an upgrade to Windows XP if only for the ICF filtering provided.
If you have a small business or home business network connected to the Internet, the most cost-effective way to obtain the most protection possible for your dollar is to purchase a broadband router, such as those manufactured by Linksys, D-Link, NETGEAR, and others. Most of these units even have built-in switches, and you simply connect each client to the router and the computers are automatically protected—by default—from the outside. Of course, this strategy won’t be as effective when your computing base grows, but it’s an efficient solution for a small business or home business.
Next: Changes to Services >>
More Windows Security Articles
More By Apress Publishing
|
 This article is taken from chapter four of the book Hardening Windows, written by Jonathan Hassell (Apress, 2004; ISBN: 1590592662). Check it out at your favorite bookstore. Buy this book now.
|
|
