Windows XP Security - Checkpoints

(Page 6 of 6 )

If you’re in a hurry, the action items within this chapter include the following:

• Use XP’s included Internet Connection Firewall to close off open ports.

• Enable ICF logging for later forensic analysis and intrusion detection.

• If you have a small office or home office network, purchase an inexpensive broadband router for further protection.

• Adjust your running services list to match that in the book.

• Test your service load and ensure that only services required for necessary functionality are running and enabled.

• Use the Microsoft Baseline Security Analyzer (MBSA) to analyze the current update level of machines on your network.

• Also visit Windows Update to identify and install appropriate hotfixes and software updates.

• Visit a reputable online software vendor and perform penetration tests on your machines to ensure that ports are closed off and your hardening efforts were effective.

• Format the partitions on your machines with NTFS.

• Disable automated logins by ensuring there is a password for each user account on a machine. (This applies only to machines that aren’t participating in a security domain.)

• Rename the Administrator account.

• Rename the Guest account.

• Replace the Everyone group with the Authenticated Users group inside the access control lists (ACLs) of your shares.

• Understand the typical signs of a compromised machine.

• If a machine becomes compromised, don’t attempt to resurrect it. Get personal data off, verify the integrity of that data, and then reformat and reinstall the machine.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Windows XP Security

· I am still waiting for that day when Windows will not allow viruses to execute on my...    · then u must be waiting for the windows untill u r breath.    · maybe you meant.... don't hold your breath?   >>> Post your comment now!

Buy this book...

This article is taken from chapter four of the book Hardening Windows, written by Jonathan Hassell (Apress, 2004; ISBN: 1590592662). Check it out at your favorite bookstore. Buy this book now.