whitebread Posted March 13, 2008 Share Posted March 13, 2008 Very nice guide (Y)(Y) Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589268467 Share on other sites More sharing options...
APK Posted March 14, 2008 Author Share Posted March 14, 2008 Just to let you know that the IP address ranges 202.x 203.x 210.x 211.x and 212.x can and are assigned in Australia and New Zealand (And in some cases the western USA/Canada) - in the case of any TelstraClear customers, blocking the above ranges would deny acces to their DNS server, their mail server and their ISP homepage for starters. Thanks man... you can never be SURE all the info. you are getting is "110% straight", so point noted & I will edit that part out (I didn't care much for it either!) :) * AND, lol, if you note & look closely? You will see I made a fairly CRUCIAL mistake above - I put the IP Address - URL equation in the WRONG ORDER! Man... that is what I get for doing things without my coffee in the a.m.! I have to edit for that too! ==================================================================================== BELOW IS THE REVISION OF MY LAST POST WITH CORRECT IPAddress-to-URL EQUATION ORDER + POINT iMonkey noted ==================================================================================== As regards the "Russian BUsiness Network" (RBN) who has been @ the heart of MANY online attacks (or, things like Zlob trojan & IDTheft related attacks, etc. et al)? Use this information to protect yourselves, from them. (RELIABLE/REPUTABLE SOURCE = http://www.spamhaus.org/rokso/evidence.las...kso_id=ROK7465) USING NOTEPAD.EXE ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory): You can verify its location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe & going here: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters & checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc (Unless you KNOW that YOU move it, as I do!) I move mine INTENTIONALLY to another disk here that is less used & faster on seeks! That is just so it init.'s faster since the HDD is not contending with other programs loading etc. or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example). # === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS === 0.0.0.0 rxpharmacy-support.com 0.0.0.0 ns3.cnmsn.com 0.0.0.0 thecanadianmeds.com 0.0.0.0 officialmedicines.com 0.0.0.0 psxshop.com 0.0.0.0 10000xing.cn 0.0.0.0 222360.com 0.0.0.0 adslooks.info 0.0.0.0 bnably.com 0.0.0.0 eqcorn.com 0.0.0.0 familypostcards2008.com 0.0.0.0 freshcards2008.com 0.0.0.0 happy2008toyou.com 0.0.0.0 happysantacards.com 0.0.0.0 hellosanta2008.com 0.0.0.0 hohoho2008.com 0.0.0.0 kqfloat.com 0.0.0.0 ltbrew.com 0.0.0.0 mymetavids.com 0.0.0.0 obebos.cn 0.0.0.0 parentscards.com 0.0.0.0 postcards-2008.com 0.0.0.0 ptowl.com 0.0.0.0 qavoter.com 0.0.0.0 santapcards.com 0.0.0.0 santawishes2008.com 0.0.0.0 siski.cn 0.0.0.0 snbane.com 0.0.0.0 snlilac.com 0.0.0.0 tibeam.com 0.0.0.0 tushove.com 0.0.0.0 wxtaste.com 0.0.0.0 yxbegan.com 0.0.0.0 iframedollars.biz 0.0.0.0 NS1.RBNNETWORK.COM 0.0.0.0 NS1.4USER.NET 0.0.0.0 NS1.EEXHOST.COM 0.0.0.0 NS1.AKIMON.COM 0.0.0.0 NAME1.AKIMON.COM 0.0.0.0 NS2.RBNNETWORK.COM 0.0.0.0 NS2.4USER.NET 0.0.0.0 NS2.AKIMON.COM 0.0.0.0 NS2.EEXHOST.COM 0.0.0.0 NAME2.AKIMON.COM 0.0.0.0 RUSOUVENIRS.COM 0.0.0.0 RBNNETWORK.COM 0.0.0.0 NS1.INFOBOX.ORG 0.0.0.0 NS2.INFOBOX.ORG 0.0.0.0 NS1.RUSOUVENIRS.COM 0.0.0.0 NS2.RUSOUVENIRS.COM 0.0.0.0 NS1.RUSOUVENIRS.NET 0.0.0.0 NS2.RUSOUVENIRS.NET 0.0.0.0 SBTTEL.COM 0.0.0.0 AKIMON.COM 0.0.0.0 AKIMON.NET 0.0.0.0 EEXHOST.COM 0.0.0.0 NS1.EEXHOST.COM 0.0.0.0 NS2.EEXHOST.COM 0.0.0.0 NS1.4USER.NET 0.0.0.0 NS1.AKIMON.COM 0.0.0.0 NS1.EEXHOST.COM 0.0.0.0 NAME1.AKIMON.COM 0.0.0.0 NS1.RBNNETWORK.COM 0.0.0.0 NS2.4USER.NET 0.0.0.0 NS2.AKIMON.COM 0.0.0.0 NAME2.AKIMON.COM 0.0.0.0 NS2.RBNNETWORK.COM 0.0.0.0 NS2.EEXHOST.COM 0.0.0.0 VALUEDOT.NET 0.0.0.0 ns0.valuedot.net 0.0.0.0 ns1.valuedot.net 0.0.0.0 1000WATT.BIZ 0.0.0.0 2SOVKA.NET 0.0.0.0 AIDEN-GROUP.COM 0.0.0.0 AKIMON.COM 0.0.0.0 ALEKC.NET 0.0.0.0 ANDREY-STUDIO.INFO 0.0.0.0 AUTOKUBAN.INFO 0.0.0.0 AVIATRAVELAGENCY.COM 0.0.0.0 AVTOMOBILEY.NET 0.0.0.0 BAGATITSA.COM 0.0.0.0 BAIKERGROUP.COM 0.0.0.0 BALTICDOORS.COM 0.0.0.0 BALTMONOLIT.COM 0.0.0.0 BRIGADA-EL.COM 0.0.0.0 CARPRIVOZ.COM 0.0.0.0 CHILLERU.COM 0.0.0.0 CVETOVODSTVO.COM 0.0.0.0 E-GOLD-CHANGER.COM 0.0.0.0 ELECTRONOV.NET 0.0.0.0 FASHIONER.BIZ 0.0.0.0 FFFFFF.ORG 0.0.0.0 FIFACUP06.INFO 0.0.0.0 FISHTORG.COM 0.0.0.0 FKGARANT.COM 0.0.0.0 FOTORETUSH.COM 0.0.0.0 FREGATSOFT.COM 0.0.0.0 FROLROMANOFF.COM 0.0.0.0 FULLVER.INFO 0.0.0.0 GAKKEL.COM 0.0.0.0 GARANTSERVICE.ORG 0.0.0.0 GDEDENGI.INFO 0.0.0.0 GLAZKI.NET 0.0.0.0 GOLD-DRAGON.INFO 0.0.0.0 GORODM.COM 0.0.0.0 GRAYZI.NET 0.0.0.0 GRIFFINFLY.COM 0.0.0.0 HEAT-ENERGO.COM 0.0.0.0 HITEMA.NET 0.0.0.0 HYIPREVIEW.INFO 0.0.0.0 HYIPSMAP.COM 0.0.0.0 ILOXX.ORG 0.0.0.0 IMYA.INFO 0.0.0.0 INFODOSKA.COM 0.0.0.0 INTERNETWORLDBOOK.COM 0.0.0.0 KLIMATA.NET 0.0.0.0 KOMOV.NET 0.0.0.0 KOSMETICHKA.NET 0.0.0.0 LIDTRADE.COM 0.0.0.0 LIFE-RU.ORG 0.0.0.0 LPSPB.COM 0.0.0.0 M-OST.NET 0.0.0.0 M-UNLOCK.COM 0.0.0.0 MAMRU.COM 0.0.0.0 MAPSERV.COM 0.0.0.0 MASTERDOKS.COM 0.0.0.0 MIRMED.COM 0.0.0.0 MOOSEMUSE.COM 0.0.0.0 MOREPRODUCT.NET 0.0.0.0 MUSEMOOSE.COM 0.0.0.0 NESTRONICS.COM 0.0.0.0 NESTRONICS.NET 0.0.0.0 NOFUN.INFO 0.0.0.0 OIL-GAS-MINERALS.COM 0.0.0.0 OKOSHKA.NET 0.0.0.0 OPTIMUS.BIZ 0.0.0.0 OTKRITKI.NET 0.0.0.0 OTKRITOK.NET 0.0.0.0 PARALLELSIXTY.COM 0.0.0.0 PASSOMONTANO.COM 0.0.0.0 PETROBALT.NET 0.0.0.0 PHARMACY-MD.COM 0.0.0.0 PISKUNOV.NET 0.0.0.0 POIGRAI.INFO 0.0.0.0 PROETCONTRA.ORG 0.0.0.0 PSOLAO.ORG 0.0.0.0 ROSEL.INFO 0.0.0.0 SBTTEL.COM 0.0.0.0 SECONDAPPROACH.COM 0.0.0.0 SMARTSOFTLINE.COM 0.0.0.0 SMESHNOY.COM 0.0.0.0 SQUAREDREAM.COM 0.0.0.0 STROIINFORM.COM 0.0.0.0 STROYBRIGADA.COM 0.0.0.0 TANK-HOBBY.COM 0.0.0.0 TECHNONORDIC.COM 0.0.0.0 TELEUNITED.NET 0.0.0.0 TEPLOCOM.COM 0.0.0.0 THERMOCAUTERY.COM 0.0.0.0 TIARU.COM 0.0.0.0 TRADEFINANS.COM 0.0.0.0 TRADEFINANS.NET 0.0.0.0 TRAININGS-TRIUMPH.ORG 0.0.0.0 TSAR-SUVENIR.COM 0.0.0.0 UEFACUP08.INFO 0.0.0.0 UMNIKSOFT.COM 0.0.0.0 UNDERCOOLED.NET 0.0.0.0 VALIDBIT.COM 0.0.0.0 VERESC.ORG 0.0.0.0 VOROLAIN.COM 0.0.0.0 WHITENIGHTSHOSTELS.COM 0.0.0.0 WORLDFONDS.NET 0.0.0.0 XRUST.NET 0.0.0.0 YAHOCHU.COM 0.0.0.0 Z-GROUP.INFO 0.0.0.0 ZDRAV.INFO 0.0.0.0 ZHESTOV.NET 0.0.0.0 ZOOSPB.COM 0.0.0.0 goldenpiginvest.com 0.0.0.0 goldenpiginvest.net 0.0.0.0 pharmacy-viagra.net # === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS === FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1" because iirc, the zero's based one leads to a NULL port type of request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple of reasons (which it took me some time to come up w/ & testing as to which is "better" to use). SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses faster (I found this out using a multithreaded port scanner I wrote, which whipped thru FAR faster using zero entries, rather than 127.0.0.1 ones) FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage): I.P. address block for Russian Business Network: 81.95.144.0/20 #SBL43489 (81.95.144.0 - 81.95.159.255) And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon: 85.255.112.0/20 #SBL36702 (85.255.112.0 - 85.255.127.255) 69.50.160.0/19 (69.50.160.0 - 69.50.191.255) 194.146.204.0/22 #SBL51152 (194.146.204.0 - 194.146.207.255) You should block all IPs starting with these if you do not care about Russia and China: 193. 194. 195. 213. 217. 62.64. 62.76. A few major Internet providers that provide services to RBN including Tiscali.uk SBT Telecom Aki Mon Telecom Nevacon LTD Frame Cash 76service Noc4Hosts APK P.S.=> THIS IS THE REVISION TO USE, & thanks in part to myself looking it over again guys (did the first post above without drinking my coffee in the a.m., which for me, lol? IS CRUCIAL) & the rest of the credit goes to iMonkey from above (thanks man)... apk Very nice guide (Y)(Y) Thank you, I am glad you like it, & I hope you get GOOD CIS Tool scores, PLUS & above all else? A faster & safer system online... the very reason WHY I put it out across many forums! :) * Enjoy! APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589268960 Share on other sites More sharing options...
APK Posted March 14, 2008 Author Share Posted March 14, 2008 Very nice guide (Y)(Y) Thanks, enjoy, & get a GREAT score on CIS Tool, & a F A S T E R + definitely safer system online using the points in this thread! :) * I'd like to thank the moderation staff here & iMonkey too. iMonkey for his excellent points that helped correct my last post here, & the mods for quickly editing out the 1st post I did that had less than "totally accurate" info. in it! APK P.S.=> AND, so you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above? Well, I strongly suspect "they're @ it again" & here is why: Cyber-attack launched from 10,000 web pages: http://itnews.com.au/News/71994,cyberattac...-web-pages.aspx "A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China." (AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)... apk Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589269889 Share on other sites More sharing options...
APK Posted March 18, 2008 Author Share Posted March 18, 2008 (edited) "New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source: SECOND MASS HACK EXPOSED: http://www.itnews.com.au/News/72214,second...ck-exposed.aspx AND, the source I used for this list: http://ddanchev.blogspot.com/2008/03/more-...ame-attack.html And, the salient portion that notes that my suspicion was correct: "if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN" So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use: START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.: 0.0.0.0 do-t-h-e.com 0.0.0.0 rx-pharmacy.cn 0.0.0.0 m5b.info 0.0.0.0 hotpornotube08.com 0.0.0.0 hot-pornotube-2008.com 0.0.0.0 hot-pornotube08.com 0.0.0.0 adult-tubecodec2008.com 0.0.0.0 adulttubecodec2008.com 0.0.0.0 hot-tubecodec20.com 0.0.0.0 media-tubecodec2008.com 0.0.0.0 porn-tubecodec20.com 0.0.0.0 scanner.spyshredderscanner.com 0.0.0.0 xpantivirus2008.com 0.0.0.0 xpantivirus.com 0.0.0.0 bestsexworld.info 0.0.0.0 requestedlinks.com END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.: FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers: do-t-h-e.com (69.50.167.166) rx-pharmacy.cn (82.103.140.65) m5b.info (124.217.253.6) hotpornotube08.com (206.51.229.67) hot-pornotube-2008.com (206.51.229.67) hot-pornotube08.com (206.51.229.67) adult-tubecodec2008.com (195.93.218.43) adulttubecodec2008.com (195.93.218.43) hot-tubecodec20.com (195.93.218.43) media-tubecodec2008.com (195.93.218.43) porn-tubecodec20.com (195.93.218.43) scanner.spyshredderscanner.com (77.91.229.106) xpantivirus2008.com (69.50.173.10) xpantivirus.com (72.36.198.2) bestsexworld.info (72.232.224.154) requestedlinks.com (216.255.185.82) Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al): 89.149.243.201 89.149.243.202 72.232.39.252 195.225.178.21 :) * Enjoy, stay safe, & keep surfing! APK Edited March 18, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589276766 Share on other sites More sharing options...
APK Posted March 23, 2008 Author Share Posted March 23, 2008 (edited) Some added points from various sources to either SUPPLEMENT what I put out here earlier, OR, to addon more points I may have missed: SOURCES: CRSC (computer security resource center) & NIST (National Institute of Standards Technology) @/from the gov't.: http://csrc.nist.gov/itsec/download_WinXP_Home.html That this -> SP800-69.pdf (freely downloadable @ the URL above & it too, lists a ") PDF document makes a few SOLID points about security that my post here HAS overlooked (however, no longer), OR needs supplementing: **** And, a Mr. Markuss Jansen (sp?) on his point on TELNET service (tlntsrv.exe iirc). http://www.markusjansson.net/exp.html Turn Telnet NTLM logings off -> Run: telnet.exe --> Type (and press enter): unset ntlm He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.). ================ USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET! This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area. IF you don't recognize a ware? Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only). The PDF file guide above, like my guide here also? That also lists a "6.32 Removing Malware" section as well! So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide (many MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!) ----------------- 3.14 (regarding filetype associations) which supplements point(s) # from my posting here on this website: Associate THESE file extensions with a program that is NOT their "default" one Extensions concerned (dealing in scripting such as javascript &/or ActiveScripting in email & webbrowsers): JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH. HOW TO Modify File Associations Advanced users should modify the settings for default file associations, as described in Section 3.1.4. These settings need to be changed separately for every user account on the computer. To change them, perform the following steps: 1. From the Control Panel, select Folder Options. 2. Select the File Types tab. 3. Perform these steps to change the mappings for the following extensions: JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH. a. Scroll down the Registered file types window to the desired extension. Select it and click the Change button. b. Select the Notepad program and click OK. 4. Click the Close button. (So they cannot execute, even by accident, in keeping with security regarding javascript/java/activeX/IFrames/Shockwave/pdf type exploits): Personally? I typically associate them with notepad.exe for safety, AND, so I can see their interiors & get SOME CLUE as to what they are up to/doing! ----------------- 3.3.6.1 Web Browsers Restricting Web browser cookies. See Section 3.2.1 for additional information. Preventing software installation within Web browsers. Some Web browsers can be configured to prompt the user to approve the installation of software such as Web browser plug-ins. Some browsers can even prevent Web sites from installing software on the client. These settings are particularly helpful for preventing the installation of spyware within Web browsers. Limiting mobile code execution. Most Web browsers can be configured to allow, limit, or deny the use of certain types of mobile code (e.g., JavaScript, ActiveX, Java). Mobile code is a way for a remote computer, such as a Web site, to run programs on a user’s local Windows XP Home Edition computer. Although limiting or denying mobile code use can provide stronger security, typically this interferes with needed Web browser functionality Blocking popup windows. See Section 3.3.4 for information on this. Also, here is a guide for securing IE7x & onwards (as it IS the webbrowser out there with the most potential for problems due to exploits of its features &/or default configuration): Internet Explorer 7 Desktop Security Guide: http://www.microsoft.com/downloads/details...;displaylang=en * AND, here is an "interesting" optional (or, supplementary) tool that aids in secured websurfing, that goes along the lines of "restricted limited use User Accounts" usage for security: DROPMYRIGHTS, by MS from MSDN (freeware): http://msdn2.microsoft.com/en-us/library/ms972827.aspx ----------------- 3.3.6.2 E-Mail Clients Preventing automatic loading of e-mail images. Most e-mail clients can be configured not to load graphics contained within e-mails automatically. This is particularly helpful for thwarting e-mail-based Web bugs. With this configuration setting, the outline of an unloaded Web bug appears as a small box within the e-mail, and the user’s activity cannot be tracked unless the user chooses to have the image loaded. Limiting mobile code execution. Most e-mail clients can be configured to permit only the required forms of mobile code. This can be effective at stopping some instances of malicious mobile code. Disabling automatic opening of e-mail messages. Some e-mail-based malware may be activated and infect a computer when the malicious e-mail is opened. Many e-mail clients can be configured to open e-mail messages automatically. This can provide an easy way for malware to infect a computer. Accordingly, e-mail clients should be configured not to open e-mail messages automatically. This gives users an opportunity to identify and delete an e-mail that appears to be suspicious based on the sender, recipient, subject, and other identifying information that can be reviewed without opening the e-mail. Enabling spam filtering. Section 3.3.3 has additional information on this. ----------------- 3.3.6.3 Instant Messaging Clients Suppressing the display of e-mail addresses. If the user’s displayed name or supporting information includes an e-mail address, this may be harvested by malware or malicious users, then used in future attacks. Restricting file transfers. If the software can transfer files with other instant messaging users, it should be configured to prompt the user before permitting a file transfer to begin. File transfers are a common way to transfer malware to other computers and infect them. ----------------- 3.3.6.4 Office Productivity Suites Restricting macro use. Applications such as word processors and spreadsheets often contain macro languages; macro viruses take advantage of this. Most common applications with macro capabilities offer security features that permit macros only from trusted locations or prompt the user to approve or reject each attempt to run a macro. The prompting feature can be very effective at stopping macro-based malware threats. Limit personal information. Many office productivity tools allow personal information, such as name, initials, mailing address, and phone number, to be stored with each document created. Although the most basic information (typically, name and initials) are often needed for collaboration features and edit tracking, information such as mailing addresses and phone numbers is not. Personal information becomes embedded within document files and may inadvertently be distributed with files to others. If privacy is a concern, then users should not enter any more personal information than necessary into the user settings of office productivity tools. Use secured folders for application files. Most office productivity applications allow users to define default locations for saving documents and holding temporary files, including auto-saved. save and backup copies of documents. This can be very helpful at protecting application files from unauthorized access by others. Users should also store their custom dictionary entries in a user-specific file stored in one of their protected folders. ----------------- 5.4.2.2 Secure wireless networking If the computer uses wireless networking, review the documentation provided with the wireless access point and the computer’s wireless network card, then implement the following recommendations according to the vendor directions.85 These directions assume that the Microsoft wireless management utility is being used, not a third-party utility provided by the computer’s vendor or the wireless network card’s vendor. If a third-party utility is being used, do not follow the directions in this section; instead, consult the vendor’s directions for additional guidance on secure configuration. 1. Create a long and complex WEP key (also known as a WPA key or WPA passphrase). Configure the wireless access point so the WEP key is required. Enter it into the wireless access point and the Windows XP Home Edition computer. To do the latter, perform the following steps: a. From Control Panel, double-click Network Connections. b. Right-click on the wireless network connection configuration and select Properties. c. Click on the Wireless Networks tab. Highlight the correct wireless network in the Preferred Networks list and click the Properties button. Figure 5-4 shows an example of the security configuration settings that need to be made. d. Set Data encryption to the highest possible setting that both the wireless access point and the Windows XP Home Edition wireless network card can use. The encryption choices will vary depending on the wireless network card. Recommended choices, in order with the most highly preferred option first, are as follows: i. WPA2 with AES ii. WPA1 with AES iii. WPA1 with TKIP iv. WEP with 128-bit encryption. Also, configure the access point to use the selected data encryption option, if it does not already use it by default. Consult the access point manufacturer’s documentation for information on how to do this. e. Clear the check box labeled The key is provided for me automatically. f. Set the Network authentication to Open. Enter the WEP key in the Network key and Confirm network key boxes. g. Click OK to save the changes, then click OK to close the wireless network connection properties window. Close the Network Connections window. 2. On the Windows XP Home Edition computer, configure Wireless Auto Configuration so that it will not attempt to join any wireless network automatically and it will only connect to wireless access points. To do so, perform the following steps: a. From Control Panel, double-click Network Connections. b. Right-click on the wireless network connection configuration and select Properties. c. Click on the Wireless Networks tab. Click the Advanced button in the lower right-hand corner. d. Select the option labeled Access point (infrastructure) networks only.86 e. Clear the check box labeled Automatically connect to non-preferred networks, then click Close. f. Remove any networks from the Preferred Networks list that the computer should not be using. g. Click OK to close the wireless network connection properties window. Close the Network Connections window. 3. Review the wireless access point’s documentation. If it permits access to be restricted by the media access control (MAC) addresses of wireless network cards, enter the MAC addresses of all authorized wireless devices into the access point. To identify the MAC address for a wireless network card on a Windows XP Home Edition computer, perform the following steps: a. From Control Panel, double-click Network Connections. b. Double-click on the wireless network connection configuration. c. Click the Support tab, then the Details… button. d. The value listed for the Physical Address is the MAC address. It should be displayed in the format XX-XX-XX-XX-XX-XX, where each X is a digit or a letter in the range A to F. Write down the MAC address. e. Click Close, then Close. Close the Network Connections window ----------------- Data Execution Prevention Windows XP Home Edition offers a feature known as Data Execution Prevention (DEP). When enabled, this feature prevents software on the computer from performing certain actions that could cause problems. For example, DEP could stop certain types of malware from successfully infecting a computer. Different computers offer varying levels of support for DEP based on their processors. Because DEP limits what software can do, unfortunately there might be occasional conflicts between DEP and certain applications, causing those applications to malfunction. Accordingly, users should consider enabling DEP on their computers, and if DEP is enabled, users should monitor their computers for application conflicts and disable DEP if necessary. Appendix B.1 contains instructions for configuring DEP. ----------------- 8.5.1.6 File Signature Verification Utility The System Information utility described in Section 8.5.1.3 includes several diagnostic tools, including the File Signature Verification Utility. This utility checks Windows XP Home Edition operating system files to ensure that they have been digitally signed by Microsoft. Files that fail this match could have been added by a benign third party, such as a hardware vendor, or by malware or other attacks. To check the Windows XP Home Edition files, perform the following steps: 1. From the Start menu, select All Programs, then Accessories, then System Tools, then System Information. System Information should open. 2. Under Tools, run the File Signature Verification Utility. 3. Click Start to begin the file scan. It typically takes at least a few minutes for the scan to run. When the scan has completed, click Close. 4. Click the Advanced button, then the Logging tab. 5. Click the View Log to display the log for the scan. The items with a status of Not Signed are the files of most interest. 6. To save the file for an expert to review, click File, then Save As. Specify a location and name for the file, then click Save. 7. Click OK, then Close. 8. Close System Information. 9. Provide the saved log file to an expert for review. For example, the file could be e-mailed to someone; placed onto a CD, flash drive, or other removable media; or reviewed at the computer by an expert at a later time. The expert can review the file by opening it in Notepad or another text editor. ----------------- 8.5.2.2 System Restore Windows XP Home Edition computers save their state periodically in a format known as a restore point. Administrators can also save restore points manually as desired. The System Restore utility built into Windows XP Home Edition can be used to restore the state of the computer to the state captured in a restore point. The goal is to select a restore point from a date that is before the problem began, but as late as possible so that previous application changes, computer updates, and other changes to the system are not lost. To restore the computer to an earlier state, perform the following steps: 1. From the Start menu, choose All Programs, then Accessories, then System Tools. From there, choose System Restore. 2. Click on Restore my computer to an earlier time, and then click Next. 3. Select a restore point date. After choosing a date, click Next. 4. Verify that the desired restore point has been chosen. Click Next to proceed. 5. The changes to the computer since the restore point will be reversed. When completed, the computer will shut down and restart. ----------------- 8.5.2.3 Recovery Console The Recovery Console is considered a last-resort option when other recovery methods have failed. It also requires expert-level knowledge of Windows XP Home Edition. To use the Recovery Console, perform the following steps: 1. Insert the Windows XP Home Installation CD into the CD drive, and reboot the computer. 2. When the setup screen appears, choose R to start the Recovery Console and the repair process. 3. Enter the administrative password. 4. Type in the necessary commands at the prompt. To display a list of available commands, type help. 5. When finished, type exit to close the Recovery Console. Remove the CD from the computer and reboot. ----------------- 3.1.2.4 Use a Limited User Account for Daily Tasks User accounts on Windows XP Home Edition computers can have full privileges or limited privileges. An account with full privileges, also known as an administrative account, is intended to be used only when performing computer management tasks, such as installing updates and application software, managing user accounts, and modifying Windows XP Home Edition and application settings. If a computer is attacked while an administrative account is in use, the attack will be able to do more damage to the computer. Therefore, user accounts should be set up to have limited privileges; such accounts are known as daily use or limited user accounts (LUA).22 Users should not use administrative accounts for general tasks such as reading e-mail and surfing the Web because such tasks are common ways of infecting computers with malware. Malware is likely to do more damage to a computer if accessed using an administrative account than a limited user account. The primary disadvantages of having separate administrative and limited user accounts are that limited users might not be able to run some applications, such as games and other applications designed for older operating systems, or to install applications, Windows XP Home Edition updates, and application updates. This could cause a significant delay in downloading and installing updates, as well as making other certain tasks less convenient for users. To help work around this problem, Windows XP Home Edition includes a Run As feature, which allows a person logged in as a limited user to perform individual administrative tasks. For example, by right-clicking on an Internet Explorer icon, a limited user can select the Run As option, which causes Internet Explorer to be run with administrative privileges after the limited user has provided a valid administrative username and password. The Fast User Switching feature provides another way to use a separate administrative account to perform a single task while still logged in to a computer with a limited user account. ----------------- 3.1.2.3 Disable Unneeded Default User Accounts Administrator. Attackers often attempt to use the default Administrator account on various operating systems. Windows XP Home Edition does have an account named Administrator, but it is only available for use when the computer is booted into Safe Mode. Since the account is inaccessible under normal circumstances and is needed for Safe Mode to work properly, the original Administrator account should not be disabled, and it should have a password set to prevent unauthorized access.20 Windows XP Home Edition requires a separate administrative account to be created during the Windows XP Home Edition installation process. This account or other additional administrative accounts should be used instead of the original Administrator account when performing computer administration. Guest. In earlier versions of Windows, the Guest account was a common means by which to gain remote access to a computer through a network and launch additional attacks against the computer. In Windows XP Home Edition, the Guest account has strictly limited privileges. By default, it is disabled. When enabled, it can only access resources that have been specifically designated for remote sharing, such as folders and printers. If a computer does not share any of its resources, the Guest account is effectively made useless. HelpAssistant. This account is used only for Remote Assistance sessions, which are described in Section 3.1.3.2. The HelpAssistant account should be disabled unless the Remote Assistance feature is needed. By default, this account should already be disabled Support_388945a0. This account is intended to assist in providing technical support within an enterprise environment. Therefore, it should be disabled for computers used in home and mobile environments. By default, this account should already be disabled. Computer vendors may install their own remote technical support accounts as part of their Windows XP Home Edition installations. Such accounts should also be disabled if possible. ----------------- * And, lastly, a SANS compilation of KNOWN security issues &/or vulnerabilities from 2007 for your references (to check if apps you use are vulnerable, OR have patches you can apply (or, @ least workarounds)): http://sans.org/top20/?portal=2d429cc2754d...ea632defc0db#c1 ================ :) Nicest part of ALL of this, IS THIS: You get a clean system, that is FASTER online as well! Plus? IF YOU'RE "SMART"?? You can back it up & be RIGHT back to a fast secure rig in minutes time only after doing ALL of this... theoretically, NEVER being unable to do so in fact! (So - Use BOTH "System Restore Points" & std. backup tools like network backups OR imaging tools like Acronis TRUE IMAGE (my fav)) & always be able to get RIGHT BACK TO A SECURE SYSTEM, in about 1 hrs' time (load an OS, load backup-restore software, restore secure + CLEAN image, etc. & all done!) APK P.S.=> That OUGHT to "finalize" this post, on MOST ALL POINTS for security's sake on a Windows rig @ least... & other than occasionally having me post more material for say, the HOSTS file again if needed? This OUGHT to be it... enjoy! apk Edited March 23, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589287483 Share on other sites More sharing options...
APK Posted March 23, 2008 Author Share Posted March 23, 2008 I also "took the liberty" of contacting a well-known "security-pro" (in Don Parker of "SecurityFocus.com" fame, whom I post with @ Security Forums online with whose URL is below & I referred he to it, as it is the same content as the one here)! This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point: ********** Hello apk, I don't see any real downsides to what you posted. The only thing is that you need to remember the audience that it is you are trying to reach. If your goal was to hit the newbies as it were then you may have missed the mark a bit. Beyond that, it looks fine to me. --Don -----Original Message----- From: APK [mailto:apk4776239@hotmail.com] Sent: Wednesday, March 19, 2008 5:34 PM To: dparker@bridonsecurity.com Subject: REVIEW THIS IF YOU HAVE TIME (I see you posting @ Windows Security Forums is why I ask, & it is where the post is)... apk See subject-line, & this URL: http://www.security-forums.com/viewtopic.p...300e45b636f9f1c Thanks! APK P.S.=> Loved your articles @ SecurityFocus, entitled Catch them IF you can" & "Don't blame the IDS", by the way... Good stuff, & thus, I respect your views on my posting above & would like to see/hear any "downsides" from your point-of-view regarding the points I made in said posting... again, thanks! apk ********** That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all) in the arena of computer security, & DO CATCH DON'S ARTICLES I NOTED ABOVE (especially "Catch them IF you can", as it makes points many DO overlook (especially logs!))... apk Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589287615 Share on other sites More sharing options...
megamanXplosion Posted March 25, 2008 Share Posted March 25, 2008 I like the idea of having such an article available but the writing could be improved quite a bit because the instructions you provide are about as clear as mud. I'm sure many people would appreciate it if you could rewrite the article to improve it's clarity. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589290287 Share on other sites More sharing options...
APK Posted March 25, 2008 Author Share Posted March 25, 2008 (edited) I'm sure many people would appreciate it if you could rewrite the article to improve it's clarity. Well, again: OPINIONS vary... but, then again, so do QUANTIFIABLE & VISIBLE increases in folks' CIS Tool scores (no opinion there, just fact & GOOD fact, when folks try it, & apply its points based on "best practices" for most ANY OS PLATFORM OUT THERE (not just Windows, no less, & their scores visibly & verifiably increase on it))... So - in addition to the 12 folks whom I quoted in my last post prior to this one on the last page/above/earlier who LIKED this post from OTHER FORUMS? Well, we have folks here now, who feel contrary to YOUR opinion: Nice job, I will read through it more thoroughly after I've slept :)Oh and stop hating on him, he obviously has an idea as to what he's talking about, there's been alot of rude replies when, IMO, they are clearly not warranted. He's doing people a favour here, he didn't have to post this information, be grateful. & Pretty good guide. & Just wanted to thank you for putting this info out. I made the changes on my windows 2003 server and the changes are working good for my home environment & nicely compiled. Thanks for sharing. & Thanks :spindj: & moved here very nice guide :) & Very nice guide (Y)(Y) THAT'S EVEN MORE THAN THE 12 folks (from other forums I quoted/cited above (in my post prior to THIS one on the page preceeding this one), including a security pro in Don Parker of SecurityFocus who either like it, OR, felt it was solid/correct/accurate (& there are more who felt the same across OTHER forums too, not just the dozen I quoted)) who felt it is a SOLID post, from folks here no less, & had no troubles reading it (or, applying it)! :) iMonkey @ least, posted something SOLID here on THESE forums, that improved it... (Which is more than I can say for those telling us about "writing style", who don't have a PhD in English no less) APK P.S.=> So, all in all? You have 20 folks opinions (1 is even a security pro in this field no less & SANS certified as well + writes for SECURITY FOCUS) that seem to feel otherwise, vs. YOUR opinion... & there are more, but, that list of them will do, for now... apk Edited March 25, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589291245 Share on other sites More sharing options...
megamanXplosion Posted March 26, 2008 Share Posted March 26, 2008 I never said your advice is bad. As a matter of fact, my Windows XP Professional SP2 installation scores 71.6 on the CIS benchmark and I intend to improve it further. I agree with your advice. My criticism was about the clarity of the instructions you provided. You've used jargon that can easily confuse people who are unfamiliar with rigorous computer security—your target audience. You have parenthesized text within parenthesized text—you have digressed from a digression, which is strange—and that is difficult to follow without reading the sentence in which it occurs several times. You truly should consider revising your post because it will help more people if more people can understand it. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589293228 Share on other sites More sharing options...
APK Posted March 26, 2008 Author Share Posted March 26, 2008 I never said your advice is bad. It isn't, & the CIS Tool merely makes it easier to implement & understand WHY also, as it is based on industry "best practices" for security for the OS platform it's being run on (CIS Tool is NOT just "restricted to Windows only", it also runs on Solaris, BSD & Linux variants as well, for example). As a matter of fact, my Windows XP Professional SP2 installation scores 71.6 on the CIS benchmark and I intend to improve it further. That's VERY good, & means (most likely, imo @ least) you may have done some "registry hacking" to secure yourself! See, on a guess here: The reason I state that is because in testing on a pal of mine's system (the "prototype user" I tested this ALL on in my pal Jack, a "PI" (Private Investigator) by trade?) Well - I applied a series of .reg file hacks to his system, commonly used ones for speed + security (& he got up to 71.xxx ranges like yourself)... I agree with your advice. Good, & I hope it works out to 90.xxx scores for you, as it did for AlexStarFire (screenshot of score I put up for Windows XP users) - that guy has posted a score I have YET to see exceeded on Windows XP (see screenshot of his score a page or two back if necessary for validation of my statement). My criticism was about the clarity of the instructions you provided. You've used jargon that can easily confuse people who are unfamiliar with rigorous computer security Well, 2 things I guess: By "confusing jargon" - can you provide an example? I did where I showed I helped "AlexStarFire" in my list on this page (or, the page before it) on where I fielded SPECIFIC QUESTIONS other had (such as AlexStarFire) & helped them raise their scores further when I did! & When in doubt of the meaning of a term? That's what "GOOGLE", "AltaVista", &/or WIKIPEDIA are for (use them, if I am not here to help out, OR others who may understand the "jargon" you don't presently...) —your target audience. You have parenthesized text within parenthesized text—you have digressed from a digression, which is strange—and that is difficult to follow without reading the sentence in which it occurs several times. You truly should consider revising your post because it will help more people if more people can understand it. Well, perhaps... but, again: There are 20 or so people's examples on this page & the one prior where I quoted/cited their results & feelings about this thread's materials, both from THIS forums (& others), who felt clearly otherwise... Oh well: Opinions vary (& so do CIS Tool scores, but these? They vary, to the GOOD, in increased scores in it). APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589293332 Share on other sites More sharing options...
SLeeM@N Posted March 29, 2008 Share Posted March 29, 2008 Thanks a lot! Long to read :p but useful & complete ! Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589300559 Share on other sites More sharing options...
+Warwagon MVC Posted March 29, 2008 MVC Share Posted March 29, 2008 HOW TO REMOVE MALWARE - INTRODUCTION (using 110% free tools, OR ones you have in your OS already natively, to remove malware infestations of ANY kind HOW TO): If I was ever infested bad with Malware I would just format and start over. Because I would never trust my computer enough to do online banking ever again unless windows was reformated. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589300883 Share on other sites More sharing options...
APK Posted March 30, 2008 Author Share Posted March 30, 2008 (edited) If I was ever infested bad with Malware I would just format and start over. Because I would never trust my computer enough to do online banking ever again unless windows was reformated. That IS a way, & as long as you backup ALL OF YOUR DATA (personally created stuff like resumes for instance)? You'd be ok... but, I spent years of professional time in both forensics in computing + actually fixing & repairing them (both software & hardware levels) to tell you 1 thing: MOST TIMES, you can get rid of these things, fully... except in the case of ROOTKITS (non-bootsector type). Then, it is recommended to do as you note - "REPAVE". APK P.S.=> E.G.-> This year alone, I have done approximately & LITERALLY, around 1,000 virus/spyware/trojan/malware removals alone... I only failed on 2 of them, if this illustrates my point @ all (even anecdotally based on MY experience professionally)... apk Edited March 30, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589300891 Share on other sites More sharing options...
APK Posted March 30, 2008 Author Share Posted March 30, 2008 Thanks a lot! Long to read :p but useful & complete ! Thank you SLeeM@N: All-in-all - I hope you enjoyed it! There is an option to rate this thread, so, go for it if you like & thanks! (& I hope you gained yourself a GOOD CIS Tool score (hit those 90's man, like AlexStarFire did, good luck)). You'll go faster online & safer as well, if you follow this ALL THE WAY THRU, & apply CIS Tool's points + the ones I layer ontop of that, guaranteed. APK P.S.=> I wonder what "megamanXplosion' will think of YOUR experience & statement I quote above though... apk Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589300915 Share on other sites More sharing options...
APK Posted March 30, 2008 Author Share Posted March 30, 2008 (edited) You assume they had no problem reading it. OH, I think that seeing AlexStarFire's 90.112/100 score on CIS Tool exemplifies he had NO problems with it, or my writing (especially when I helped him go from an 80's range score, into the 90's range, via questions he asked & I answered for he to do so, for example). The other 19 or so folks (whom I quote on the page prior to this one in fact), such as SleeM@N above also now, seem to have liked it as well... PLUS, the fact it was made a guide here, by Colin-UK (moderator/admin here) helps! So does the fact it was instantly made a guide & sticky @ ProProfs forums... Additionally/lastly: It won the $100 U.S. Dollars monthly prize @ PCPitstop forums as well. (Given those points, as evidences contrary to your opinions? Well, I guess "others couldn't understand it" or my writing eh (& just decided to make it a guide, or sticky thread...) The people you quoted did not state their opinion on the quality of your writing. All you've done is pull numbers out of a magic hat and waved those magic numbers around as if they proved something when they don't. ABOVE ALL ELSE/BOTTOM-LINE HERE: Is this an English class? Is this my "last will & testament"?? No, to both. (AND, again - do you have a PhD in English??? Before you tell others how to write, I'd advise getting one... there are @ least 20 others I noted from THIS forums (& others also, only a SMALL partial set of them no less), including SLeeM@N above now, who felt contrary to YOUR opinion, just fact & one anyone can verify on the page prior to this one) This is NOT a legal document, nor a paper for a grade in English class: This is about computers & securing them. You are off topic man... Don Parker said, "I don't see any real downsides to what you posted."... Allow me to translate, "Your advice is good but you could've presented the advice in a much clearer manner." Allow me to translate further, "I agree with megamanXplosion." Putting words into the mouth of others now I see... the main point is that the man said this: "I don't see any real downsides to what you posted. " & he IS a SANS GIAC certified pro in the area of computer security (& he just got done @ the CanSecWest security conference no less, which we corresponded about via email & pm). APK P.S.=> Opinions on "writing style" from someone w/ NO PhD in English? Mere opinion... so, thus, I put up 20 other people's opinions (and CIS Tool scores from others also) that contradict yours is all... opinions vary! So do CIS Tool scores though... not much arguing with that though, especially when they INCREASE! apk Edited March 30, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589300964 Share on other sites More sharing options...
APK Posted March 30, 2008 Author Share Posted March 30, 2008 (edited) Heh! Funny thing happened here today: I did some searching here on this forums (for my initials "APK", to see posts I had done here etc. over time & what-not) & I found that someone named "me101" posted the ORIGINAL MODEL OF THIS GUIDE (which iirc, I mentioned in the 1st post of THIS posting of this guide. It came originally from NTCompatible.com "Article #1", from 1997-2002 there), here on THIS SITE, albeit years ago (circa 2001 in fact)... ==================================== APK "A to Z" Internet Speedup & Security Text! ==================================== https://www.neowin.net/news/main/01/11/29/a...--security-text (Posted by me101 on 29 November 2001 - 04:40 ? no comments & 795 views)> ==================================== Frankly, upon reading it again, after MANY years now? Well, it amazed me (upon comparing it to THIS version now (in THIS post)), on how much it has grown since then... especially for security hacks (for speed ones, it's loaded though). :)) * The setup that post gives you WILL take you to around 70.xxx/100 scores on CIS Tool though, whereas using CIS Tool & THIS NEWER POST? Well, you can see the scores folks got (in addition to mine) & thus, I definitely consider THIS POSTS' MODEL of said guide, to be far superior than that older one in the URL above. APK P.S.=> Besides - This post is more "security-oriented", by far, vs. that one (though that URL above DOES directly & DEFINITELY cover more "speedups" type information, especially registry hacks for speed (and security too though)), so it may be something to take a peek @ as well... enjoy! apk Edited March 30, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589301812 Share on other sites More sharing options...
kinetix63 Veteran Posted March 31, 2008 Veteran Share Posted March 31, 2008 Thread Cleaned I'd suggest that the OP need to learn to take some constructive criticism instead of entering in to long arguments about his writing style... In future, keep that kind of thing by PM please. This thread was already closed once because of bickering and arguing. Any more and it'll be closed again - this time permenantly. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589303615 Share on other sites More sharing options...
APK Posted March 31, 2008 Author Share Posted March 31, 2008 (edited) Thanks a lot! You're welcome - & thank yourself MOSTLY, for applying it, because it does work (for both SPEED online & gains in it, AND security vs. attacks of many forms). Long to read :p but useful & complete ! Yes - it IS long (because the material is "somewhat complex"), & by way of comparison to the original! (Which, again, somebody named "me101" posted here, years ago as noted in my last post prior to THIS one above, circa 2001 (from its original material that dated 1997-2002 @ NTCompatible.com)) Yes - it has gotten even larger/longer... which is good! I say that, simply because that set of registry hacks & such from it only take you to around 71.xxx level scores in CIS Tool. By way of comparison, you can see how much better this guide is now, just based on CIS Tool scoring results. Especially in my score on CIS Tool (85.706/100 on Windows Server 2003 SP#2 fully hotfix patched) & AlexStarFire's score photo (90.112/100 on Windows XP SP#2 fully hotfix patched) which would not have been as easily possible, imo, w/out CIS Tool guidance. However, using CIS Tool's suggestions makes it simpler to do (& accurate enough, as it is based upon "best practices" for security)... I have learned a great deal since 2001 that helps secure you online even moreso, hence, why this has gotten so much larger/longer (and, how my score got 15 points better no less). BOTTOM-LINE: It WORKS (the most important part) to help secure you online AND, speed you up too as a bonus - & anyone reading + applying this posts' points gains by it, as I did & others noted in this thread. APK Edited March 31, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589303730 Share on other sites More sharing options...
APK Posted March 31, 2008 Author Share Posted March 31, 2008 (edited) Thread Cleaned Thanks, I "pm'd"/reported this thread to you mods/admins here, because of megamanXplosion calling me "clueless"... which apparently, you have REMOVED (the post where he did so). I'd suggest that the OP need to learn to take some constructive criticism instead of entering in to long arguments about his writing style... I have NO problem with that - especially when I can point out (as I did in reply to such "critique", the kind that does NOT help others increase their security no less) others who felt differently (and, that was roughly 10 people from THIS forums, & 10 others from other forums (only a small sample of that no less, there are FAR more)). However - I do have issue with those that toss names & such, as megamanXplosion did (& others such as betasp, OR others like raskren that posted FALSEHOODS regarding antivirus effectiveness which I wholly disproved with evidences from sites that test such programs). Still - Thanks for clearing that up where megamanXplosion called me "clueless" - funny though, how you don't scold he for that, eh? (I suggest YOU exercise fairness & reprimand HE publicly as well... as you have myself. He may be a "long time poster here", big deal, & your pal... but, does that put HIM above such reprimand? NO, it does not). In future, keep that kind of thing by PM please. This thread was already closed once because of bickering and arguing. Yes, & the FUNNY part was, those I argued with always ended up tossing names & such, NOT I. (All over "writing style", MERE OPINIONS - So, give me a break: If those that post such "suggestions", minus a PhD in English no less, have "ADD" etc.? Well, that is NOT my problem! Nor is it if they have a lack of patience when poring over subject material that is LONG & COMPLEX either) I merely put up opposing opinions, many of which came from THIS forums, & others (small sample only) as well. Any more and it'll be closed again - this time permenantly. Your loss if you do! 1.) Especially considering this post has nailed over 10,213 views in only 4 months time (thus, your revenue in adbanner views gains), which equates roughly to 2254 views a month/88 views a day of it (or, 4 views an hour/once every 15 minutes). 2.) I am probably NOT done putting in more "fine points" is why I state that. There is always more attacks & servers that are KNOWN to be @ the heart of them (such as the RBN (russian business network) material I posted) that will need updating for others to protect themselves vs. it, for example. ( & I was NEVER the person calling others names & such, period, as my "wannabe PhD in English/English teachers" had - does their "critique/opinion" help secure others? NO! Did others read & APPLY this material?? YES, to their benefit... period!) ----- All I ever used was: A.) The findings + opinions of others to counter useless "writing style" critique (which many others did NOT mind & I proved that much, & critique of writing style DOES NOT HELP OTHERS SECURE THEMSELVES BETTER either (if they can't handle that others did NOT agree with them? Again: NOT MY PROBLEM!)) B.)Actual verifiable facts: Such as URL's to data that helps proved my points (such as I used on raskren) C.) Actual techniques that work (such as for betasp, showing him the techniques here CAN be "mass deployed" via logon scripts &/or AD group policy mgt. tools) D.) The fact I DO help others on points they are "stuck on", as I had for AlexStarFire on another forums - helping he raise his score up from the 80/100 ranges on CIS Tool, to his present 90.112/100 score ALL easily verifiable, & fact. APK P.S.=> I ask for critique, but ONLY on TECHNICAL POINTS (that actually HELP to secure others online)... not a grade in English class (much less from those lacking a PhD in the subject of that language)... TO THE "WANNABE ENGLISH WRITING TEACHERS" OUT THERE (minus their PhD in English, and most likely minus any degrees, certifications, OR decades of hands-on experience in this field): Get a PhD in English, I may listen... & ONLY then: Simply because I can do what I did, & that was to put up a TON of others whose opinions & CIS Tool scores no less as well, counter THAT b.s. easily. Above all else: IF YOU DON'T LIKE IT? DON'T READ IT! Nobody's "twisting your arm" to do so... right? English grammar critiques, pure personal opinions, do NOT help point out technical "downsides" to this article's points... zero contribution to the good of others. Otherwise? You ARE "off topic", no questions asked (as this is a forums on computing, NOT English spelling/grammar - the resort of the technically WEAK online, imo @ least)... apk Edited March 31, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589303752 Share on other sites More sharing options...
+mrbester MVC Posted March 31, 2008 MVC Share Posted March 31, 2008 OT: Flames are routinely deleted when reported; subsequent posts referencing them may be edited to preserve the flow. Mods have to read a thread to decide upon actions when a post is reported; antagonising them isn't going to get you very far. Threads have been excised from history for far less here... A suggestion: Make a PDF and present it for download. I, and others, appreciate your efforts to impart knowledge you have gained over the past n years, but the whole thing has ballooned from the "12 steps" as mentioned in the topic title and is now a novella. It gives you a chance to present the whole shebang in an orderly and concise manner and neatly gets around the "long to read" problem where what information you are trying to impart is mixed in with ripostes. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589304009 Share on other sites More sharing options...
APK Posted March 31, 2008 Author Share Posted March 31, 2008 (edited) OT: Flames are routinely deleted when reported; Right, & I reported it in fact (when megamanXplosion called me "clueless" etc. et al)... simply because "writing style" is JUST A MATTER OF OPINION (& I posted 20++ people who read this post just fine, AND, applied it also, w/ no problems reading it whatsoever, in response from myself & yes, others). subsequent posts referencing them may be edited to preserve the flow. THAT, I have NO PROBLEM with... even IF they're MY POSTS (however, I did NOT toss names @ megamanXplosion, or others like raskren & betasp - I just put up either facts, OR the experiences & opinions of others, to show their "CRITIQUE" was just opinion, & THOSE? Clearly, vary). Mods have to read a thread to decide upon actions when a post is reported; antagonising them isn't going to get you very far. Who was I antagonizing? I only told it how it was, with proofs, that's all. Proofs of others' opinions who stated this post was good/useful etc. & also those of other forums (who like this one, instantly made it a guide OR sticky thread) & even THAT OF A KNOWN SECURITY PRO, from a respected website (security focus). This is all. No name tossing, just facts that back up what I write. This is NOT an "english class" or a paper for a grade in it, nor is it my "last will & testament" (ala a legal document)... it is a FORUMS ON COMPUTING, not English grammar. Critique of "writing style"? Opinions, only. Those vary, & many others felt otherwise (whom I quoted in THAT regard, no less). Threads have been excised from history for far less here... Fine, again: Do so? You lose a view EVERY 15 minutes of this thread (from your website's point-of-view) & also, folks gaining by it (because this stuff in this post DOES work, & very well, to secure folks online AND speed them up too). It'd be this forums' loss, & there are many others like it online I can put this info. up on (& I have done so, just in case some moderator decides to burn a thread, because forums aren't some "unique quantity" online, there are many of them). Locking a useful thread, I can see, but outright "burning it"? Man... come on! A suggestion: Make a PDF and present it for download. I, and others, appreciate your efforts to impart knowledge you have gained over the past n years DECENT SUGGESTION, by ALL means... I just may do so, but, not until I get feedback that's TRULY USEFUL (such as iMonkey's was here on THESE forums)... to "perfect it" & NOT mislead others with inaccurate info.. To iMonkey - Thanks iMonkey! What I am looking for, is TECHNICAL POINTS CRITIQUE (not a grade in English)... that is what HELPS PEOPLE the most, AND is "on topic"... & last time I looked? This is a forums on COMPUTING (not English grammar). but the whole thing has ballooned from the "12 steps" as mentioned in the topic title and is now a novella. It's complex subject material, AND YES, long (but, detailed & ACCURATE)... no way around it. ALSO: MORE "critical information" such as bad banner servers (ala my RBN example) changes... it is NOT 'static in nature' & USEFUL for securing folks vs. attacks by RBN for example! It's GOING TO CHANGE & need addons... no way around it, period. It gives you a chance to present the whole shebang in an orderly and concise manner and neatly gets around the "long to read" problem where what information you are trying to impart is mixed in with ripostes. Yes, I admit readily, it is long (what am I supposed to do about that? It IS complex & long material period - how much can I "shave off" of it, w/ out impacting detail, in other words?). NOTE ALSO, especially above from SleeM@N: He said, yes, it's long BUT, he thanked me for posting it (& said it is "complete")... APK Edited March 31, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589304179 Share on other sites More sharing options...
APK Posted March 31, 2008 Author Share Posted March 31, 2008 For users of Adobe Reader: Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears "ill will" no less)? Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY? (Simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!) Plus, like I had stated earlier in this guide? I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))?? Try this: TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER to be safe vs. attacks in it that are javascript-based in nature! EDIT menu PREFERENCES submenu Javascript section (in left-hand side column of options), & uncheck "Enable Acrobat Javascript" in the right-hand side option for that. APK P.S.=> That assures you are "proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them... apk Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589304527 Share on other sites More sharing options...
APK Posted April 2, 2008 Author Share Posted April 2, 2008 (edited) APK... the personal insults stop now... as well as the PM's you've been sending to him. Uhm, you read them, & then YOU unlocked this thread, after seeing "who was sending what, to whom" etc./et al! (Thanks for that much - you saw the names he tossed, iirc, & also the photos he put up about me here like some frustrated child might, lol!) Then, he had the balls to lie to you. How does a guy like THAT, live with himself, I wonder? Anyhow, for laffs? I even archived them here, just for posterities' sake! & it's nice to see someone who is a liar (there's NO WAY betasp has an MCSE, unless it's just paper in other words, based on his performance & his posting photos about myself, lol, childish, but also more below) get put in his place (& it wasn't me - I''m still here posting, & he's LONG GONE WITH THE DAWN, lol, no doubt out of shame, lol!). Anymore issues and you will be restricted. Well, that never happened, because of the above (you took it to he, not I)... which was how it ought to be, as he was WAY off/wrong on technical issues, for an "MCSE" (doubt it, or he is just a mgr. paper one, like so many are - NO hands on actual work with the tools) Well, thanks for ACTUALLY DOING YOUR JOB (a rarity in a mod/admin OR manager of most any kind many times imo, lol), & letting this thread continue... betasp's little photographs he put up were his undoing, on his own (then lying saying I was sending him bogus pm mail here, & HE WAS SENDING THEM MY WAY). Thank goodness there's mods that really DO, do their jobs! APK P.S.=> Too bad you have some "bad elements" here... I mean, for example: Those that try to tell others how to write, with no PhD in English, OR degrees or professional experience! (In English professionally as editors, OR teachers @ least - not that it'd matter: THIS IS A FORUMS ON COMPUTERS, not English class, lol, & "writing style"? PURE OPINION, especially from a non-pro in THAT field (English), & the outright last resort of the TECHNICALLY WEAK ONLINE (well, that, & "downrating" a post in retaliation, lmao!)) The part that really makes me laugh, even MORE than betasp's photos & lies which you caught he in? I am sure, that then HE, "in impotent retaliation", rated this post down! "Oh no... the world's over, lol!" Funny part is, when the folks reading see others stating they like it, for the benefits this post yields? Who looks silly then?? lol... not I! Just as I did not in THIS situation you note. Now, I am sure there are those who are computer pros though, gotta be some of that here, & they read this (or even those that are not, but did apply it (especially kudos to THEY, it takes some courage first time & patience))... & did not note any really bogus stuff in it (other than 1 spot I actually ASKED if anyone saw anything wrong, as I quoted it from another source, & that's iMonkey (again, thanks iMonkey)). (On down rating in retaliation? LOL, anyone can do that, but to justify it as 'good' when this forums' about COMPUTERS, not ENGLISH SPELLING &/or GRAMMAR? LOL... effete, & WEAK!) Yes... well, but... that's when they end up with egg on their faces, & they do it to themselves, that type... OR Those that have their MCSE (supposedly, in betasp, which he told me in pm no less but certainly did NOT SHOW IT, especially when he said there's "no way to mass deploy this setup" & not have helpdesk calls) Hilariously funny, that, because I, & others I noted in this thread like Thronka (from another site, URL proof too) that have setup a company MUCH LARGER THAN HIS with more client nodes this way! Just as I described, quickly + using tools to do so with that most ANY JUNIOR NETWORK TECH EVEN KNOWS! (Ala AD Group Policy Tools &/or logon scripts) Yea - some MCSE he is... the"Paper kind" w/ NO HANDS ON ACTUAL EXPERIENCES DOING THE JOB - typical of "mgt." today in fact (& QUITE PITIFUL!)... apk Edited April 2, 2008 by APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589307392 Share on other sites More sharing options...
megamanXplosion Posted April 2, 2008 Share Posted April 2, 2008 It gives you a chance to present the whole shebang in an orderly and concise manner Shhhh. You need an English PhD to suggest such a thing. Those that try to tell others how to write, with no PhD in English, OR degrees or professional experience! Analyze curriculi for English PhDs. An English PhD is attained through a study of literature—Shakespeare, Poe, et cetera—rather than grammar and syntax, which are not college-level subjects. In this discussion, English PhDs are irrelevant. Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589308442 Share on other sites More sharing options...
APK Posted April 2, 2008 Author Share Posted April 2, 2008 Shhhh. You need an English PhD to suggest such a thing.Analyze curriculi for English PhDs. An English PhD is attained through a study of literature—Shakespeare, Poe, et cetera—rather than grammar and syntax, which are not college-level subjects. In this discussion, English PhDs are irrelevant. MegamanXplosion: You are MORE THAN WELCOME to find errors/holes in this post to critique its points, which are ABOUT COMPUTERS & SECURITY (not "english grammar writing style opinions", lol - which IS offtopic, as this is a forums on computers (not English grammar)) So, that all said & aside? Hey... please, stay on topic & try to do so, IF you can... ok? (Sarcasm & further foolishness on YOUR PART only makes you look even more silly) :) * Have a GREAT day, & good luck finding technical errors OF A COMPUTING SECURITY NATURE, in this thread's points here (be useful, try it, as it is ALL I asked for & it benefits others to make this post stronger too) Thanks! APK Link to comment https://www.neowin.net/forum/topic/602537-how-to-secure-windows-2000xpserver-2003-even-vista-in-12-steps/page/4/#findComment-589308714 Share on other sites More sharing options...
Recommended Posts