|05-10-2005, 05:41 PM||#1|
Join Date Nov 2004
Protecting Your Computer Against Invasions
There has been a new article posted.
Title: Protecting Your Computer Against Invasions
Here's a snippet:
With the popularization of broadband Internet connection, more and more users have their Internet connection active during all the time the computer is on. Even if you are not in fact accessing the In...
Comments on this article are welcome.
|09-26-2009, 12:59 PM||#2|
Join Date Sep 2009
That's not cool!
Here's what happens:
First, the end user could have overlooked something VERY important that you said: ". . . on all the time. . ." and also overlook that an important security enhancement is the Standby mode and the power switch.
There is no such thing as foolproof security, but good security increases the time required for break in. Standby mode (power saver) and the power switch can help considerably.
Second, either the networking (windows file and printer sharing) will get turned off or it won't, but this doesn't affect the outcome--it gets turned on when it is needed (just a few mouse clicks), and then it is still insecure.
Let's patch that up. . .
So, your networking (windows file and printer sharing) is now switched back on, and the internet side security has all failed to thwart an attack because the browser invited the attacker, who now knows for sure the exact address of your computer, despite the clumsy firewall in Windows that makes assurances, but doesn't stop data from exiting the computer. Windows has no inbuild egress firewall.
Well, browser revealing is the most common problem (more than 40 billion times per day, with approximately 60% of that malicious), so let's assume this is the case.
The last ditch security that may safeguard our data when all else has failed, is the NTFS file system security and the Windows login (both part of the same team).
Switching that up to full power is a two step process.
First, we set a password on all accounts, especially administrator and guest.
Second, just like a corporate network, we disable anonymous logins.
Note that your networking (shared files and printers) will work whenever two or more computers on the same network have the same workgroup name, same username (login name) and identical passwords; and that, this procedure is all about making sure it doesn't work "otherwise."
Switch on the guest account, set a password for the guest account, and then switch off the guest account.
Log into the administrator account (press control alt delete delete at the welcome screen) using the classic login to access it. Set a password for this account.
Set a password for all other accounts. Make these identical for all computers on your network.
Switch on the security.
Here it is listed as a registry file, which you can copy (notepad or text editor) and save as a .reg file, or you can use the registry editor if you like.
After switching on the security features to block anonymous access, you may want to find a replacement for the windows firewall, because everything else is more effective. Configure your new 3rd party firewall to allow file sharing inside of your own network.
Lastly, there is a bit of bad news. The cool automatic list of shared resources in Network Folders / My Network Places causes your computer to broadcast your password unsecured to the maximum number of computers it can reach. The solution is to first create shortcuts to shared folders and place them on your desktop. Next, disable password broadcast this way. . .
To disable XP automatic discovery:
* In Explorer, click Tools
* Click Folder Options
* Click the View tab,
* Uncheck Automatically Search for Network Folders and Printers in Advanced settings list.
* Repeat for every account on all computers.
Now, we have passwords on all accounts (including administrator and guest).
Computers that are supposed to share files have identical accounts with identical passwords.
We have disabled anonymous accesses and we have disabled password leakage/broadcast.
Also, we have installed a 3rd party software firewall capable of blocking egress to all computers except for those on our local network--because once we have logged in, then all software that we run still has permission to communicate unrestricted unless its blocked by a 3rd party (non-microsoft) software firewall.
This security also works for portable computers, since they now won't automatically share files with other computers unless (until) they are in their "home base" environment.
After completing the safer networking steps, then you can switch off the windows file and printer sharing if you don't need those features. In the future, should it get switched back on, then you know that its already set up for tight security. This is much safer than assuming it won't get switched on.
Last edited by danielwritesback; 09-26-2009 at 01:04 PM.
|Share This Thread|
|Thread Tools||Search this Thread|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Computer Port Extension||Hardware Secrets Team||Content Comments||0||11-26-2004 09:42 AM|