XP box maintainance and lockdown

• Previous message: Jason Coombs: "Re: compromised network"
• Next in thread: Jimmy Sansi: "RE: XP box maintainance and lockdown"
• Reply: Jimmy Sansi: "RE: XP box maintainance and lockdown"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Tue, 30 Dec 2003 14:29:35 -0500

I'm doing a routine maintainance and locking down an XP box
Please advise if there's anything I've missed.

Preliminaries : run a simple disk cleanup, spyware scan, and a quick virus
scan

Hardware Drivers.
- Update all Drivers for soundcard/diskcontrollers/videocards/usb/etc/...
- Update BIOS and do a new flash if needed.
- Update Router firmware

Software Patches
- download latest XP patches from windowsupdate.microsoft.com
- download latest virus definitions
(I'm using 2 virus scanners, Grisoft AVG
http://www.grisoft.com and Norton Antivirus
)

- download latest updates for your IDS or software Firewall
(such as Sygate Personal Firewall from
http://smb.sygate.com/support/documents/spf/spf_download.htm
)

(By the way, is there any significant benefit in using a software firewall
if i already have a router.. other than it working like an IDS)?

- latest updates for Ad-Aware
(a spyware removal software from
www.lavasoft.de/software/adaware/
)

Scan / Fix
(Unplug computer from internet at this point in time)
- run a full system cleanup and get rid of all cookies/temp files/junk/ etc
- run a full spyware scan using "deep scan"
- run virus scan to check for ALL files with heuristics (and/or 'houndog')
turned on,
- run scandisk or diskdoctor of some sort
- run a full defragmentation using defrag/speedisk/diskkeeper of some sort

Account configuration
- change all passwords so that it has a combination of upper/lowercase
letters, numbers,
and does not use any words from the dictionary from any language
- create a user account for yourself and others
so that you don't get in the habit of using the administrator account all
the time.

Router Configuration
- take care of any license issues
- disable all ports/services (so that we can enable services on a
"need"-only basis)
- Refer to history/log of applications that has been running
to obtain protocol, local port, remote port, and IP address needed to grant
access.
- If additional security is needed, assign to mac address instead of IP

For Sygate Personal Firewall only :
- Enable intrusion detection, port scan detection, anti-mac spoofing,
anti-ip spoofing
- Enable driver level protection, OS fingerprint masquerading
- configure so that it blocks all traffic when service not loaded
- enable stealth mode browsing but disable this if too much problem seems to
occur.
- Enable DLL authentitation and check automatically allow known DLL's
- enable smart DNS, smart DHCP, and SmartNETBIOS
- Automatically block attackers IP for.. a number of seconds
- you may also want to set it so that it notifies you via email of any
attacks.

Browser Configuration
- disable all scripting, java, flash, active-x, and plug-ins and enable only
as needed
- delete all existing cookies
- disable 3rd-party cookies and/or set cookie policy according to privacy
settings
- configure popup window blocking feature if needed
- use encryption when storing sensitive data
- configure so that it warns you if you're entering/leaving unecrypted page
- configure client certificate selection and CRL/OCSP (certificate status
protocol) as needed

Mail Configuration
- set any POP/Mail clients to use encryption/ SSL so that passwords are not
sent unencrypted
- disable cookies in Mail and Newsgroups
- disable defaut viewing of images as they can be used for tracking purposes
by spammers
- set a filter so that any email address that does not contain the @ "at
sign" and . "dot" are automatically rejected.
- you may also wish to set a filter so that if your own email address does
not appear in the "To:" or "CC:" field, the email be considered as spam.

Access Control
- set and verify folders that need to have access restrictions
- enable ecryption on private files if necessary

Recovery Disk
- make a boot disk from your Operating System
- make a password recovery disk
- make a virus boot disk as well
now you have 3 ways to get back on your feet in case something happens

Test
- Run a port scanner such as Blue Globe Software, for example, offers a
program called Port Scanner (www.islandnet.com/~cliffmcc/portscanner.html)
Raw Logic Software's NetView Scanner (www.rawlogic.com/products.html)
provides details about vulnerable ports and additional tools for detecting
network clients that have Windows file and print sharing enabled
I've heard that Nessus is also great. i suppose you can use others such as
Insecure.org's NMAP
(www.insecure.com/nmap) and cotse but i don't know if they work on XP.

Backup
- locate and backup private keys and additional configuration files
- backup all the latest drivers you've downloaded so far
- make a full backup to a removable storage

Opt-Out / Proactive Privacy protection
- goto www.doubleclick.com and search for a link where you can tell them not
to track or abuse your personal information
- not posting private email or personal information when posting to online
newsgroups
or mailing lists may also help
- not sure if they are still in effect but the national donotcall registry
might help reduce some unwanted spams

_________________________________________________________________
Enjoy a special introductory offer for dial-up Internet access — limited
time only! http://join.msn.com/?page=dept/dialup

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Jason Coombs: "Re: compromised network"
• Next in thread: Jimmy Sansi: "RE: XP box maintainance and lockdown"
• Reply: Jimmy Sansi: "RE: XP box maintainance and lockdown"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]