Sign in to follow this  
Followers 0
Engineering

How to secure (harden) Windows XP SP3 OS?

10 posts in this topic

What do you do to secure your Windows XP OS?

What can you comment or contribute to the following checklist:

*Only crucial system services running (less exploitable processes + performance improvement),

*Hardened Hosts files (blacklists),

*Uninstalling Telnet/Net meeting/Messenger/WMP/DCOM vulnerabilities, what else?, etc (generic Windows bloatware),

*Disabling UPnP, Administrative shares (IPC$,etc), LMHash, Null sessions, epmap (port 135), SMB (port 445), SSDP (port 1900), etc

*Disabling DCOM, paging from executives, remote desktop, remote registry, TCP/IP NetBIOS Helper (NetBT), etc

*Secure file deletion (DOD 5222.20-M),

*Any server based network hosting capabilities unavailable,

*Group Policy Enforcement in place (based on NSA checklists)

*Latest Windows Patches,

*Firewall + AV + Peerguardian (ipblock lists) + IDS app, etc

*Web browser with javascript security policies and cookie management, (Firefox w/ Noscript)

*Registry tweaks (which?),

*HDD encryption (which?),

*User without Admin rights,

*etc etc... What else can you think of?

HTTP + SSL + HTTPS + Nothing else.

(And yes I have read multiple pages of Google query results. I'd like to hear your personal practices and security habits)

See where I'm getting to?

What else crosses your mind?

0

Share this post


Link to post
Share on other sites

Simpler solution: install Windows 7.

Done.

0

Share this post


Link to post
Share on other sites

What Colonel Panic said, and just be extra careful on what you download and install! Most Windows vulnerabilities lye with the user's carelessness!

0

Share this post


Link to post
Share on other sites

Don't forget your screen emits radiation too. Perhaps, enclosing it in cement would circumvent one from spying on your desktop from emitted radiation.

0

Share this post


Link to post
Share on other sites

Simpler solution: install Windows 7.

Done.

How is Windows 7 superior to Windows XP?

0

Share this post


Link to post
Share on other sites

Don't forget your screen emits radiation too. Perhaps, enclosing it in cement would circumvent one from spying on your desktop from emitted radiation.

Cement? How about some kind of metal mesh? Is there an inexpensive way to build a Faraday cage?

0

Share this post


Link to post
Share on other sites

Simpler solution: install Windows 7.

Done.

How is Windows 7 superior to Windows XP?

Many ways. UAC being a big part of it.

0

Share this post


Link to post
Share on other sites

UAC is actually a very well-conceived security model. It is extremely robust, allows for very granular permissions management, and provides excellent protection against the installation of dangerous or unwanted software.

Its main drawback is one of practicality and marketing. To the average tech-tarded user, Windows is supposed to be "easy" and to "just work." So when UAC throws up warnings and confirmation dialogs whenever something happens that might compromise security, it is often perceived as an annoyance. When the typical Windows users see all these warnings popping up, they tend to react in one of 3 ways: they either freak out because it's something they don't understand; they just ignore it and click through (like how people often deal with EULAs and SSL certificate warnings); or worst of all, they disable UAC altogether.

The problem is that average schmoes don't really understand their computers, and don't care to understand them. They just want the machines to work for their purposes with a minimum of hassle and trouble. As I see it, there's no way to provide adequate security without educating the end-user about security. The only workable solution I can see is for the manufacturers to meet the users halfway. After all, they are manufacturing extremely complex high-tech products, not dinnerware, rag-mops or toilet paper. Their customers need to be informed about how the products work. If they users aren't going to RTFM (as most of them obviously don't), then the company ought to make the effort to provide tech support or else build some kind of education into their products' UIs.

Edited by Colonel Panic
0

Share this post


Link to post
Share on other sites

Don't forget your screen emits radiation too. Perhaps, enclosing it in cement would circumvent one from spying on your desktop from emitted radiation.

Cement? How about some kind of metal mesh? Is there an inexpensive way to build a Faraday cage?

A Faraday cage must be extremely strong and made of a tough material to withstand assaults from formidable claws and razor-sharp fangs. For safety, you should always attach a sign that reads, "DANGER: DO NOT FEED THE FARADAY." (cheers, RTF!)

Seriously, the cage needs to be made of a highly conductive wire mesh, with a spacing of a very small fraction of the wavelength of EM radiation you want to block. The cage must be extremely well-grounded. The best way to accomplish this would be to weld a thick strip of woven conductor, and then weld the other end of that to a highly-conductive solid metal stake driven several feet deep into the ground.

The actual spacing of the mesh is important though. Here's a thread on the Anandtech forums that describes Faraday cage construction: http://forums.anandtech.com/messageview.aspx?catid=50&threadid=2151509

Edited by Colonel Panic
0

Share this post


Link to post
Share on other sites

you could always get/make a hardware router that cant be configured remotely besides that you just need a firewall and anti virus. as most routers will make the computer be fairly secure i mean say your net bios port is open(forget the number but it is by default on xp atleast) they cant do anything with it because your not port forwarding, i can open telnet and cant do anything as the port isnt on the internet they actually have to be on your network. so if you can use a wired router. otherwise wpa2.<jk> idk put a lock on your computer so they cant open the box, put a switch on the inside of the box for the power so they cant turn it. encase it in a rugged carbon nanotube cage? and bolt it to the wall with 2in bolts.</jk>

edit: apparently people cant tell so </jk>

Edited by dinscurge
-1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0