Security help please - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Security help please

  1. #11
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    "It uses incorrect terminology and suggests techniques that don't survive well as you gain more knowledge."

    Just wondering catch could you elaborate a bit more if you dont mind ?....

    Cause I have read that article many times but it's probably my lack of knowledge [Still consider myself a newbie ] which keeps me from noticing things .....

    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #12
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's :

    Just to complete my previous post and too add to security of a computer here is addition to my previous post. Hope this help's. I had asked the thread starter to either update his post stating his OS but thats not happened so far anyway followind settings have been tried on Windows XP Pro with SP2 i am not sure if they will work on win 95/98 but they should on win2k and later.

    here it goes :

    Goto : Control panel
    Performance and maintenance
    Administrative tools
    Local security policy
    Account policies
    Password policy
    -Enforce password history - 0 passwords remembered
    -Maximum password age - 15 days (thats my level of paranoia for a home computer when -implimenting the same in a diffrent enviourment use your own level our paranoa )
    -Minimum password age - 0 days
    -Minimum password lenght - 21 characters
    -Password must meet complexity requirements - Enabled
    -Store passwords using reversible encryption for all users in the domain - Disable

    Account lockout policy
    -Account lockout threshold - 3 invalid logon attempts.
    -Account lockout duration - 60 minutes
    -Reset account lockout counter after - 60 minutes


    Local policies
    -Audit account logon events - Success, failure
    - Audit account management - Success, failure
    -Audit logon events - Success, failure
    -Audit Object access - Success, failure
    -Audit policy change - Success, failure
    -Audit system events - Success, failure
    -User rights assignment
    -Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
    - Back up files and directories - Administrators
    --Bypass traverse checking - Authenticated Users,Administrators
    -Change the system time - Administrators
    -Create a pagefile - Administrators
    -Debug programs - Administrators
    -Deny access to this computer from the network - Everyone
    -Deny logon through Terminal Services - Everyone
    -Generate security audits - LOCAL SERVICE,NETWORK SERVICE
    -Increase scheduling priority - Administrators
    -Load and unload device drivers - Administrators
    -Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
    -Log on locally - Authenticated Users, Administrators
    -Manage auditing and security log - Administrators
    - Modify firmware environment values - Administrators
    - Perform volume maintenance tasks - Administrators
    -Remove computer from docking station - Authenticated Users,Administrators
    - Replace a process level token - LOCAL SERVICE
    -Restore files and directories - Administrators
    -Shut down the system - Authenticated Users, Administrators
    -Accounts: Administrator account status - Enabled
    - Accounts: Guest account status - Disabled
    -Accounts: Limit local account use of blank passwords to console logon only - Enabled
    - Audit: Audit the access of global system objects - Disabled
    -Audit: Audit the use of Backup and Restore privilege - Disabled
    -udit: Shut down system immediately if unable to log security audits - Disabled
    - Devices: Allow undock without having to log on - Disabled
    -Devices: Allowed to format and eject removable media - Administrators
    -Devices: Prevent users from installing printer drivers - Enabled
    -Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
    -Devices: Restrict floppy access to locally logged-on user only - Enabled
    -Devices: Unsigned driver installation behavior - DO not allow installation
    -Domain controller: Allow server operators to schedule tasks - Disabled
    -Domain controller: LDAP server signing requirements - Not defined
    -Domain controller: Refuse machine account password changes - Enabled
    --Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
    -Domain member: Digitally encrypt secure channel data (when possible) - Enabled
    -Domain member: Digitally sign secure channel data (when possible) - Enabled
    -Domain member: Disable machine account password changes - Enabled
    -Domain member: Maximum machine account password age - 1
    -Domain member: Require strong (Windows 2000 or later) session key - Enabled
    -Interactive logon: Do not display last user name - Enabled
    -Interactive logon: Do not require CTRL+ALT+DEL - Disabled
    -Interactive logon: Message text for users attempting to log on -
    -Interactive logon: Message title for users attempting to log on -
    -Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
    -Interactive logon: Prompt user to change password before expiration - 7 days
    nteractive logon: Require Domain Controller authentication to unlock workstation - Enabled
    -Interactive logon: Smart card removal behavior - Lock Workstation
    -Microsoft network client: Digitally sign communications (always) - Enabled
    -Microsoft network client: Digitally sign communications (if server agrees) - Enabled-
    -Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
    -Microsoft network server: Amount of idle time required before suspending session - 1
    -Microsoft network server: Digitally sign communications (always) - Enabled
    -Microsoft network server: Digitally sign communications (if client agrees) - Enabled
    -Microsoft network server: Disconnect clients when logon hours expire - Enabled
    N-etwork access: Allow anonymous SID/Name translation - Disabled
    Ne-twork access: Do not allow anonymous enumeration of SAM accounts - Enabled
    Net-work access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
    Net-work access: Do not allow storage of credentials or .NET Passports for network authentication Enabled
    -Network access: Let Everyone permissions apply to anonymous users - Disabled
    -Network access: Named Pipes that can be accessed anonymously -
    -Network access: Remotely accessible registry paths -
    -Network access: Shares that can be accessed anonymously -
    -Network access: Sharing and security model for local accounts - Classic local users authenticate s themselves
    - Network security: Do not store LAN Manager hash value on next password change - Enabled
    -Network security: Force logoff when logon hours expire - Disabled
    -Network security: LAN Manager authentication level - Send NTLMv2 response only * refuse LM anmd NTLM
    -Network security: LDAP client signing requirements - Require signing
    -Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - -Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
    -Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - -Require message integrity,Require message confidentiality,Require NTLMv2 session -security,Require 128-bit encryption
    -Recovery console: Allow automatic administrative logon - Disabled
    -Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
    -Shutdown: Allow system to be shut down without having to log on - Disabled
    -Shutdown: Clear virtual memory pagefile - Enabled
    -System cryptography: Use FIPS compliant algorithms for encryption, hshing and signing - Enabled
    -System objects: Default owner for objects created by members of the Administrators group - Object creator
    -System objects: Require case insensitivity for non-Windows subsystems - Enabled


    There are certain things that I am not sure of like this only is for a system locally but on the internet it can still be identified (OS fingerprinting) and can be exploited hence I am currently reading papers for that

    for anyone who wants to read these papers :

    http://voodoo.somoslopeor.com/papers/nmap.html
    http://www.net-security.org/article.php?id=406

    If on the above subject anyone has a better or a paper that they think is a must read please tell me. Also is there any threat that you think needs to be included in system security (not user security) I would love it if you add it here.

    Thank you.

    [edit]

    also for knowing which service to run and which to stop

    http://www.blkviper.com/

    is an excellent site. I just checked it but it says it is underconstrustion but I think its a must read.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #13
    Banned
    Join Date
    Apr 2004
    Posts
    843
    Not much of a reason in the subject's environment to rename the "administrator" account, much less actually adding an account to call it that.
    The limited user account is not there just to call it something else. It's needed. An administrative account for anything other than the equivalence of maintenance is not.

    What can I say, other than that it adds some humor to my event viewer.

  4. #14
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    -Maximum password age - 15 days (thats my level of paranoia for a home computer when -implimenting the same in a diffrent enviourment use your own level our paranoa )
    -Minimum password age - 0 days
    -Minimum password length - 21 characters
    -Password must meet complexity requirements - Enabled
    -Store passwords using reversible encryption for all users in the domain - Disable
    judging by this policy, especially the short TTL on the passwords and the length Id guess you have never had to set policy for a non-tech staff before. Good luck trying to get 100+ people to remember a password that is 21 characters long, complex (so it includes letters numbers and symbols) and that they have to change every 15 days. I hope your helpdesk is ready to reset passwords VERY often.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #15
    Banned
    Join Date
    May 2003
    Posts
    1,004
    I swear about a third to half of the antionline users are merely here because they love the idea of masturbating on the internet, but lack the guts to use a webcam.

    Fake admin accounts.
    21 char passwords.
    Auditing everything.
    Using a non-IE browser.
    Disabling the indexing service.

    I give up.

    catch

  6. #16
    Banned
    Join Date
    Apr 2004
    Posts
    843
    I give up.
    You know there is pills for that.

  7. #17
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    You know there is pills for that.

    better yet, just use a rusty butter knife.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #18
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    ByTe Wrangler,

    Well, he asked for security help, and my, my - you certainly delivered...

    However, I feel that, for this particular member, your suggestions may had been a bit "overkill" (I'm assuming that this guy doesn't have a devoted legion of hackers on his ass - especially since he's *apparently* unable to use Google effectively (no offense to the original poster - but there are several sites devoted to this topic alone))... This guy likely just needs your basics - dontcha think???

    Anyway, my "general" security pack for any Windows box includes the following (all free!):
    ****************************************************************************
    - Updates (all of 'em - auto-updater in 2K/XP is great for this) - in order for Microsoft to remain competitive in the world of operating systems, they feel that they need to release "much-less-than-perfect" (to be generous) software to meet deadlines, which frequently needs updating - and, think about it - 95% of home PCs rely on some version of MS Windows - it follows that the majority of the world's malicious code writers are writing exploits for MS products...

    - Firewall - I use Sygate Personal Firewall - it hasn't let me down yet, though others may vouch for other products... get it at http://smb.sygate.com/products/spf_standard.htm ...

    - Antivirus
    local machine: I use AVG - again, hasn't let *me* down, but different strokes for different
    folks, right? Try it out (http://free.grisoft.com/doc/1)...

    online scanners: Sometimes, it's nice to get a "second opinion" - try an online virus
    scanner about once every two weeks or so (moreso if you're *really*
    paranoid)... PandaActivescan does a nice job, but I prefer TrendMicro's
    Housecall
    (http://housecall.trendmicro.com/hous...start_corp.asp)

    - Malware Detection & Removal: an antivirus won't prevent you from getting millions of
    pop-ups, etc. For this kinda protection, I'd suggest Lavasoft's AdAware
    (http://www.lavasoftusa.com/software/adaware/) and Spybot
    S&D (http://www.safer-networking.org/en/index.html). Run these
    two in SAFE MODE if you're experiencing malware symptoms (some
    malware begins as a startup process - if it's running, you may be unable to
    remove it - scanning in safe mode eliminates this problem)
    After you've run these two, you may wish to install MS Antispyware
    http://www.microsoft.com/athome/secu...e/default.mspx). I've found
    that this proggie kinda sucks for cleaning an infected system, but works
    great as a tool for prevention. However, you'll probably want to do some
    configuring to this one - it's constant warning messages can become as
    annoying as the spyware itself ... I don't use this one personally, but it's
    definitely a useful tool...

    ****************************************************************************

    Now, this is a very basic list of proggies to implement security measures meant for very basic users... Given the nature of your post, this sounds like what you probably need... There's much more advanced security tools for much more advanced users, of course, such as Ethereal (to check out network traffic) and Nmap (general network vuln assessment, etc.) to name just a couple... feel free to shoot me an IM or an e-mail if you wish to learn how to use such programs...

    Just a word of advice - forums like AO get posts like this *all* the time... so don't be suprised if no one rushes to answer a general query such as the one you've presented... check out the newbie section, yadda yadda yadda... I just felt like typing because I was drunk, and I've been meaning to put together a comprehensive list of my "basic" security tools, anyway...

    One more thing - use Mozilla's FireFox (http://www.mozilla.org/products/firefox/) as your default web browser - timely updates are released, and it's not prone to a fraction of the exploits IE is... besides, it doesn't have 10% of the MS-dominated market for nothing...

    Remember - Google is GOD - by that, I mean "ask and you shall receive"... Please, if you want to know "how to secure your box," type in such a phrase in the textfield on Google.com - or use the AO search...

    Anyway, I apologize to everyone else who made similar suggestions on this post - I just felt like rambling for a minute, and giving some specifics...

    -Wiski C.

    [edit] - sorry the formatting's fux0r3d - - I'll fix it if it *really* bothers anyone *that* bad...
    My Corner of the Intarwebz: Jeremy Dean Online

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •