Windows security basics
The first basic step to secure your Windows box is to disable Netbios over TCP/IP, File and Print sharing or at least set passwords
for your shares. When you've done that you should visit
windows update and install the latest hotfixes and patches.
If you are running NT4, W2K or XP you should remove the hidden administrative shares admin$ (c:\winnt), c$ (c:) and any other
default share for other partitions. Restricting access to tcp and udp ports 23 (telnet), 137-139 (netbios), 389 (ldp) and 445
(microsoft-ds) is also a good idea. This will prevent almost all attacks against the OS. Attacks against applications and
services that run on a Microsoft system is an entirely different matter and that will not be covered here.
On NT4 sp3+, w2k and XP systems the registry key HKLM\SYSTEM\CurrentControlSet\LSA\RestrictAnonymous can also be
added to further increase security. It is a REG_DWORD key and should be set to 2. This will block attempts by hackers
to connect to your system with the use of null-sessions. A null-session is an anonymous connection that can be made
to any default configured NT4, w2k and XP systems. They are primarily used to extract information about users, groups, shares
and password policies. However, this registry setting could cause connectivity problems for third-party software and older
versions of Windows. Therefore it should be carefully tested before implemented.
Always, always set a password for administrator on your windows multitasking OS. The best number of letters to have is either 7
or 14 because of the insecure IBM LanManager backwards compability that Microsoft implemented. An open netbios port and a weak
password could give someone administrator rights on your PC in a matter of minutes. They would only need to use two certain
"hacker" programs to accomplish this.
The new firewall that comes with XP doesn't provide application control so it is pretty useless if you accidentally start up or
get infected by a trojan software. Download and try one of those listed below to minimize the likelihood of someone compromising
your OS and personal integrity.
Consider turning off the preview window in Outlook if you are using it. Malicious code can execute even if you don't actively
open an email if this feature is turned on. Active content can be included in the email itself and not necessarily in an
attachment, either in the form of ordinary Html or an activeX component. Also set outlook to operate in the high security zone to
further increase security.
Anti-virus software
We recommend scanning all files for viruses. Do this before viewing files, starting up programs or script files that have been
downloaded with Medusa. To be sure that the file you have downloaded is safe set Explorer to view all files. Make sure that you
also have chosen to display file extensions for registered files. These settings will help you avoid clicking on a file with a
name like anna_kournikova.jpg.vbs.
Freeware:
AVG Anit-Virus system
VCatch Virus Catcher
Commercial:
Norton Antivirus 2002
Personal Firewalls
A personal firewall offers protection against the hackers, crackers and script-kiddies present on the Internet. There are
quite a lot of these programs around, but to be totally safe a firewall should also offer application control. This makes
sure that no trojan software can run on your system without you immediately becoming aware of it. A trojan is a program that gives
someone else total control of your system without you realizing it. It is considered best practise to also protect a system from
what can be sent from a computer to the Internet, as well as vice-versa. The best way a firewall can offer application
control is by implementing MD5 checksums. This makes it practically impossible for an approved and harmless application to be
replaced by a trojan.
Freeware:
ZoneAlarm - This is a easy-to-use firewall that
offers application control, MD5 checksum control, an Internet lock and supports zones.
Commercial:
BlackIce defender - BlackIce identifies the kind
of probe, or attack, that is taking place. Doesn't offer application control.