-
December 7th, 2007, 02:25 AM
#1
HOW TO SECURE Windows 2000/XP/Server 2003, & VISTA
http://www.pctools.com/forum/showthread.php?t=49705
That's the original of this post. I could not get ALL/EACH of my 12 points to post here earlier, quite oddly enough, & now... I can, & have, from page #2 onwards.
Enjoy.
APK
Last edited by AlecStaar; December 9th, 2007 at 09:28 PM.
Reason: I could not get my posts to take here for some reason, & now I can & I have edited them in
-
December 7th, 2007, 05:11 AM
#2
-
December 7th, 2007, 05:29 AM
#3
...
I looked at this thread initially, thinking..
"Hmm, does this go anywhere."
The entire time I was also thinking..
"Why is this user's first post a 'tutorial' on securing Windows, and then fills a post with nothing but 'My score this and that."
IMO, if you're going to post a tutorial as a first post, anywhere, you should have it completed enough that input other than..
"Where is the stuff a Vista user needs to know about securing the OS?"
---
I understand that it may take a while to post, but please, share something other than security scores that are 2 to 3 month's old.
-
December 7th, 2007, 06:10 AM
#4
zallison,
Please do a Google search as I suggested and form your own opinion.
This is what we mods and admins know as a "prelude to a spam" I would fully expect that the "snake oil" will be proffered in subsequent posts. That is usually how these things work.
-
December 8th, 2007, 03:41 PM
#5
Originally Posted by zallison
IMO, if you're going to post a tutorial as a first post, anywhere, you should have it completed enough that input other than..
"Where is the stuff a Vista user needs to know about securing the OS?"
---
I understand that it may take a while to post, but please, share something other than security scores that are 2 to 3 month's old.
I tried to post it in its entirety, but, your forums board is not updating & not even putting my posts up immediately, so I only put up a link to a board that posts it properly... see the URL above.
APK
P.S.=> My points are NOW on the page #2 of this thread, onwards, including a reply to AngelicKnight... a good read that, in & of itself! apk
Last edited by AlecStaar; December 9th, 2007 at 09:46 PM.
-
December 9th, 2007, 09:15 PM
#6
STEP #2 - Reducing # of Network Clients & Protocols
IF you have a HOME LAN/network?
You skip this/leave this alone & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well.
2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!
E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection!
(That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use)
So, other than Tcp/IP typically, it gets removed!
(I also disable NetBIOS over Tcp/IP as well if you don't have a HOME or WORK LAN as well, because I don't need it here, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN).
Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc)
Also regarding the HOSTS file? IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of:
127.0.0.1 localhost
In it (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!).
APK
-
December 9th, 2007, 09:16 PM
#7
STEP #3 - IP Security Policies usage
3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:
http://www.analogx.com/contents/articles/ipsec.htm
(Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)
NOTE: This can be 'troublesome' though, for folks that run filesharing clients though.
An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.
(HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it & when done? TURN THEM ON, AGAIN! These work WITH software & hardware router firewalls, IP port filtering, and security IP policies, simultaneosly/concurrently, for "layered security", no hassles!).
-
December 7th, 2007, 08:39 AM
#8
Sounds like a abominable cross-breed of e-mail spam and an infomercial.
The submitter's CAPS LOCK button seems to be broken, as well.
O
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
-
December 7th, 2007, 01:24 PM
#9
Just finished reading through a couple of other threads this person has posted.
IMO - Anyone using a 'server' version of windows should be doing half of the stuff already, at the recommendation of the OS itself.
Also, what I saw of the Vista information was speculation and theory. I'm sorry, but I can do most of what was provided in the articles natively in Windows anyways.
I apologize to the mods and other regular users if anyone takes this as complaining, but I feel this is more a criticizing post like the OP asked for. I understand he said he wanted to spread the world, but why include Vista in the mix if you have nothing firm to support?
-
December 7th, 2007, 04:04 PM
#10
Interesting...
Did some googling myself, skimmed over the first result.
http://www.windowsitpro.com/articles...1095&cpage=148
Read the comments.
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By Cybr1d in forum Miscellaneous Security Discussions
Replies: 11
Last Post: June 10th, 2004, 12:09 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By warl0ck7 in forum Microsoft Security Discussions
Replies: 7
Last Post: August 14th, 2003, 12:23 PM
-
By qwerty_smith in forum Microsoft Security Discussions
Replies: 1
Last Post: February 5th, 2003, 09:41 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|