Content:: Windows Security
How to Secure Windows XP SP 2This will disable windows filesharing and possibly other Microsoft services required for Microsoft products. This is highly recommended for home and basic office users.
*note the text has not been proof read there will be errors, and parts that may not make any sense, try to follow the images. Use the contact form at hilands.com if you have any questions.
|
Step 1. - disabling the Windows XP SP2 "Security" features. |
|
|
Open your Control Panel and click "Switch to Classic View" located in the upper left corner of window. You'll see it in the "Control Panel" Tool Tip section. |
|
Double click the "Windows Firewall" icon. |
|
Select the "On" button, then click ok. If you are a die hard and want to test the configurations here you can set the firewall to "Off (not recommended)" and do your nmap testing. Really the only reason users need a firewall on a cropped system is to block the access of back doors. If someone is going to be accessing your system via a back door they add, your firewall will most likely be disabled. For this reason I recommend an additional firewall wipfw |
|
Now back in your control panel double click on "Automatic Updates" Select the "Turn off Automatic Updates." button, the click ok. |
|
Back in your control panel double click on "Security Center" Under Resources click "Change the way Security Center alerts me". |
|
Uncheck all the check boxes (Firewall, Automatic Updates, Virus Protection), then click ok and close your security center. |
| Step 2. -Disabling Netbios for all Network Devices | |
|
With your Control Panel in classic view (described above) double click on "Network Connections" for each network connection icon right click it and go to properties. |
|
Under "This connection uses the following items:" Uncheck "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" |
|
Scroll Down and select "Internet Protocol (TCP/IP)" and click the properties button. |
|
Under the "General" tab click the "Advanced..." button. |
|
Click the WINS tab and uncheck "Enable LMHOSTS lookup" and Select the "Disable NetBIOS over TCP/IP" radio button. |
| Step 3. - Disable Port 445 | |
|
Open regedit, start run regedit.exe |
|
Go to HKLMSystemCurrentControlSetServicesNetBTParameters and find "TransportBindName" right click and go down to delete. Click Yes to confirm and close regedit. |
| Step 4. - Disable port 135 | |
|
Open dcomcnfg, start run dcomcnfg.exe |
|
Select Console Root > Component Services > Computers Then right click on "My Computer" and go down to Properties. |
|
Select the "Default Properties" tab and uncheck "Enable Distributed COM on this computer". |
|
Select the "Default Protocol" tab and remove TCP/IP, I also delete any extras until the window is empty. *Note when you run dcomcnfg.exe and click on "Component Services" port 135 becomes open. After you have completed the above steps you might be able to get rid of dcom in services.msc to take care of that issue. |
| Step 5. - Disable Remote Assistance | |
|
Right click "My Computer" and go to "Properties" |
|
In the "System Properties" window click on the "Remote" tab. Uncheck "Allow Remote assistance invitations to be sent from this computer" then click Ok |
|
Now we need to disable some services.
you can do this by executing "services.msc" (start > run) Application Layer Gateway Computer Browser DNS Client IPSEC Services Server SSDP Discovery Service TCP/IP NetBIOS Helper Terminal Services Windows Time After you restart your machine you can now go to your command prompt and type in netstat -ano this will show all the ports that are open on your machine along with the process ID you should see NOTHING open when your machine first starts up. when you run applications like Instant Messanger clients, web browsers, online video games, ssh clients, ftp clients, etc. you will see new ports. you can reference the netstat -ano process ID vs your task manager from view > select columns > and the PID (Process Identifier) check box. |
|
