Secure NIC settings.

  • Thread starter Thread starter Ted Byers
  • Start date Start date
T

Ted Byers

As I understand it, MS by default has everything enabled for NICs, and it is
my understanding that having, e.g. NetBIOS enabled on a network that doesn't
use or need it creates a vulnerability. Is this right? If so, what is the
list of things I can safely disable, WRT the NIC settings, that will enhance
the security of my system and yet not impair my use of the Internet.

I am using Windows 2000, and I have a router that has firewall and DHCP
server capability (and I am using both) - even at that, and despite running
Norton Internet Security, kept up to date, someone managed to hack into my
system and do enough damage to the registry that I had to wipe my C:
partition clean (i.e. format it) and reinstall Windows along with all my
other software, this after some worm damaged the OS a few days earlier
(fortunately, my nephew and I were able to fix it that time). ;-)

I am considering taking my old P-166, and installing OpenBSD on it, setting
it up to serve both as a router and as a firewall, to create an extra layer
of protection.

Any suggestions on how to modify the settings on my NIC to obtain enhanced
security?

Cheers,

Ted
 
If you are not sharing anything with other computers, then uninstall file and print
sharing. Then go to Local Security Policy/security settings/local policies/user
rights assignments and add administrators to deny access from the network. Make sure
you are using hard to guess passwords and set account lockout threshold at ten. Go to
http://scan.sygatetech.com/ and scan your network address to see if it looks like
your firewall is configured properly. A lot of the worm/viruses come in from email
attachments, so be sure to use an up to date virus scanner like Norton that also
scans all email. Keeping your operating system up to date with critical updates form
the Windows update site is also a must. I personally set my internet Web Content Zone
to high and add my frequently visited sites to my trusted zone that I set to medium.
I do the same with cookies also. Occasionally when browsing I will have to
temporarily relax settings for a site that does not seem to work right. You may also
want to consider a better router that is a true SPI firewall and can also block
outbound access to some degree. Netgear makes one for $80. These days it is also
necessary to scan/repair with a program that targets adware/spyware/malware like
SpyBot Search and Destroy. --- Steve

http://www.microsoft.com/security/
http://www.netgear.com/products/prod_details.asp?prodID=140&view=
http://spybot.eon.net.au/
 
Back
Top