HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun to do"

Status
Not open for further replies.
Securing Telnet Service, & Usergroups

SECURING THE TELNET SERVICE & USER GROUPS:

And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).

http://www.markusjansson.net/exp.html

Turn Telnet NTLM logging off

-> Run: telnet.exe
--> Type (and press enter): unset ntlm

He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).

APK

P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:

=================================
APK "A to Z" Internet Speedup & Security Text!
=================================

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

It had its "dim early beginnings" back in 1997-1998, as the VERY FIRST security guide for Windows NT-based Operating Systems (2000/XP/Server 2003 currently) @ NTCompatible.com (albeit for Windows NT, & 2000 there only) as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

=================================

Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk
 
Last edited:
Applications Vulnerability Scanners & more

More security tools/info. (04/28/2008), for APPLICATION LEVEL SECURITY:

(I.E.-> For checking for apps you have that may be security vulnerable OR have been patched vs. said vulnerabilities, etc.):

----

SECUNIA PSI (checks for outdated OR apps that are known to be insecure):

secunia_psi_screen.png


https://psi.secunia.com/

NEW VERSION (released very recently too).

A good program, by a trusted & WELL-KNOWN security-oriented website online (I tried version 1 earlier on last year, it needed work. This one is solid though, so far @ least, imo!)

(It works, & sometimes catches things FILEHIPPO UPDATE CHECKER below, won't - good "2nd Doctor's opinion" etc.)

----

FileHippo's Update Checker (checks for outdated OR apps that are known to be insecure, supplement's PSI above):

filehippo_update_checker.png


http://filehippo.com/updatechecker/

Decent program as well, & good to use as a supplement to the SECUNIA PSI Tool as well (from a well-known file downloads site also in filehippo).

(It works, & sometimes catches things SECUNIA PSI above, won't - good "2nd Doctor's opinion" etc.)

----

APK Registry Cleaning Engine 2002++ SR-7:

389.jpg


http://www1.techpowerup.com//downloads/389/foowhatevermakesgooglehappy.html

:)

* Yes, "shameless plug" on MY part on the last one, but, it does have "security benefits"...

(& more than potentially useful forensics ones, because it shows you what files a user calls upon via its lists (it does check recently used filelists, but, will also list those files the user attempted to delete (this assumes he may have been attempting to hide them)))... it is 100% proven SAFE on all 32-bit versions of Windows (see its description & feedback by users on the download page) 9x-VISTA as well)).

APK
 
"Checks & Balances" (accuracy check of this article by "pros")

I also "took the liberty" of contacting a well-known "security-pro" (in Don Parker of "SecurityFocus.com" fame, whom I post with @ Security Forums online with whose URL is below & I referred he to it, as it is the same content as the one here)!

This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:

**********

Hello apk,

I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.

--Don

-----Original Message-----
From: APK [mailto:[email protected]]
Sent: Wednesday, March 19, 2008 5:34 PM
To: (e-mail address removed)
Subject: REVIEW THIS IF YOU HAVE TIME (I see you posting @ Windows Security
Forums is why I ask, & it is where the post is)... apk

See subject-line, & this URL:

http://www.security-forums.com/viewtopic.php?t=50567&sid=ab315d598367466fa300e45b636f9f1c

Thanks!

APK

P.S.=> Loved your articles @ SecurityFocus, entitled Catch them IF you can" & "Don't blame the IDS", by the way...

Good stuff, & thus, I respect your views on my posting above & would like to see/hear any "downsides" from your point-of-view regarding the points I made in said posting... again, thanks! apk


**********

That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all) in the arena of computer security, & DO CATCH DON'S ARTICLES I NOTED ABOVE (especially "Catch them IF you can", as it makes points many DO overlook (especially logs!))... apk

--------------

Also - Do please check this page out, for even more security points:

http://csrc.nist.gov/itsec/download_WinXP_Home.html

Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf

----

The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?

That also lists a "6.32 Removing Malware" section as well!

So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!

(In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)

Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!

E.G.->

  • Securing wireless networks
  • Securing MS-Office apps better
  • Script file extensions associations with notepad.exe for instance (for safety vs. scripted attacks)
  • More on email & webbrowser security
  • The SIGVERIFY utility (file signature checker)
  • Disabling unneeded accounts

That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).

APK
 
"Checks & Balances" (part deux) - RESULTS POSSIBLE ON CIS TOOL (XP)

http://img297.imageshack.us/img297/2240/52041100vo6.png

52041100vo6.png


That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.

A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...

:)

* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):

http://www.xtremepccentral.com/forums/showthread.php?t=28430

APK

P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
 
Conclusion

To all interested/reading:

I think this is it guys, I know of NO MORE to secure a Windows System... & again - IF any of you have ponits to add, please do so, but, I only ask that you keep it @ a technical computer security level (per my 1st initial post here's "P.S." section @ its termination).

:)

* ENJOY A FASTER & SAFER Windows based system of modern variety (2000/XP/Server 2003 & even VISTA) online today (especially TODAY!)...

APK

P.S.=> In other words, please - no "grammar & spelling" English "writing style" critiques, as they do NOT help to secure a system further... I did try to keep it as SHORT as possible, & to have folks use the CIS Tool to help make it easier + more fun. HOWEVER, @ times, the material is complex & I could not "shorten/condense it" anymore w/ out losing critical details & such! Please bear with that much, & gain by this thread by getting those 90++ scores on CIS Tool, surfing safely & F A S T E R online as a bonus once you apply the points I layered ontop of CIS Tool's guidance points (based on "industry best practices" & such)... thanks! apk
 
Spoke too soon in my last post above! apk

A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog...

Why/how?

http://mtc.sri.com/

:)

* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!

APK

P.S.=> Spoke a "wee bit" too soon, in my last post above (as to me concluding this post) - as again, this information's GREAT for those that utilize a CUSTOM HOSTS FILE for security! apk
 
New Tool for those interested in custom HOSTS files... apk

For those of you interested in using custom HOSTS files (for BOTH added security & added speed online)?

"APK Hosts File Grinder 4.0++"

attachment.php


:)

----

The application above has been built by myself, for folks just like YOU, & of course, myself!

----

It allows you the end-user, the ability to:

  • 1.) DO very EASY Integrating the HOSTS files of others, such as MVPS.ORG & others noted @ wikipedia, here -> http://en.wikipedia.org/wiki/Hosts_file (even if in other internal line-by-line formats) "scrubbed into" the MOST EFFICIENT format there is (allowing less memory &/or disk space occupancy for loading, of 0<singlespace>URL<cr+lf> ), first, & then...
  • 2.) Speed up access to your fav sites, via 1st pinging them (so their IP Address IS up-to-date/current), & adding them to the normalized non-repeat line items list on the right above
  • 3.) Add/remove sites from a hosts file, but by first checking for their pre-existence inside the HOSTS file on ADDS, & rejecting if there already (& adding if NOT present)
  • 4.) Lastly, it will FULLY NORMALIZE (accurately 110%) a HOSTS file (normalize = removal of duplicates)...leaving you with one in the MOST efficient format line-wise there is (noted above, which consumes less memory & faster loadtime from disk)
----

It has allowed me to:

A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area), & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even), reduce its size that way (1/2 the intial size almost from all that date), first...

B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!

C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).

-----

* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:

(e-mail address removed)

APK

P.S.=> General statistics on its, while in operation:

700k-5900k memory occupancy prior to load of HOSTS file data...

( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)\

Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)

PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)

(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))

+

A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)

Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk
 
Last edited:
Hello.

Do you really think anybody's going to read all those posts?
 
floppybootstomp said:
Hello.

Do you really think anybody's going to read all those posts?
Click to expand...

Anybody interested in securing a PC, as fully as possible?

Yes!

(In fact, I have seen it!)

E.G./I.E.-> I have had a great deal of people do so, & to good results... Would you like proofs of this?? I can supply that (&, quite quickly in fact).

AND, from many sites this past year (since Jan. 2008) where it was rated either:

  • Rated 5/5 stars
  • Instantly made a "sticky/pinned thread"
  • Instantly made an "essential guide" (or, all 3 of the last ones noted in this list)
* HECK: 1 even PAID ME for this content ($100 January 2008 winner @ PCPitstop.com in fact).

APK

P.S.=> Others, who may be afflicted with say, Dyslexia, or "ADD" (for whatever THAT means)? Probably not... nor those not interested in the security of a PC online!

(Because, Hey, I.E. - I can lead a horse to water, I cannot make him drink it, & that is that)... apk
 
Last edited:
I can install and have a linux distro up and running in less than an hour. Thats less time than it would take me to read and assimilate the information given here. To implement and use the information given would probably take me God knows how long and I doubt I would fully understand it all. So me I'm going to stick with linux.

Good effort though.

happywave.gif
 
Abarbarian said:
I can install and have a linux distro up and running in less than an hour. Thats less time than it would take me to read and assimilate the information given here. To implement and use the information given would probably take me God knows how long and I doubt I would fully understand it all. So me I'm going to stick with linux.
Click to expand...

Which LINUX, like Windows, only gets around a 46/100 score on CIS Tool as well, mind you, by default in its outta the box default setup!

(I.E.-> Do you REALLY think even an SeLinux bearing distro is "secure as possible" outta-the-tox/oem stock?)

WELL- IF SO? Then, see the 1st post of this thread... (it shows you QUITE otherwise)

CIS Tool is a MULTIPLATFORM gauge of security, based on "industry best practices", & yes, those practices DO work... I just layer on MORE you can use, to both speed yourself up online, but more importantly, secure yourself more, too (above those industry std. practices no less).

&, it ALL works.

Abarbarian said:
Good effort though.
Click to expand...

Likewise to you, especially in regards to your reply regarding LINUX, but I do not think you are being facetious (wise guy here, either)...

POINT-BLANK:

You skimmed my man, & failed to notice that even LINUX (not that it IS any more secure than Windows is, outta the box period) doesn't do too well outta the box/stock, in its default setup - because again: There are photos of scores from LINUX as well, in the 1st post I did here!

APK

P.S.=> Either you skimmed (excusable, believe me, I am NOT above it myself @ times)... or, you don't know as much about LINUX as you'd like to think... apk
 
Last edited:
APK Hosts File Grinder 4.0++: 4 those that use a HOSTS file for speed + security

Double post, sorry!

:)

APK
 
Last edited:
floppybootstomp said:
Hello.

Do you really think anybody's going to read all those posts?
Click to expand...

Anybody interested in securing a PC, as fully as possible?

Yes!

(In fact, I have seen it!)

E.G./I.E.-> I have had a great deal of people do so, & to good results... Would you like proofs of this?? I can supply that (&, quite quickly in fact).

AND, from many sites this past year (since Jan. 2008) where it was rated either:
------------------------------------------------------------------------------

  • Rated 5/5 stars
  • Instantly made a "sticky/pinned thread"
  • Instantly made an "essential guide" (or, all 3 of the last ones noted in this list)
------------------------------------------------------------------------------

* HECK: 1 even PAID ME for this content ($100 January 2008 winner @ PCPitstop.com in fact).

APK

P.S.=> Others, who may be afflicted with say, Dyslexia, or "ADD" (for whatever THAT means)? Probably not... nor those not interested in the security of a PC online!

(Because, Hey, I.E. - I can lead a horse to water, I cannot make him drink it, & that is that)... apk
 
Last edited:
floppybootstomp said:
Dementia.
Click to expand...

Folks w/ that are excused also...

:)

* That is NOT their fault (hdd's in brain are losing format!)

APK
 
APK said:
Folks w/ that are excused also...

:)

* That is NOT their fault (hdd's in brain are losing format!)

APK
Click to expand...

Ok, mon ami, I guess you have an agenda ;)

I haven't seen any blatant advertising, just some extremely frantic advice, so I shall leave this thread be :)
 
floppybootstomp said:
Ok, mon ami, I guess you have an agenda ;)
Click to expand...

Yes - to help stop (or, @ least stall) the massive online attacks occurring out here online, today & for the past few years... because for years now professionally in this field, that has been part of my duties daily!

(&, this post? It is to "turn others on", to the simplicity of securing their systems, via an EASY TO USE tool for it that reviewed well in COMPUTERWORLD (which CIS Tool did))

CIS Tool just plain makes it far easier, rather than having to know the details of online networking, by far, & also every registry + file entry involved to secure one's self too!

Almost "FUN" to do, like any benchmark is... & it is MULTIPLATFORM (so, folks who use Linux distro variants, Solaris, & even BSD variants (no MacOS X version though, sorry) can run it also, per my advice to the poster above, in Abarbarian).

What I additionally "layer on", ontop of CIS Tool's advisements, works also... very well in fact!

floppybootstomp said:
I haven't seen any blatant advertising, just some extremely frantic advice, so I shall leave this thread be :)
Click to expand...

Yes, no advertising... just helping!

:)

* OF COURSE, again: I can only lead horses to water... I cannot make them drink it!

APK
 
Last edited:
APK said:
(&, this post? It is to "turn others on", to the simplicity of securing their systems,
Click to expand...

SIMPLICITY?????

Sorry you lost me on Post1.
 
nivrip said:
SIMPLICITY?????
Click to expand...

This level of work, securing a PC? NOT "ROCKET-SCIENCE"... far from it in fact!

:)

Especially compared to OTHER areas this field has... & ESPECIALLY CONSIDERING CIS TOOL MAKES THIS LITERALLY, as easy as it gets, & IS multiplatform too!

nivrip said:
Sorry you lost me on Post1.
Click to expand...

Well, again:

By comparison to other areas of this field (e.g.-> coding? Networking is s snap)...

After all - MOST network tasks involve using the code others design for you to USE...

(However, by comparison to coding, where YOU design the solution... often one never done before, especially in the case of custom IS/MIS/IT coding? VERY little actual creation happens by way of comparison from being into "network engineering/administrations" vs. coding, period (well, logon scripts & maybe firewalling type rulesets, A/D manipulations, etc. & log parsing @ MOST, software-wise - yes, oversimplifying some, but NOT too much either)).

I do both simultaneously for a living & have for nearly 16 yrs. now (many times published in written print in this field, since 1996, in places such as Windows-NT Magazine (now known as Windows IT Pro mag) & many others, to the total sum of around 10x now, from 1996-2002)) & thus?

I can FREELY comment on both... though network admins won't LIKE that, it IS the truth, period.

-----

ANYHOW/ANYWAYS:

Download the CIS Tool (completely free) & run it.. then, comment. Reserve judgement on something, until you try it!

:)

-----

* You'll see that it makes securing ANY personal computer OS (well, MOST any) a snap... easily, by comparison to knowing every config file/registry entry etc. et al, there is that is involved in actually doing this, manually...

E.G.-> If you like doing say, PC Benchmarks, for performances' sake? You'll most likely LIKE this one, too... but, that remains to be seen.

(I.E.-> Trust me on 1 thing: Doing it WITHOUT the CIS Tool, is a LOT more work & demands far more understanding than most folks possess about their PC &/or Operating Systems, let alone the IP Stack & how it works, online & in networking)

APK

P.S.=> Then again, if this is too much for you? Then, skip it... simple! Because, as I have stated to ABarbarian & your moderator/administrator here, repeatedly now??

WELL - I can only lead horses to water, I cannot make them drink... apk
 
Last edited:
After all of these "It's TOO hard", or "It's too long" etc. et al type replies?

All I can say, is this:

IF you refuse to learn something new? That's your hassle...

(Because this tool (CIS Tool) makes this fairly 'complex' subject, as easy as it gets... & it is multiplatform. I have found NO other like it, or nearly as comprehensive)

-----

Additionally? The ONLY folks I have really seen "beetch" about this guide??

Javascript coders, or webmasters usually!

(ESPECIALLY regarding HOSTS files, but, then, if the bad adbanners wouldn't popup on sites the past 3-4 years now, there would not BE a problem like that)...

Why? Well, it may cause them to lose out on SOME revenues!

Mainly, because I strongly recommend blocking adbanners for BOTH security AND speed... & turning off JavaScript (the root vector tool used to infect folks the MOST nowadays, & sites like secunia can prove that much, easily)...

Of course, there is the folks that run places like "the RBN" (look them up too if need be) that DEFINITELY do NOT LIKE IT (as they are known to be behind many the exploit out there online, today)

----

The "bright-side" of this, especially for network admins/engineers + techs? Folks that refuse to secure themselves better online, keep them (us, I am one too, as well as being a coder) IN A JOB!

* Thanks for that much I guess...

-----

HOWEVER: As I told your mod/administrator here? I can quite literally & QUICKLY show many forums where folks DID employ this material, to GOOD effect no less (no more security hassles that I know of), & I DID HELP FOLKS THRU VARIOUS SECTIONS THAT "CONFUSED THEM" as well... when asked to do so.

E.G.-> This site, see Thronka, midweskid, &/or AlexStarFire + their questions (& more importantly, their results):

http://forums.guru3d.com/showthread.php?t=246538&page=5

There, thru @ least 4 folks thru its pages, I helped them thru issues they had implementing CIS Tool's suggestions list... for AlexStarFire, in particular? This resulted in the ABSOLUTELY HIGHEST SCORE I HAVE EVER SEEN FROM A WINDOWS USER no less (on XP, I use Windows Server 2003 SP #2 fully hotfix patched, which has been noted as "the most secure Windows to date" from various sources).

APK

P.S.=> Again: I can only lead horses to water, I cannot make them drink... apk
 
Last edited:
Status
Not open for further replies.
Back
Top