Re: Windows xp security

ArtDent wrote:
On 1-Mar-2006, "Nowhere" <Nowhere@xxxxxxxxxxxxxxx> wrote:

I'm looking for simple and advanced Win xp security tips, on and off
Maximum protection possible. Not links, but concise, sensible and
security tips from good users. Thank you.

Use a router unless you are on dial-up.
Use an _up-to-date_ anti/virus program.
Use an _up-to-date_ anti/spyware program or two or three.
Use a software firewall.
Use common sense when browsing and opening emails.
Use alternate programs for browsing and email and newsgroups. (no IE or
Outlook or OE)
Turn 'sharing' off.
These should keep _most_ of the 'nasties' at bay.

Heh don't forget to hide those machines inbound below port 1024 from the Internet unless you really have a good reason to expose server services. If you have a requirement, ensure the exposure is limited to the least amount of IP's required. This is extremely important on winX machines but also applies to NIX environs as well. A stateful firewall will automatically block those services however limiting port exposures to only what is required is your best safety.

A good stateful hardware firewall is useful and are almost cheap these days. Several can be used as a router/hub and they are useful for locking down a wireless node in its own DMZ and reduce exposure of the local subnet. I have had a few folks attempt to attack my local home network over an exposed wireless NIC. Just can't trust anyone these days. Also ensure that the firewall is software upgradable. I have had to upgrade my CISCO a few times over the years.

If you use winX or NIX system ensure only the services you require are running. MS has many services running that are not required by most people (I still wonder why MS thinks most home users need a message of the day service running for example). NIX systems can also inadvertantly open services with some packages if you are not careful.

Know what services are required for your use and check occasionally to ensure that the latest patch or some stray software package has not turned something on that is not needed. I have had MS turn unneeded services back on after I patched even though the services were manually disabled. It is nice to have that hardware firewall protect me from myself sometimes.