skip navigation

www.Hilands.com


Content:: Windows Security

How to Secure Windows XP SP 2

This will disable windows filesharing and possibly other Microsoft services required for Microsoft products. This is highly recommended for home and basic office users.

*note the text has not been proof read there will be errors, and parts that may not make any sense, try to follow the images. Use the contact form at hilands.com if you have any questions.


Step 1. - disabling the Windows XP SP2 "Security" features.

Control Panel Open your Control Panel and click "Switch to Classic View" located in the upper left corner of window. You'll see it in the "Control Panel" Tool Tip section.
Classic Control Panel Double click the "Windows Firewall" icon.
Windows Firewall Select the "On" button, then click ok.
If you are a die hard and want to test the configurations here you can set the firewall to "Off (not recommended)" and do your nmap testing. Really the only reason users need a firewall on a cropped system is to block the access of back doors. If someone is going to be accessing your system via a back door they add, your firewall will most likely be disabled. For this reason I recommend an additional firewall wipfw
Automatic Updates Now back in your control panel double click on "Automatic Updates" Select the "Turn off Automatic Updates." button, the click ok.
Security Center Back in your control panel double click on "Security Center" Under Resources click "Change the way Security Center alerts me".
Security Center Alerts Uncheck all the check boxes (Firewall, Automatic Updates, Virus Protection), then click ok and close your security center.
Step 2. -Disabling Netbios for all Network Devices
Network Connections With your Control Panel in classic view (described above) double click on "Network Connections" for each network connection icon right click it and go to properties.
Network Connections Properties Under "This connection uses the following items:" Uncheck "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks"
Network Connections Properties Scroll Down and select "Internet Protocol (TCP/IP)" and click the properties button.
TCP/IP Properties Under the "General" tab click the "Advanced..." button.
Advanced TCP/IP Properties Click the WINS tab and uncheck "Enable LMHOSTS lookup" and Select the "Disable NetBIOS over TCP/IP" radio button.
Step 3. - Disable Port 445
Run Regedit Open regedit, start run regedit.exe
Regedit Go to HKLMSystemCurrentControlSetServicesNetBTParameters and find "TransportBindName" right click and go down to delete. Click Yes to confirm and close regedit.
Step 4. - Disable port 135
Run dcomcnfg.exe Open dcomcnfg, start run dcomcnfg.exe
Component Services Select Console Root > Component Services > Computers Then right click on "My Computer" and go down to Properties.
DCOM My Computer Properties Select the "Default Properties" tab and uncheck "Enable Distributed COM on this computer".
DCOM My Computer Properties Select the "Default Protocol" tab and remove TCP/IP, I also delete any extras until the window is empty. *Note when you run dcomcnfg.exe and click on "Component Services" port 135 becomes open. After you have completed the above steps you might be able to get rid of dcom in services.msc to take care of that issue.
Step 5. - Disable Remote Assistance
My Computer Properties Right click "My Computer" and go to "Properties"
System Properties In the "System Properties" window click on the "Remote" tab. Uncheck "Allow Remote assistance invitations to be sent from this computer" then click Ok
Now we need to disable some services.
you can do this by executing "services.msc" (start > run)
Application Layer Gateway
Computer Browser
DNS Client
IPSEC Services
Server
SSDP Discovery Service
TCP/IP NetBIOS Helper
Terminal Services
Windows Time

After you restart your machine you can now go to your command prompt and type in
netstat -ano
this will show all the ports that are open on your machine along with the process ID you should see NOTHING open when your machine first starts up.
when you run applications like Instant Messanger clients, web browsers, online video games, ssh clients, ftp clients, etc. you will see new ports.
you can reference the netstat -ano process ID vs your task manager from view > select columns > and the PID (Process Identifier) check box.
Last Modified: 2012-01-25