-
August 10th, 2003, 07:50 AM
#1
Member
The Next Step: Securing My Windows Box
The Next Step: Securing My Windows Box
Hello all this is my first, newb attempt at a tutorial, so help me out please.
To begin hardening your windows system you should already have a fresh instillation of your OS, already patched, and with AV and a personal firewall. After this is done you can begin.
1. Rename or remove the built in administrator account.
Left untouched this is a huge security risk. Every malicious computer user knows these default passwords! You must rename this account or transfer administrative privileges to another user. (side note: make sure this account has a very strong password as you don’t want just anybody to have control of your network.
2.) Rename or disable the built in guest account
As in the previous example this account is well know and is often a target of attacks.
3.) Make sure your all the passwords on your network are strong ones!
In windows 2000 and XP you can do this by using the policy editor.
Enforce password history (set to 6 it’s a good number)
Maximum password age (set to 60 or less)
Minimum password length (set to 8, make sure higher level
Accounts have better passwords of around 12 characters with
Upper and lower case letters, symbols, and numbers)
Password must meet complexity requirements (enable)
Store password using reversible encryption for all users in the
Domain (disable)
4.) Set account lock out policy
In the policy editor set the account lockout duration to 30 and set the account lock out threshold to 3. This will serve to help stop a “brute force” attack on your passwords.
5.) Make sure to set your audit policies
Setting these audits make help you to see an unusual pattern signifying an attack or problem. You should turn on these audits.
Audit account logon events (success and failure)
Audit account management (success and failure)
Audit logon events (success and failure)
Audit policy change (success and failure)
Audit privilege use (success and failure)
Audit system events (success and failure)
6.) Disable NetMeeting desktop sharing
This program is used to remotely control computers, and chances are you don’t use this anyway.
7.) Remove the “everyone” group from shared folders.
This default account is set to have full control of shared folders.
8.) Disable internet connection sharing on computers
If you are on a network your do not need this utility
Well that about sums up everything I know so far. Feel free to add to this and make comments I am still trying to learn.
Note: you may also want anti-spy ware programs on hand such as ad aware and spybot s&d
-
August 10th, 2003, 10:00 AM
#2
Banned
It is not a bad tutorial.
Perhaps the following will learn you even more:
How to lock down your WinXP ...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|