Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 64

Thread: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring




  1. #11
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default STEP #10 - EMail practices

    10.) Plus good email client practices like using .txt mail only, no RTF or HTML mail, not opening or allowing attachments unless I know the person & even THEN, scan it with an antivirus (still gets email scanned though by your resident antivirus email scan component (use AntiVirus programs with these, OR, manually scan ANY attachments before opening them (if you get Microsoft Office .doc, .xls, .ppt etc. files uncompressed? HOLD DOWN THE SHIFT KEY AS YOU OPEN THEM - this stops macros from running & macros are the avenue utilized using VBA script to infect you))

    APK
    Last edited by APK; 04-07-2008 at 03:49 PM.

  2. #12
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default STEP #11 - Hardware NAT "firewalling" subnetting routers usage

    11.) I also use a LinkSys/CISCO BEFSX41 "NAT" true firewalling CISCO technology-based router (with cookie & scripting filtering built-in @ the hardware level), these are excellent investments for security.

    BY THE WAY, IF YOU OWN A ROUTER? TURN OFF THE UPNP FEATURES IN IT!

    Why?

    Take a read:

    Most Home Routers Vulnerable to Flash UPnP Attack:

    http://it.slashdot.org/it/08/01/14/1319256.shtml

    * Just to be safe...

    :)

    APK
    Last edited by APK; 04-07-2008 at 04:17 PM.

  3. #13
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default STEP #12 - Windows Server 2003 SCW & MS Baseline Security Analyzer

    12.) Windows Server 2003's SCW was run over it FIRST (this only exists on Windows Server 2003, not on 2000/XP or VISTA (you have to install this, it does NOT install by default) first to help security it (SCW = security configuration wizard, & it's pretty damn good believe-it-or-not, (@ least, as as starting point))...

    Directions for its installation are as follows:

    Start the Add or Remove Programs Control Panel applet.

    Click Add/Remove Windows Components.

    On the Windows Components Wizard screen, select the "Security Configuration Wizard" check box, as the figure shows. Click Next.

    The Windows Components Wizard builds a list of files to be copied and finishes installing SCW. Click Finish.

    DONE! Now, run it...

    It is very simple to use, and will help even TRIM services you do not need running (which saves Memory, other resources, & I/O to cpu/ram/disk etc. AS WELL AS PROVIDING SECURITY should any services you disable turn up vulnerabilities (this has happened before)).

    ALSO, per TPU forums user (username "xvi") @ techpowerup.com forums (software section): Use Microsoft Baseline Security Advisor, a free download from Microsoft as well to check your system for security holes, patch updates, etc. (be wary of the fact it does require various services running though, iirc, Terminal Server Services Client - I do NOT keep that running here anymore, & this program failed on me because of that (would not initialize @ all))

    APK
    Last edited by APK; 04-07-2008 at 03:51 PM.

  4. #14
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default JavaScript/IFrames/ActiveX Controls & Browser extensions/addons/plugins etc.

    AN IMPORTANT SET OF POINTS TO SECURE YOUR WEBBROWSER, EMAIL PROGRAMS, & MORE:

    STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD (well, with SOME exceptions on sites that demand you use it, OR those that cannot function properly without it, some examples below)!


    Why? Well, read on:

    Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...

    (For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks (even thru adbanners!)). Some examples:

    Hackers Use Banner Ads on Major Sites to Hijack Your PC

    &

    Microsoft apologises for serving malware

    If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?

    Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...

    (& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).

    Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!

    I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.

    Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.

    Either way? It works, & I STRONGLY recommend this.

    ----

    DISABLE INDISCIMINATE USE OF ADOBE FLASH:

    From Mike567 (giving credit, where credit's due):

    HOW TO SECURE Windows 2000/XP/Server 2003 & YES, even VISTA - Windows Forum - Computer Support Forums

    [quote name='Mike567' date='Jun 12 2008, 11:28' post='267753']You need to disable the plugins, where flash is located.[/quote]

    &, he's right... I "overlooked/omitted" that much!

    Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):

    Adobe Flash Zero-Day Attack Underway:

    Slashdot | Adobe Flash Zero-Day Attack Underway

    ----

    I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)

    =====
    SECUNIA DATA ON BROWSER SECURITY (dated 06/26/2008):
    =====

    Opera 9.27-9.50 (new release) security advisories @ SECUNIA (0% unpatched):

    Opera 9.x - Vulnerability Report - Secunia

    ----

    FireFox 3.x security advisories @ SECUNIA (100% unpatched):

    Mozilla Firefox 3.x - Vulnerability Report - Secunia

    ----

    IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (37% unpatched):

    Microsoft Internet Explorer 7.x - Vulnerability Report - Secunia

    ----

    Those %'s are the latest for FireFox 2.0.0.14, Netscape 9.0.0.6, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.27... all latest/greatest models.

    So, as you can see?

    Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

    It's faster too, on just about ANYTHING a browser does
    , & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

    Browser speed comparisons

    AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:

    Performance Tests for Opera 9.5

    NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.

    Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!

    QUESTION - So, "where do you want to go today?"...

    ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).

    ----

    ALSO - HOW TO SET THE "KILL BIT" ON ACTIVEX CONTROLS:

    (I.E.-> This is how to stop an ActiveX control from running in Internet Explorer)

    How to stop an ActiveX control from running in Internet Explorer

    In case you have "problematic" or security vulnerable ActiveX controls, per this RealPlayer example thereof:

    Customer Support - Real Security Updates

    APK

    P.S.=> NEWLY UPDATED WITH FIREFOX 3.x &/or OPERA 9.50 new browser releases security information on unpatched vulnerabilities (06/25/2008)... apk
    Last edited by APK; 06-27-2008 at 02:15 AM. Reason: Updating security stats from SECUNIA for browsers on today's date (05/17/2008) & other points in this post (details for reference for users on Ports Filtering & HOSTS files usage)... apk

  5. #15
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    1,525

    Default Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

    There's only 1 way that any PC will ever be secure,

    1st, don't connect to the internet.
    2nd, put it down a 30' hole.
    3rd, fill hole with reinforced concrete.

  6. #16
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

    Hmmm... that looks vaguely familiar from a few years ago. LOL
    Old age and treachery will overcome youth and skill
    My Toys

  7. #17
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default OpenDNS or ScrubIT DNS Servers (try them, they work for speed AND security online)

    Better, Safer, & F A S T E R DNS Servers

    DO NOT USE THIS WITH A HOME or BUSINESS LAN THAT HAS ActiveDirectory going (because, for example - it will mess up things like FULL Outlook binding to EXCHANGE SERVER for instance, because of INTERNAL DNS SERVER dependencies AD has (ActiveDirectory is HEAVILY dependent on DNS resolutions is why)

    That said & aside?

    I found something VERY cool, as regards online security, that I stumbled onto during my meanderings online today!

    ScrubItDNS:

    ScrubIT

    :)

    * GREAT IDEA, & it WORKS, painlessly... AND F A S T, too!

    APK

    P.S.=> Take a read of what it does, how EASY it is to implement (lol, they even give a GUI to do the job for you, because digging into your network connection MIGHT be a "bit much" for some folks, to make it easy for anyone really... 2 clicks!) & YOU DECIDE...

    I have tried it, & it DOES work, by filtering off sites thru it that are 'dangerous' OR 'offensive' (like ones you might find that are involved with the above exploit, or others like GOOGLE + SPYBOT Search & Destroy help you with) - PLUS, Pr0n sites (some of you, lol, may NOT like that "feature" though).

    Still, bottom-line - For layered security? This is a GOOD idea, this "scrubit" DNS server... imo, so far @ least... apk
    Last edited by APK; 05-18-2008 at 11:25 AM.

  8. #18
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    1,525

    Default Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

    Quote Originally Posted by Darthtanion View Post
    Hmmm... that looks vaguely familiar from a few years ago. LOL
    Yep the old solutions are the best but common sense helps too. ;)

  9. #19
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default VIRUS/SPYWARE/TROJAN/MALWARE REMOVAL TECHNIQUES (like NIST recommends)

    HOW TO REMOVE MALWARE - INTRODUCTION (using 110% free tools, OR ones you have in your OS already natively, to remove malware infestations of ANY kind HOW TO):

    ==========

    1.) Reboot your system to F8 @ startup "Windows Advanced Options" bootup menu that stops you during the boot sequence.

    ----

    2.) There, choose "safemode with networking" (via the "Windows Advanced Options" menu you get presented with while tapping the F8 key repeatedly @ system startup).

    ----

    3.) Once in safemode with networking Windows, download/install & RUN these tools (they are not much to look at, BUT, they do work on MOST threats today & get regularly updated):

    a. Run IE, use its TOOLS menu, Manage Addons Submenu, & turn off ANY BHO etc. objects that you do NOT absolutely NEED, or know what they are (many malwares in the form of bogus toolbars or BHO (browser helper objects) often hide here).

    ALSO CLEAN OUT YOUR WEBBROWER CACHES & %temp/tmp% temp. ops locations so no maladies exist there also awaiting re-awakening by accident

    You do this via Internet Explorer (using IE as an example, it is the same idea in Opera/FireFox/Netscape/Mozilla etc. too) via its Tools menu, Internet Options submenu, & on IE options screen, use the "Browsing History" group in IE7, & delete things as necessary from IE's browser caches etc. & for OS + app level %temp% & %tmp% environmental values' areas? Type SET @ a DOS prompt to see where you located those, & burn their contents via DEL commands, OR via explorer.exe/MyComputer filemanagement.

    b. Run msconfig.exe, & stall out ANY apps you do NOT absolutely NEED to run (many malware start here in fact). If you do NOT know the name of the program & what it does? Look it up on GOOGLE... same with BHO's above in IE.

    c. DOWNLOAD & INSTALL SpyBot 1.51x

    d. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) ComboFix (don't run it yet - there is no installer, it IS its own install + run package)

    COMBOFIX MAY HAVE SOME "MINOR SIDE EFFECTS" though, & here are 3 I have noted, & HOW to fix them:

    1.) IE homepage: No big deal to "fix this". You go to Start Button -> CONTROL PANEL (use CLASSIC VIEW, it's easier imo) -> Internet Options -> General Tab & HOMEPAGE (here is where you change that).

    2.) System Time (rightclick on timeclock in lower righthand side of your screen, & from its POPUP menu, use the Date/Time tool)

    3.) Desktop wallpaper (easy to fix: Rightclick on Desktop, use properties menu, & the desktop tab, change your background wallpaper there)

    e. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) SmitFraudFix (which also has its own LSP (layered service provider fix I have heard tell), BUT, againL Don't run it yet - as AGAIN -> there is no installer, it IS its own install + run package)

    An alternate here, is LSPFix.exe...

    ----

    4.) Clean out your rig, running SpyBot, first (most of the threats today are SPYWARE related, or TROJANS, more than std. typical traditional viruses by the way).

    ----

    5.) Then, run ComboFix (this will reset your webbrowser homepage & background desktop wallpaper, you will have to reset these, & possibly your date/time clock in Windows too).

    (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)

    ----

    6.) Then, run SmitFraudFix (or, as an alternate, LSPFix)

    (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)

    ----

    7.) Reboot to "normal Windows" (no F8 stuff this round) - it MAY hesitate/be slower this bootup though, because SpyBot/ComboFix/SmitFraud do a 2nd look type check on bootup many times... so, be prepared for this part.

    ----

    8.) Then, once in normal Windows again, scan with your AntiVirus solution (now fully updated hopefully & if not, do update it first & then scan).

    Good suggested FREE one, is AVG AntiVirus (I suggest this one, because it is free + complete w/ mail protection too that's decent enough, & just in case your antivirus solution is expired... if it is not expired, update the one you use. Keeping another around for a "2nd Dr.'s Opinion" is NOT a bad idea, BUT: ONLY RUN 1 OF THEM, "resident" (meaning runnings its background application & file scanning engine, usually implemented as a service + trayicon app). IMO, NOD32 is the best performer all-around in terms of antivirus programs. av-comparatives & vb100 tend to 2nd me here as well.

    * @ that point? You probably will have 'caught the culprits', OR, @ least have the name + location of any threats they could NOT eliminate... & here is where it gets REALLY "fun"...

    ==========

    NOW, when you CAN'T remove a virus using "script kiddie automated tools" like those noted above (not putting them down calling them that because they ARE somebody's hard work & freely given time as well)? IF you can get its name, & location on disk say, via a report from AVG or other programs you use for this?

    Boot your system from the OS install CD, & go to RECOVERY CONSOLE!

    There, switch to the folder that houses it using CD (almost like DOS one, but uses .. ONLY, to switch to ancestor folder roots really (instead of \ etc. et al))!

    Then, once you are in its folder, fry it then (nothing will be loading & thus, locking it, there) using the DEL command -> DEL filename.

    ****

    It's THAT, or using Process Explorer in UserMode/Ring 3/RPL3 operation...

    You would do a suspending the calling process via right click popup menu options for this it offers! Once the calling process is suspended (& many times, also the called or DLL injected library as well), you can delete ANY potential offending injected DLL/lib virus-trojan-spyware-malware being called by said parent process, on disk.

    (This ia assuming this is a lib loaded virus/spyware/trojan/malware etc., not a standalone .exe type)

    That's done via watching loaded DLL's that ANY app may have loaded presently (For that, you would have to use ProExp's CTRL+D keystroke shortcut, with the lower pane view present/visible, & set like that) IF there is one and this thing doesn't launch by itself from one of the registry RUN areas or startup groups that is...

    (Again, especially if this is being run by "DLL Injection" (like an OLEServer being injected into a process via CLSIDs, shell extensions, or being run by rundll32.exe OR svchost.exe, process hosting executables that can spawn either .exe OR .dll/lib based ones)).

    ****

    The easier/simpler route?

    My first suggestion:


    Use Recovery Console, once you have its name & location on disk... DEL command will take care of it, lickety-split, no-$heet.

    TO INSTALL RECOVERY CONSOLE AS A BOOTUP MENU OPTION:

    1.Insert the Windows XP CD into the CD-ROM drive.
    2.Click Start, and then click Run.
    3.In the Open box, type d:\i386\winnt32.exe /cmdcons where d is the drive letter for the CD-ROM drive.
    4.A Windows Setup Dialog Box appears. The Windows Setup Dialog Box describes the Recovery Console option. To confirm the installation, click Yes.
    5.Restart the computer. The next time that you start your computer, "Microsoft Windows Recovery Console" appears on the startup menu.

    (Alternately, you may bootup from your XP/Server 2003/VISTA install media, & run it there (via bootoptions menus choices then))

    Once in the folder/directory (via CD dos command) where those rogue files are, burn them, in RC... using DEL.

    NOTE/IMPORTANT:

    You MAY have to use SECPOL.msc & give yourself rights to folders other than %windir% & its subordinates though, if the rogue files aren't underneath Windows itself... because RC's default ACL to those things is just %windir% & its subordinate folders only.

    Start in Left-hand side pane of secpol.msc -> Security Settings -> Local Policies -> Security Options (now right-hand side pane of secpol.msc) -> Recovery Console: Allow Floppy Copy and Access to all drives and folders

    APK

    P.S.=> Rootkits & how to blow THOSE out? Guess what your "best pal" is, yet again?? Ah, you guessed it - RECOVERY CONSOLE & FixMBR command!

    HOWEVER - FixMBR ONLY works on (only) BOOTSECTOR ORIGINATED TYPES though...

    There are other kinds (driven by drivers &/or kernel mode API 'hooking' & more)... Soon, & I am NOT the only person theorizing this (because I saw BIOS flash code @ rootkit.com over more than a year back no less & IMMEDIATELY said "oh boy, here comes bios flashing malware")??

    An example (a legit program I built this year for the fine Sci-Fi series from the BBC in the UK, called "Dr. Who" (longest running Sci-Fi show there is, huge fan here since the 1970's in fact)):

    ----------------------------------------------------------------------
    APK Doctor Who ScreenSaver 2008++ version 1.0:
    ----------------------------------------------------------------------

    NEW Multithreaded Dr. Who ScreenSaver for fans (free & needs testers) - DrWhoDaily

    ----------------------------------------------------------------------

    I store its .avi it plays back, INSIDE of the .scr executable, as a 'resource' I point to & playback from RAM, not disk, via a child thread (it's multithreaded design)... That said - now, consider this:

    Since ASUS & GIGABYTE have tools that 'flash' your BIOS, that now operate inside Windows itself? Well, what is stopping a "blended/combined package" threat malware from using not only "std. attack methods" but, also using rootkit techniques too! What is stopping malware makers from doing the SAME thing I do in that program above to 'disguise' their evil machinations? Well... Not much!

    Food for thought... apk
    Last edited by APK; 05-27-2008 at 10:28 PM. Reason: Adding in HOW TO INSTALL RECOVERY CONSOLE as a boot.ini BOOT MENU startup option... apk

  10. #20
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

    As you have realized, my comment was directed at wayout44's post and not yours. One of our users from the land of Oz made the same comments several years ago when a discussion came up regarding network security. It is a fleeting thing at best and is quite difficult to achieve from the perspective of a company or organization trying to keep the world at large out of their business.
    Old age and treachery will overcome youth and skill
    My Toys

Page 2 of 7 FirstFirst 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •