Page 1 of 2 12 LastLast
Results 1 to 10 of 28

Thread: HOW TO SECURE Windows 2000/XP/Server 2003, & VISTA

Hybrid View

  1. #1
    Banned
    Join Date
    Dec 2007
    Posts
    17

    HOW TO SECURE Windows 2000/XP/Server 2003, & VISTA

    http://www.pctools.com/forum/showthread.php?t=49705

    That's the original of this post. I could not get ALL/EACH of my 12 points to post here earlier, quite oddly enough, & now... I can, & have, from page #2 onwards.

    Enjoy.

    APK
    Last edited by AlecStaar; December 9th, 2007 at 09:28 PM. Reason: I could not get my posts to take here for some reason, & now I can & I have edited them in

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    APK, that rings a bell somewhere methinks? ah! yes, Alexander Peter Kowalski. I think that I know you from somewhere

    When I put:

    "HOW TO SECURE Windows 2000/XP/Server 2003, & VISTA"

    Into a Google search, I am truly amazed at the number of times that "APK" has posted this very same thread on other forums. Before he deigned to cast the pearls of wisdom before the swine of AO.

    Once? OK, twice? fine, three times? perhaps. When you get into double figures, I call that "spamming".

    AhHa! I remember where I know you from, ArsTechnica wasn't it?

    Be careful.

  3. #3
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO area
    Posts
    66
    ...

    I looked at this thread initially, thinking..
    "Hmm, does this go anywhere."

    The entire time I was also thinking..
    "Why is this user's first post a 'tutorial' on securing Windows, and then fills a post with nothing but 'My score this and that."

    IMO, if you're going to post a tutorial as a first post, anywhere, you should have it completed enough that input other than..

    "Where is the stuff a Vista user needs to know about securing the OS?"

    ---

    I understand that it may take a while to post, but please, share something other than security scores that are 2 to 3 month's old.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    zallison,

    Please do a Google search as I suggested and form your own opinion.

    This is what we mods and admins know as a "prelude to a spam" I would fully expect that the "snake oil" will be proffered in subsequent posts. That is usually how these things work.

  5. #5
    Banned
    Join Date
    Dec 2007
    Posts
    17
    Quote Originally Posted by zallison
    IMO, if you're going to post a tutorial as a first post, anywhere, you should have it completed enough that input other than..

    "Where is the stuff a Vista user needs to know about securing the OS?"

    ---

    I understand that it may take a while to post, but please, share something other than security scores that are 2 to 3 month's old.
    I tried to post it in its entirety, but, your forums board is not updating & not even putting my posts up immediately, so I only put up a link to a board that posts it properly... see the URL above.

    APK

    P.S.=> My points are NOW on the page #2 of this thread, onwards, including a reply to AngelicKnight... a good read that, in & of itself! apk
    Last edited by AlecStaar; December 9th, 2007 at 09:46 PM.

  6. #6
    Banned
    Join Date
    Dec 2007
    Posts
    17

    STEP #2 - Reducing # of Network Clients & Protocols

    IF you have a HOME LAN/network?

    You skip this/leave this alone & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well.

    2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!

    E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection!

    (That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use)

    So, other than Tcp/IP typically, it gets removed!

    (I also disable NetBIOS over Tcp/IP as well if you don't have a HOME or WORK LAN as well, because I don't need it here, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN).

    Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc)

    Also regarding the HOSTS file? IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of:

    127.0.0.1 localhost

    In it (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!).

    APK

  7. #7
    Banned
    Join Date
    Dec 2007
    Posts
    17

    STEP #3 - IP Security Policies usage

    3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:

    http://www.analogx.com/contents/articles/ipsec.htm

    (Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)

    NOTE: This can be 'troublesome' though, for folks that run filesharing clients though.

    An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.

    (HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it & when done? TURN THEM ON, AGAIN! These work WITH software & hardware router firewalls, IP port filtering, and security IP policies, simultaneosly/concurrently, for "layered security", no hassles!).

  8. #8
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636
    Sounds like a abominable cross-breed of e-mail spam and an infomercial.

    The submitter's CAPS LOCK button seems to be broken, as well.

    O
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  9. #9
    Member
    Join Date
    Nov 2007
    Location
    Springfield, MO area
    Posts
    66
    Just finished reading through a couple of other threads this person has posted.

    IMO - Anyone using a 'server' version of windows should be doing half of the stuff already, at the recommendation of the OS itself.

    Also, what I saw of the Vista information was speculation and theory. I'm sorry, but I can do most of what was provided in the articles natively in Windows anyways.

    I apologize to the mods and other regular users if anyone takes this as complaining, but I feel this is more a criticizing post like the OP asked for. I understand he said he wanted to spread the world, but why include Vista in the mix if you have nothing firm to support?

  10. #10
    Interesting...

    Did some googling myself, skimmed over the first result.

    http://www.windowsitpro.com/articles...1095&cpage=148

    Read the comments.

Similar Threads

  1. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 04:31 AM
  2. Usefull Windows XP, 2k, NT, and 9x tips and tweaks
    By Cybr1d in forum Miscellaneous Security Discussions
    Replies: 11
    Last Post: June 10th, 2004, 12:09 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. Windows 2003 Server Vulnerability
    By warl0ck7 in forum Microsoft Security Discussions
    Replies: 7
    Last Post: August 14th, 2003, 12:23 PM
  5. MS 1st critical update of 2003
    By qwerty_smith in forum Microsoft Security Discussions
    Replies: 1
    Last Post: February 5th, 2003, 09:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •