Hey, I've been reading a lot of the tutorals here, but I'm still having a little trouble figuing out how I can secure my computer easily, so if anyone sees this and has something useful to say it would be appreciated. Thanks!
Printable View
Hey, I've been reading a lot of the tutorals here, but I'm still having a little trouble figuing out how I can secure my computer easily, so if anyone sees this and has something useful to say it would be appreciated. Thanks!
Wrong question................you are not searching properly...........
You do not secure your computer, you secure your operating system, browser and applications.
There are plenty of tutorials on that :)
Yo dude,
This should get u started :-)
http://www.cert.org/homeusers/HomeComputerSecurity/
http://www.cert.org/homeusers/HomeComputerSecurity/
Is a good site for grandma with her new dell, but terrible for pretty much anyone else.
It uses incorrect terminology and suggests techniques that don't survive well as you gain more knowledge.
Keep this in mind when using the site.
cheers,
catch
Greeting's
You can start by the following :
1. UPDATE, UPDATE and UPDATE you windows and all other software Esp. Anti-virus and Spyware remover.
2. Install a firewall configure it properly, dont accept the default configuration and if you do accept go over it once and check it. Moniter the log's of your firewall and never ever turn of your firewall.
3. Install an anti-virus and always update it. Run a full system scan every 2 days (If you are paranoid likfe me run it once everyday just before shutdown for the day)
4. Install a spyware remover update it and run a scan. IF YOU FIND A SPYWARE AND AGAIN FIND IT AFTER A SCAN RUN YOUR ANTISPYWARE SOFTWARE IN SAFE MODE AND THEN YOUR ANTIVIRUS SOFTWARE.
5. Download Hijackthis and then copy the log your self to www.hijackthis.de and analyse your log.
6. Get Firefox or any other browser except IE. if you love IE and only want to use it then go to Tool>Internet Option>security and in internet click custom level and then scrol down to DOWNLOAD file's and enable it.
6-B Go to privacy go to advanced click override automatic cookie handling block first and third party cookie just accept session cookie
6-C Go to Autocomplete and disable all also clear any previously rememberd forms or password's
8. weekly scan your computer online at site's like : http://housecall.trendmicro.com
7. Disable NETBIOS OVER TCP/IP
9. IN YOUR NETWORK CONNECTION uninstall EVERYTHING EXCEPT TCP/IP
8. THIS IS ADVANCED SETTINGS RECOMMEND ONLY FOR WINDOWS xp PRO. backup your entire registry first <-------- imp
(sorry for poor formatting :) )
go to start then run then type : regedit.exe
--> Go to (if key/value does not exist, create one by right clicking in the right window)
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
----> EnableDCOM (REG_SZ)
-----> Set to: N
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
----> Value: DCOM Protocols
-----> Remove ncacn_ip_tcp
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
----> Value: MaxCachedSockets (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
----> SmbDeviceEnabled (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
----> REG_DWORD
-----> AutoShareServer
------> Set to: 0
-----> AutoShareWks
------> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
----> NullSessionPipes
-----> (Delete all value data INSIDE this key)
----> NullSessionShares
-----> (Delete all value data INSIDE this key)
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
----> Machine
-----> (Delete all value data INSIDE this key)
9. go to start > run > syskey then enable encrytion and store key locally
10. In windows XP pro rename your administartor ac**** and give it a aplanumerical name.
11. Creat a power user account for your day to day activity. DO NOT USE YOUR ADMINISTRATOR ACCOUNT FOR SURFING THE INTERNET.
12. Disable WELCOM SCREEN FOR LOGGING ON. (go to user accounts in windows xp and uncheck use welcom screen)
13. Disable index service to all your drive's
14. enable password for your screen saver
15. Backup your computer (have a nice strategy. one of the most followed is Normal-diffrential) meaning backup everythin on your computer weekly and for all the days in that week use a diffrential backup.
16. Dont visit warez site and dont use a P2P software.
Optionally
17. Start > Run > telnet then type "unset ntlm"
18. Subscribe to a news group like secunia.
19. All of the following suggestion are advance settings and use at your own risk. what i mean to say is use them only if you know what you are doing.
Go to My computer right click on your %systemroot% drive mostly C:
now go to securiy tab click ADD
- Type: Authenticated Users
- Press enter
- Select: Authenticated Users
-- Allow: Read & Execute, List folder content, Read.
- Advanced
- Unselect: Inherent from parent permission entries...
- COPY
- Remove all other users except: Administrator, System and Authenticated Users
- Select: Replace permissions entries...
- THEN OKAY AND YES
Go to C:\documents and settings\
Right click on administrator folder
Go to security and then advanced
- Unselect: Inherent from parent permission entries...
- Copy
- Remove: Authenticated Users
- Select: Replace permission entries...
okay and yes
NOw select all other folders in that directory (remaining users folders)
go to properties > security > advanced
- Unselect: Inherent parent permission entries
-copy
-Remove: Authenticated users
- Add that users name (like "userX") who's folders these are. This will prevent all other users except admins from getting into their folders.
- Allow : Full control
- Select: Replace permission entries...-
-okay and yes
Go to %temp% folder (mostly C:\windows\temp
go to properties > security
select : > authenticated users
then allow full controll
this is all i can think right now, Its 5 in the morning here I havent slept all night. but anyway hope all this help's.
Use AO's search engine ... you will find a lot to learn .... don't be too lazy
You may visit the following links ...
http://www.google.com/search?hl=en&l...ls&btnG=Search
http://www.google.com/search?hl=en&l...ms&btnG=Search
http://www.google.com/search?hl=en&l...ls&btnG=Search
Cheers
I am sorry i am posting again instead of updating the last one but I have a nice document if you want...
Its from microsoft and it will help you a lot but only thing is its windows Xp with sp 2 specific. It will help other users if you mention your OS in your post.
GO to microsoft.com and search for Microsoft Baseline Analyze download it and test your security setting's I am sorry i couldnt get the link for you my interntet connetion seems to like a snail right now, but ill update the post ASAP. Thanks
ByTeWrangler did a really good job is summaring things ... But here are a couple of other things that you could try ....
[1] Check Your Security Score Today -- PreView
Download the Beta version and give it a try ...
[2] If you still plan on using Internet Explorer ... then read this ....Quote:
PreView is the first security application that lets you see the relative security of your Windows computer against known threats in the wild. By looking at four critical elements in a layered security approach, we are able to generate a Security Score. This score is based on the core system security configurations, installed commercial security software, installed security patches, and how effective your firewall protection is configured.
How to strengthen the security settings for the Local Machine zone in Internet Explorer
[3] Give this a try ... Easy to use and does a good job at protecting windows ...
Qwik-Fix Pro
But dont rely just on software to do the job for you .... Remember if you want your OS to stay safe and sound a little reading will take you a long way ....
Ummm.... no.Quote:
10. In windows XP pro rename your administartor ac**** and give it a aplanumerical name.
Get rid of the guest account, setup a limited user account and name that one "Administrator", have the administrative account renamed to guest. Setup passwords for them both.
This is really no better.Quote:
Get rid of the guest account, setup a limited user account and name that one "Administrator", have the administrative account renamed to guest. Setup passwords for them both.
The guest account comes disabled.
Not much of a reason in the subject's environment to rename the "administrator" account, much less actually adding an account to call it that.
Keep it simple, if you want to rename your admin account, that is fine... it really doesn't help the situation any, it most likely won't hurt anything, though it is just one more thing to remember.
Most of the advice in this thread is just too much, leaving the user unlikely to do any of it (much less any of it correctly) on top of the fact that you don't even know what OS the user is running. All this advice will work great on say... Windows Me or OSX or Mandrake (remember Linux has been targeting the beginer crowd for a while now and more OEM systems ship with it.)
cheers,
catch