Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 64

Thread: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring




  1. #21
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default Russian Business Network (RBN) servers to add to your HOSTS file to block them

    As regards the "Russian Business Network" (RBN) who has been @ the heart of MANY online attacks (or, things like Zlob trojan & IDTheft related attacks, etc. et al)? Use this information to protect yourselves, from them.

    (RELIABLE/REPUTABLE SOURCE USED = http://www.spamhaus.org/rokso/eviden...kso_id=ROK7465

    ----

    FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1"

    (That is simply because iirc, the zero's based one leads to a NULL port type of request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple of reasons (which it took me some time to come up w/ & testing as to which is "better" to use)).

    SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses + loads FAR faster, & is smaller on disk is why - AND, in RAM once loaded: THUS, I am logically concluding that 0.0.0.0 is better to use period for HOSTS file blocks - same function, & @ LESSER cost, nearly all the way around (less diskspace, faster loadspeed, less memory occupancy, & etc. et al). A MORE EFFICIENT STRUCTURE!

    ----

    USING NOTEPAD.EXE

    ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):

    # === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
    0.0.0.0 rxpharmacy-support.com
    0.0.0.0 ns3.cnmsn.com
    0.0.0.0 thecanadianmeds.com
    0.0.0.0 officialmedicines.com
    0.0.0.0 psxshop.com
    0.0.0.0 10000xing.cn
    0.0.0.0 222360.com
    0.0.0.0 adslooks.info
    0.0.0.0 bnably.com
    0.0.0.0 eqcorn.com
    0.0.0.0 familypostcards2008.com
    0.0.0.0 freshcards2008.com
    0.0.0.0 happy2008toyou.com
    0.0.0.0 happysantacards.com
    0.0.0.0 hellosanta2008.com
    0.0.0.0 hohoho2008.com
    0.0.0.0 kqfloat.com
    0.0.0.0 ltbrew.com
    0.0.0.0 mymetavids.com
    0.0.0.0 obebos.cn
    0.0.0.0 parentscards.com
    0.0.0.0 postcards-2008.com
    0.0.0.0 ptowl.com
    0.0.0.0 qavoter.com
    0.0.0.0 santapcards.com
    0.0.0.0 santawishes2008.com
    0.0.0.0 siski.cn
    0.0.0.0 snbane.com
    0.0.0.0 snlilac.com
    0.0.0.0 tibeam.com
    0.0.0.0 tushove.com
    0.0.0.0 wxtaste.com
    0.0.0.0 yxbegan.com
    0.0.0.0 iframedollars.biz
    0.0.0.0 NS1.RBNNETWORK.COM
    0.0.0.0 NS1.4USER.NET
    0.0.0.0 NS1.EEXHOST.COM
    0.0.0.0 NS1.AKIMON.COM
    0.0.0.0 NAME1.AKIMON.COM
    0.0.0.0 NS2.RBNNETWORK.COM
    0.0.0.0 NS2.4USER.NET
    0.0.0.0 NS2.AKIMON.COM
    0.0.0.0 NS2.EEXHOST.COM
    0.0.0.0 NAME2.AKIMON.COM
    0.0.0.0 RUSOUVENIRS.COM
    0.0.0.0 RBNNETWORK.COM
    0.0.0.0 NS1.INFOBOX.ORG
    0.0.0.0 NS2.INFOBOX.ORG
    0.0.0.0 NS1.RUSOUVENIRS.COM
    0.0.0.0 NS2.RUSOUVENIRS.COM
    0.0.0.0 NS1.RUSOUVENIRS.NET
    0.0.0.0 NS2.RUSOUVENIRS.NET
    0.0.0.0 SBTTEL.COM
    0.0.0.0 AKIMON.COM
    0.0.0.0 AKIMON.NET
    0.0.0.0 EEXHOST.COM
    0.0.0.0 NS1.EEXHOST.COM
    0.0.0.0 NS2.EEXHOST.COM
    0.0.0.0 NS1.4USER.NET
    0.0.0.0 NS1.AKIMON.COM
    0.0.0.0 NS1.EEXHOST.COM
    0.0.0.0 NAME1.AKIMON.COM
    0.0.0.0 NS1.RBNNETWORK.COM
    0.0.0.0 NS2.4USER.NET
    0.0.0.0 NS2.AKIMON.COM
    0.0.0.0 NAME2.AKIMON.COM
    0.0.0.0 NS2.RBNNETWORK.COM
    0.0.0.0 NS2.EEXHOST.COM
    0.0.0.0 VALUEDOT.NET
    0.0.0.0 ns0.valuedot.net
    0.0.0.0 ns1.valuedot.net
    0.0.0.0 1000WATT.BIZ
    0.0.0.0 2SOVKA.NET
    0.0.0.0 AIDEN-GROUP.COM
    0.0.0.0 AKIMON.COM
    0.0.0.0 ALEKC.NET
    0.0.0.0 ANDREY-STUDIO.INFO
    0.0.0.0 AUTOKUBAN.INFO
    0.0.0.0 AVIATRAVELAGENCY.COM
    0.0.0.0 AVTOMOBILEY.NET
    0.0.0.0 BAGA****A.COM
    0.0.0.0 BAIKERGROUP.COM
    0.0.0.0 BALTICDOORS.COM
    0.0.0.0 BALTMONOLIT.COM
    0.0.0.0 BRIGADA-EL.COM
    0.0.0.0 CARPRIVOZ.COM
    0.0.0.0 CHILLERU.COM
    0.0.0.0 CVETOVODSTVO.COM
    0.0.0.0 E-GOLD-CHANGER.COM
    0.0.0.0 ELECTRONOV.NET
    0.0.0.0 FASHIONER.BIZ
    0.0.0.0 FFFFFF.ORG
    0.0.0.0 FIFACUP06.INFO
    0.0.0.0 FISHTORG.COM
    0.0.0.0 FKGARANT.COM
    0.0.0.0 FOTORETUSH.COM
    0.0.0.0 FREGATSOFT.COM
    0.0.0.0 FROLROMANOFF.COM
    0.0.0.0 FULLVER.INFO
    0.0.0.0 GAKKEL.COM
    0.0.0.0 GARANTSERVICE.ORG
    0.0.0.0 GDEDENGI.INFO
    0.0.0.0 GLAZKI.NET
    0.0.0.0 GOLD-DRAGON.INFO
    0.0.0.0 GORODM.COM
    0.0.0.0 GRAYZI.NET
    0.0.0.0 GRIFFINFLY.COM
    0.0.0.0 HEAT-ENERGO.COM
    0.0.0.0 HITEMA.NET
    0.0.0.0 HYIPREVIEW.INFO
    0.0.0.0 HYIPSMAP.COM
    0.0.0.0 ILOXX.ORG
    0.0.0.0 IMYA.INFO
    0.0.0.0 INFODOSKA.COM
    0.0.0.0 INTERNETWORLDBOOK.COM
    0.0.0.0 KLIMATA.NET
    0.0.0.0 KOMOV.NET
    0.0.0.0 KOSMETICHKA.NET
    0.0.0.0 LIDTRADE.COM
    0.0.0.0 LIFE-RU.ORG
    0.0.0.0 LPSPB.COM
    0.0.0.0 M-OST.NET
    0.0.0.0 M-UNLOCK.COM
    0.0.0.0 MAMRU.COM
    0.0.0.0 MAPSERV.COM
    0.0.0.0 MASTERDOKS.COM
    0.0.0.0 MIRMED.COM
    0.0.0.0 MOOSEMUSE.COM
    0.0.0.0 MOREPRODUCT.NET
    0.0.0.0 MUSEMOOSE.COM
    0.0.0.0 NESTRONICS.COM
    0.0.0.0 NESTRONICS.NET
    0.0.0.0 NOFUN.INFO
    0.0.0.0 OIL-GAS-MINERALS.COM
    0.0.0.0 OKOSHKA.NET
    0.0.0.0 OPTIMUS.BIZ
    0.0.0.0 OTKRITKI.NET
    0.0.0.0 OTKRITOK.NET
    0.0.0.0 PARALLELSIXTY.COM
    0.0.0.0 PASSOMONTANO.COM
    0.0.0.0 PETROBALT.NET
    0.0.0.0 PHARMACY-MD.COM
    0.0.0.0 PISKUNOV.NET
    0.0.0.0 POIGRAI.INFO
    0.0.0.0 PROETCONTRA.ORG
    0.0.0.0 PSOLAO.ORG
    0.0.0.0 ROSEL.INFO
    0.0.0.0 SBTTEL.COM
    0.0.0.0 SECONDAPPROACH.COM
    0.0.0.0 SMARTSOFTLINE.COM
    0.0.0.0 SMESHNOY.COM
    0.0.0.0 SQUAREDREAM.COM
    0.0.0.0 STROIINFORM.COM
    0.0.0.0 STROYBRIGADA.COM
    0.0.0.0 TANK-HOBBY.COM
    0.0.0.0 TECHNONORDIC.COM
    0.0.0.0 TELEUNITED.NET
    0.0.0.0 TEPLOCOM.COM
    0.0.0.0 THERMOCAUTERY.COM
    0.0.0.0 TIARU.COM
    0.0.0.0 TRADEFINANS.COM
    0.0.0.0 TRADEFINANS.NET
    0.0.0.0 TRAININGS-TRIUMPH.ORG
    0.0.0.0 TSAR-SUVENIR.COM
    0.0.0.0 UEFACUP08.INFO
    0.0.0.0 UMNIKSOFT.COM
    0.0.0.0 UNDERCOOLED.NET
    0.0.0.0 VALIDBIT.COM
    0.0.0.0 VERESC.ORG
    0.0.0.0 VOROLAIN.COM
    0.0.0.0 WHITENIGHTSHOSTELS.COM
    0.0.0.0 WORLDFONDS.NET
    0.0.0.0 XRUST.NET
    0.0.0.0 YAHOCHU.COM
    0.0.0.0 Z-GROUP.INFO
    0.0.0.0 ZDRAV.INFO
    0.0.0.0 ZHESTOV.NET
    0.0.0.0 ZOOSPB.COM
    0.0.0.0 goldenpiginvest.com
    0.0.0.0 goldenpiginvest.net
    0.0.0.0 pharmacy-viagra.net
    # === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===

    Also - You can (AND SHOULD) verify your HOSTS file location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe
    & going here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters

    & checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc

    (Unless you KNOW that YOU move it, as I do!)

    I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!

    That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
    or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).

    ----

    FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):

    I.P. address block for Russian Business Network:

    81.95.144.0/20 #SBL43489
    (81.95.144.0 - 81.95.159.255)

    And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:

    85.255.112.0/20 #SBL36702
    (85.255.112.0 - 85.255.127.255)

    69.50.160.0/19
    (69.50.160.0 - 69.50.191.255)

    194.146.204.0/22 #SBL51152
    (194.146.204.0 - 194.146.207.255)

    Lastly/Optionally - You should block all IPs starting with these if you do not care about Russia and China:

    193.
    194.
    195.
    213.
    217.
    62.64.
    62.76.

    (AND, A few major Internet providers that provide services to RBN including)

    Tiscali.uk
    SBT Telecom
    Aki Mon Telecom
    Nevacon LTD
    Frame Cash
    76service
    Noc4Hosts

    APK
    Last edited by APK; 04-07-2008 at 03:56 PM.

  2. #22
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default DON'T USE THIS WITH ActiveDirectory Network setups!

    So you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above?

    Well, I strongly suspect "they're @ it again" & here is why:

    Cyber-attack launched from 10,000 web pages:

    http://itnews.com.au/News/71994,cyberattac...-web-pages.aspx

    "A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."

    (AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)...

    APK
    Last edited by APK; 04-07-2008 at 03:57 PM. Reason: To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers!

  3. #23
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default Updated "RBN" information

    "New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:

    SECOND MASS HACK EXPOSED:

    http://www.itnews.com.au/News/72214,second...ck-exposed.aspx

    AND, the source I used for this list:

    http://ddanchev.blogspot.com/2008/03/more-...ame-attack.html

    And, the salient portion that notes that my suspicion was correct:

    "if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"

    So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:

    START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
    0.0.0.0 do-t-h-e.com
    0.0.0.0 rx-pharmacy.cn
    0.0.0.0 m5b.info
    0.0.0.0 hotpornotube08.com
    0.0.0.0 hot-pornotube-2008.com
    0.0.0.0 hot-pornotube08.com
    0.0.0.0 adult-tubecodec2008.com
    0.0.0.0 adulttubecodec2008.com
    0.0.0.0 hot-tubecodec20.com
    0.0.0.0 media-tubecodec2008.com
    0.0.0.0 porn-tubecodec20.com
    0.0.0.0 scanner.spyshredderscanner.com
    0.0.0.0 xpantivirus2008.com
    0.0.0.0 xpantivirus.com
    0.0.0.0 bestsexworld.info
    0.0.0.0 requestedlinks.com
    END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:

    FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:

    do-t-h-e.com (69.50.167.166)
    rx-pharmacy.cn (82.103.140.65)
    m5b.info (124.217.253.6)
    hotpornotube08.com (206.51.229.67)
    hot-pornotube-2008.com (206.51.229.67)
    hot-pornotube08.com (206.51.229.67)
    adult-tubecodec2008.com (195.93.218.43)
    adulttubecodec2008.com (195.93.218.43)
    hot-tubecodec20.com (195.93.218.43)
    media-tubecodec2008.com (195.93.218.43)
    porn-tubecodec20.com (195.93.218.43)
    scanner.spyshredderscanner.com (77.91.229.106)
    xpantivirus2008.com (69.50.173.10)
    xpantivirus.com (72.36.198.2)
    bestsexworld.info (72.232.224.154)
    requestedlinks.com (216.255.185.82)

    Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):

    89.149.243.201
    89.149.243.202
    72.232.39.252
    195.225.178.21

    :)

    * Enjoy, stay safe, & keep surfing!

    APK
    Last edited by APK; 04-07-2008 at 03:58 PM.

  4. #24
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default More updates on RBN attacks & servers to block in a HOSTS file (or other means)

    The "RBN"'s still @ it (per earlier in this guide/last page)

    &

    Gaining more servers to attack folks with online!

    (Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):

    http://ddanchev.blogspot.com/

    :)

    He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).

    APK
    Last edited by APK; 04-07-2008 at 04:02 PM.

  5. #25
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default Adobe Acrobat Javascript protection method (surefire one)

    For users of Adobe Acrobat Reader (of any version or patch level today - safety hint):

    Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears truly "ill will")?

    Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY?

    (I say this, & simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)

    Plus, like I had stated earlier in this guide?

    I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??

    Try this FOR ADOBE ACROBAT READER ALSO:

    TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER!

    Simply to be safe vs. attacks in it that are javascript-based in nature!

    ----

    Use Adobe Acrobat's EDIT menu

    PREFERENCES submenu

    Javascript section (in left-hand side column of options)

    & uncheck "Enable Acrobat Javascript" in the right-hand side option for that.

    ----

    What boggles MY mind, moreso in webbrowsers &/or email programs though (as far as javascript is concerned)? Browser makers are working on speeding up its processing, first, rather than securing its weak/exploitable DOM (document object model) behind it.

    Speeding up javascript in webbrowser programs, for example?

    WELL - That's only speeding up how FAST you can be infected by misuse of javascript then, really, & this is all (not good!).

    (AND, anyone reading here now can simply take a read over @ SECUNIA.COM &/or SECURITYFOCUS.COM & see that a GOOD 95% of today's attacks are hitting users via the indiscriminate use of javascript (misuse of it) on every website they go to).

    ----

    Imo @ least, but, one based on the data in this guide (plus that from security websites I noted above)?

    Javascript should be turned off by DEFAULT in a webbrowser!

    Why??

    Well, because most times, if a site needs it???

    The site errs out & signals the user javascript is required. Turn it on @ that point, IF you absolutely NEED it to be running (& only then, for useful tasks you wish to perform online, such as data access like you see on shopping &/or banking websites)

    I mean, hey: Even adbanners have been abused this way & proofs of that abound in this guide no less.

    In fact, when I noted this over @ slashdot?

    I was "modded down" for it, & just for telling the truth to javascript (& other scripting languages) developers... just for telling the truth! Boggles the mind. Secure that DOM behind javascript first, for security, AND ONLY THEN, work on speeding it up afterwards. That's not how it's being done though, unfortunately.

    ----

    10 Forces Guiding the Future of Scripting:

    10 Forces Guiding the Future of Scripting

    ----

    Another bonus (for speed this time though, not security), also exists in turning off javascript processing in webbrowsers: Speed.

    I.E.-> You're not using CPU cycles processing scripts that you probably don't actively directly use, yourself (such as ARE needed on e-commerce/shopping + banking websites, where you DO need it mostly to do actual useful tasks), & you're also not "hauling in" data from other servers (slowing you down even moreso, if not compromising your system (such as have been seen the past 4++ yrs. now or so, in bad adbanners that house javascript misuse)) that you don't really need, or want, around on your webpages you view...

    APK

    P.S.=> That assures you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!

    NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)...

    So, evidence as to WHY one should do this to Adobe Acrobat Reader (until it's patched vs. this type of thing):

    Critical Vulnerability In Adobe Reader:

    Slashdot | Critical Vulnerability In Adobe Reader

    (Dated 11/06/2008, 8 months after I noted this here no less - if/when Adobe secures THIS particular exploit in their program? Turning off javascript processing (enabled by DEFAULT in that program no less, mind you) can help protect vs. other exploits like this one, in the future, that misuse javascript)...

    ----

    Turning off javascript in this program, & also webbrowsers + email programs simply assures you that you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!

    NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)... apk
    Last edited by APK; 11-06-2008 at 09:59 PM. Reason: I needed "consciousness-fuel" (coffee) this a.m. (I had put the IPAddress-To-URL equation in the WRONG ORDER originally, for HOSTS file entries - sorry!)

  6. #26
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default Know your installed applications base (Add/Remove Programs in CONTROL PANEL!)

    USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET!

    This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area.

    IF you don't recognize a ware?

    Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).

    APK
    Last edited by APK; 04-07-2008 at 04:08 PM. Reason: NOTING REVISION OF MY LAST POST ABOVE

  7. #27
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default SECURING TELNET SERVICE & GROUPS/USERS for it...

    SECURING THE TELNET SERVICE & USER GROUPS:

    And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).

    http://www.markusjansson.net/exp.html

    Turn Telnet NTLM logging off

    -> Run: telnet.exe
    --> Type (and press enter): unset ntlm

    He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).

    APK

    P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:

    =================================
    APK "A to Z" Internet Speedup & Security Text!
    =================================


    Neowin.net - APK "A to Z" Internet Speedup & Security Text!

    It had its "dim early beginnings" back in 1997-1998, as the VERY FIRST security guide for Windows NT-based Operating Systems (2000/XP/Server 2003 currently) @ NTCompatible.com (albeit for Windows NT, & 2000 there only) as their "Article #1" here http://web.archive.org/web/200202050...article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

    =================================

    Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk
    Last edited by APK; 04-13-2010 at 09:05 PM. Reason: Editing in points of interest into it now... apk

  8. #28
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default "Checks & Balances"

    "Checks & Balances" (accuracy check of this article by "pros" (still, test for yourselves, because a simple certification doesn't a security-pro make)), Part 1

    I also "took the liberty" of contacting a "security-pro" (in Don Parker of "SecurityFocus.com" fame)!

    This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:

    **********

    Hello apk,

    I don't see any real downsides to what you posted. The only thing is that
    you need to remember the audience that it is you are trying to reach. If
    your goal was to hit the newbies as it were then you may have missed the
    mark a bit. Beyond that, it looks fine to me.

    --Don

    **********

    That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all - because mere certifications do NOT an 'expert make', as in the fellow I note above, because iirc, that is ALL he has going for him afaik & to myself @ least? THIS IS NOT ENOUGH, certs are not the same as full degrees, & not by a LONG shot in this field) in the arena of computer security!

    So, test for yourselves, via CIS Tool - to be sure...


    --------------

    Also - Do please check this page out, for even more security points:

    C S R C - Systems Administration

    Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf

    ----

    The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?

    That also lists a "6.32 Removing Malware" section as well!

    So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!

    (In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)

    Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!

    E.G.->

    • Securing wireless networks

    • Securing MS-Office apps better

    • Script file extensions associations with notepad.exe for instance (for safety vs. scripted attacks)

    • More on email & webbrowser security

    • The SIGVERIFY utility (file signature checker)

    • Disabling unneeded accounts


    That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).

    APK
    Last edited by APK; 05-23-2008 at 12:35 PM.

  9. #29
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default TESTIMONIAL visible & easily verifiable concrete evidences of effectiveness vs. mine

    http://img297.imageshack.us/img297/2240/52041100vo6.png



    That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.

    A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...

    :)

    * Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):

    http://www.xtremepccentral.com/forum...ad.php?t=28430

    APK

    P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
    Last edited by APK; 04-07-2008 at 04:12 PM. Reason: FORUMS HERE has character-per-post limits... apk

  10. #30
    Join Date
    Nov 2007
    Location
    A discrete point in the space-time continuum...
    Posts
    60

    Default Great reference site (especially for CUSTOM HOST FILES USERS)

    A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?

    SRI Malware Threat Center

    :)

    * Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!

    APK
    Last edited by APK; 05-18-2008 at 11:28 AM. Reason: Post is done I think... FINALLY! apk

Page 3 of 7 FirstFirst 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •