Re: Need help closing security holes in my Windows XP home system!
From: Leythos (void_at_nowhere.lan)
Date: 02/25/05
- Next message: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Previous message: Bob Ladbury: "Need help closing security holes in my Windows XP home system!"
- In reply to: Bob Ladbury: "Need help closing security holes in my Windows XP home system!"
- Next in thread: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Reply: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 11:38:40 GMT
On Fri, 25 Feb 2005 03:02:18 -0800, Bob Ladbury wrote:
> I have a two-computer home network system. I only recently learned how
> to setup a network system, and now I'm concerned about having opened up
> new portals of access to internet hackers, because of all the
> configuring I had to do to get this system to work. Here's a list of
> some of those possible security holes:
>
> 1. My router came with a default MAC address printed on the bottom.
> Should I change this, if so, to what? (Can you tell I don't know what
> the heck a MAC address is?)
No, leave it alone - the MAC address is a physical code that relates to
your unique hardware as in your segment of the network - no other device
in your segment should have the same MAC.
> 2. I had to enable the GUEST ACCOUNT in XP Pro in order to get the
> printer sharing to work. Can hackers off the net use this now enabled
> account to access the computer? What about the ADMINISTRATOR account?
This is a big screw-up, you never enable GUEST, NEVER! What you needed to
do was setup the same users/passwords on both machines - so that if you
have user s,d,f,g on machine one you have user s,d,f,g with the EXACT SAME
PASSWORDs on machine 2,3,4,5,6....
> 3. The remote computer in my 2-comp network is "supposed" to have its IP
> masked because the router is a NAT router (with SPI), that supposedly
> shields all remote computers in the network because it uses what it
> calls a built in "DHCP" server to assign its own internal IP addresses
> to the remote computers. If this is so, why then can I go on the net
> with the remote computer, and any header analysis site will show me my
> real IP address?!
NAT only blocks unsolicited INBOUND access, it does not stop your browser
from running a script that can report back to a web site that you visited
what your real, internal, IP address is. What you need to do is visit one
of the network scanner sites that will scan all 65535 ports on your public
IP to see if you have any holes.
Using IE to browse the Internet in a default config, with GUEST enable, or
even using an Administrator level account, is asking for your machine to
be compromised. Visit the Windows site and seek out the info on how to
secure IE, high-security mode. You could also start using Fire Fox as your
browser, it's not anywhere near as exploited as IE is.
> 4. When programs on my system call out to the net, they are initially
> blocked by my software firewall (which is an SPI firewall). After a few
> adjustments to the personal firewall, they have no problem communicating
> with the net. The router also has an SPI firewall. Why doesn't it block
> the programs as well? Given that it has never impeded access to or from
> anything on my system, it acts like it doesn't even exist!
The router is just a router, it's basic function is to ROUTE TRAFFIC ONLY.
If you choose to make a outbound connection the ROUTER will let ANY
traffic out to where it wants to go, that's how routing works. As for
inbound traffic, since the router doesn't see an internal machine
requesting the communication, it blocks those unsolicited inbound
sessions, there is no path back for them.
As for outbound, since a router is not a firewall, there is no real
outbound blocking.
> 5. I set the RPC (Remote Procedure Call) service to avoid rebooting in
> all 3 circumstances, to prevent hackers from rebooting my machine from
> the net. Will this really prevent reboots, and if so, is there any other
> way these cyberscum can automatically reboot my computer?
Your computer has a lot of ways it can be compromised, RPC is
insignificant once you're not live on the internet.
> If you have any other important tips on closing security holes to
> prevent hacker access, don't be shy!
Stop running Internet Explorer
Stop using Outlook Express / Outlook
Stop browsing questionable sites
Stop sharing files with anything outside your internal network
Stop file sharing programs
Stop loading browser helper tools - not even google/yahoo bars
Stop using the Administrator level account unless making system changes
Stop using GUEST
Apply ALL Windows Updates
Apply ALL MS Office Updates (if you have OE/MS Office)
Apply ALL Antivirus updates, run the update daily
Use a quality Antivirus program
Install AdAwareSE and SpyBot Search & Destroy and run them
Use FireFox and ThunderBird for Browsing and Email
Stop/Don't forward ports through the router to your internal network
Don't let others use your computer
Check for router firmware updates once a month
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Previous message: Bob Ladbury: "Need help closing security holes in my Windows XP home system!"
- In reply to: Bob Ladbury: "Need help closing security holes in my Windows XP home system!"
- Next in thread: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Reply: Joe: "Re: Need help closing security holes in my Windows XP home system!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
