Page 1 of 3 123 LastLast
Results 1 to 20 of 43

Thread: Computer security

  1. #1

    Computer security

    I wasn't sure where to post this so here it is

    Since we all play an internet-game, i think a thread about personal computer-security would be helpful.
    Please add to this thread with your own tips and knowledge.

    The point in this thread is to help players...

    1. Protect their privacy.
    2. Secure their computer against infringement (hacking, malicious software etc).
    3. Make your PC more Effective.


    ************************************************** *****************

    Part one, nessesary software.

    Some people will list some of the software here more or less important, but all these diffrent software-types will help you preserving 100% control of your pc and internet-profiles.

    Anti-Virus Software.

    Anti-virus is the most important tool for keeping your PC working proper, prevent harm, hacking, remove viruses and sustain privacy.
    Programs of this kind should offer real-time protection.

    Do not have more than one Anti-virus program on your computer.


    Avast Antivius
    http://www.avast.com/
    One of the best free Anti-Virus programs available.

    AVG
    http://www.grisoft.com/
    Good program, easy too use with a good reputation.

    Norton
    http://www.symantec.com/index.htm
    Very good anti-virus program.

    Panda
    http://www.pandasoftware.com/
    Reliable program here. Offers other types of sofware aswell.

    **************************************************

    Anti-spyware.

    Software that removes spyware, everyone need this!

    You can and should use more than 1 program for removing spyware.
    The programs will overlap eachother on most areas, but the protection will be 360 degree with more.


    Adaware
    http://www.lavasoft.com/
    Easy to use, is updated regurarly.

    Microsoft Anti-spyware
    http://www.microsoft.com/
    A good program, easy to use and has enchanced features.

    Spybot
    http://www.safer-networking.org/
    Very good program, works exellent combined with Adaware and Microsoft Anti-spyware.

    CWShredder
    http://www.trendmicro.com/cwshredder/
    Specialised program.

    ********************************************

    Firewalls.

    Software of this kind gives you control of which progams is allowed to access internet/server.
    A firewall is a must-have for anyone connected to the internet.

    One program of this kind is enough.


    Zone-alarm
    http://www.zonelabs.com/store/content/home.jsp
    Very secure, easy to use.

    Zygate
    http://www.symantec.com/Products/ent...cat&refId=1006
    Good and secure.

    Active ports
    http://www.protect-me.com/freeware.html
    This is not a firewall, but the mechanic is similar. You can monitor all open TCP and UDP ports on the local computer with this.
    This particular program can be used as an addition to your firewall.

    ************************************************** *

    File-deleting programs.

    These programs will delete unessesary files from your pc such as stored passwords, last browsed url's etc.
    Btw, if you delete something it isn't really deleted...these programs helps deleted files become useless.

    CCleaner
    http://www.filehippo.com/
    Maybe the best program of this kind currently outhere.

    Eraser
    http://sourceforge.net/projects/eraser/
    This is good, very good but be careful when use it (know what you are doing)

    MRU-Blaster
    http://www.javacoolsoftware.com/mrublaster.html
    Exellent tool, easy to use.

    ************************************************** *

    Misc.

    Additional software to increase security and control...

    Rootkit-revealer.
    http://www.sysinternals.com/Utilitie...tRevealer.html
    Use this to spot most rootkits on your computer.

    Hijackthis
    http://www.spywareinfo.com/%7Emerijn/downloads.html
    Checks your registry where viruses/spyware can be found (know what your are doing).
    Additional link:
    http://hijackthis.de/index.php?langselect=english

    Abtrusion Protector
    http://www.abtrusion.com/Downloads/appersonal.asp
    It prevents software that you haven't personally installed on to the system, from running.

    CompuSecTM
    http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp
    A decryption-tool

    CrypTool
    http://www.cryptool.com/
    same as above.

    Password Safe
    http://sourceforge.net/projects/passwordsafe/
    Increases password-security.

    Process explorer
    http://www.sysinternals.com/Utilitie...sExplorer.html
    Helps you monitor whats going on.

    ************************************************** *******

    That should cover some...there is heaps more such as email-services, online scanners etc so search on the resources link under this

  2. #2
    Part two, secure your operating system(for windows).

    OS is what talks to your pc and make it operational.
    It's very important to setup your OS or else all the sofware in the world won't help you.

    Please remember!

    You can Revert the changes you made.
    Run "repair install" using your Win2k/XP cdrom. It will keep all the programs etc. but restore regular settings. Remember to update and patch your software after this "repair install".

    ************************************************** *****

    Secure IE

    1. Go to the menu in the bottom left corner in the screen and choose "Start" - "Settings" - "Control Panel" and doubleclick "Internet Options".

    2. Go to next page "Security" and move the security level bar on this "Internet zone" to "High". If you cant see the security level bar, click "Default level" and then move it to "High". This will save you from many dangers, like harmfull Active-X content and so on.

    3. Now, click "Trusted Sites" on this page and move the security level bar in here to "medium low". If you cant see the security level bar, click "Default level" and then move it to "Medium low". Now, you MUST add sites you absolutely trust to your "Trusted Sites" by pressing the button "Sites". Add pages like [without quotas] "*.microsoft.com" and press "Add". Now all the pages belong to Microsoft [like http://windowsupdate.microsoft.com] are concidered trusted. Also, remember to disable "Require server verification (https) for all sites in this zone"! It is important to add sites you trust here, so cookies, javascript, Active-X and so on, work in these pages...but only on those pages you trust! Press OK to go back to the rest of the settings.

    4. Then click the other zones and change security preferences on those zone to "High". This will ensure that every other zone than "Trusted Sites" zone is as secure as possible.

    5. Go to the next page called "Privacy" and move the bar to the top. This makes sure no cookies are stored on your computer from internet sites. The pages you have added to your "Trusted Sites" will still be able to set cookies to your computer as they are supposed to.

    6. Go to the next page called "Content" and in that page go to "Autocomplete". Disable all marks, this makes sure that no passwords or forms are saved to the browser so that someone might easily use them for whatever he desires. Passwords are meant to be kept in memory, not saved on anywhere! Also, remember to clear both passwords and forms now. Press OK to go back to rest of the settings.

    7. a) Go to the final page "Advanced" and make sure you have the following enabled:
    - "Automaticly check for Internet Explorer updates"
    - "Use SSL 3"
    - "Use TLS 1"
    - "Check for signatures on downloaded programs"
    - "Check for publisher's certificate revocation"
    - "Check for server certificate revokation"
    - "Do not save encrypted pages to disk"
    - "Warn about invalid site sertificates"
    b) Make sure you have the following disabled:
    - "Install on demand -other"
    - "Use AutoComplete"
    - "Use third-party browser extensions"
    - "Enable install on demand"
    - "Enable integrated Windows authentication"


    8. IMPORTANT! At the end, press OK so that the settings will be used by the Internet Explorer!

    If you want to be able to download files from all over the internet, you should tweak the settings a bit after making the changes described above. Follow the steps 1 and 2 but when you are in the "Security" page and "Internet" -zone, choose "Custom level". Scroll it down until you see "Download" - "File download" and choose "Enable".

    *************************************************

    System Restore (disabling it)
    Not needed feature and security-threat.

    1. Go to Control Panel / System / performance / file system / troubleshooting and disable System Restore.

    2. Run "msconfig" and go to "startup" and disable "*statemgr" from loading. After reboot, you are done!

    ************************************************** *************

    Secure the whole Windows2000 / XP

    (Read the full guide at markusjansson.net)

    -> Backup all your personal files and documents to different HDD or partition
    --> Optionally back up to CDRW or external HDD

    ^_^

    Try to close all ports and shares

    -> Control Panel
    --> Network and Internet connections
    ---> Network connections
    ----> Select connections and right click on them
    -----> Properties
    ------> Select all other items (one by one) than: TCP/IP
    -------> Uninstall
    ------> Select: TCP/IP
    -------> Properties
    --------> Advanced
    ---------> WINS
    ----------> Remove: Enable LMhosts lookup
    ----------> Select: Disable Netbios over TCP/IP
    ---> Repeat the procedure on all other connections too

    -> Control panel
    --> Performance and maintenance
    ---> Administrative tools
    ----> Computer management
    -----> Shared folders
    ------> Shares
    -------> (delete everything inside)

    -> (WindowsXP ONLY) Run: regedit.exe
    --> Go to (if key/value does not exist, create one by right clicking in the right window)
    ---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
    ----> EnableDCOM (REG_SZ)
    -----> Set to: N
    ---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
    ----> Value: DCOM Protocols
    -----> Remove ncacn_ip_tcp
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters\
    ----> Value: MaxCachedSockets (REG_DWORD)
    -----> Set to: 0
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters
    ----> SmbDeviceEnabled (REG_DWORD)
    -----> Set to: 0
    ---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\LanmanServer\Parameters\
    ----> REG_DWORD
    -----> AutoShareServer
    ------> Set to: 0
    -----> AutoShareWks
    ------> Set to: 0
    ---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\LanManServer\Parameters\NullSession Pipes\
    ----> NullSessionPipes
    -----> (Delete all value data INSIDE this key)
    ----> NullSessionShares
    -----> (Delete all value data INSIDE this key)
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurePipeServers\winreg\AllowedPaths\
    ----> Machine
    -----> (Delete all value data INSIDE this key)

    Enable Windows XP internet connection firewall (ICF)

    -> Control Panel
    --> Network and internet connections
    ---> Network connections
    ----> Select connection and right click on them
    -----> Properties
    ------> Advanced
    -------> Internet Connection Firewall (enable it)
    --------> Settings
    ---------> Make sure NOTHING is selected/enabled
    ----> Repeat the procedure on all other connections too

    Secure your Internet Explorer settings

    -> Control Panel
    --> Network and Internet connections
    ---> Internet Options
    ----> General
    -----> Temporary internet files
    ------> Settings
    -------> Set to: Every visit to page
    -----> Days to keep pages in history
    ------> Set to: 0
    ----> Security
    -----> Internet
    ------> Custom level
    -------> Reset to: High
    --------> Reset (yes)
    ------> Scroll down to "File download"
    -------> Set to: Enable (yes) (THAT IS, IF YOU WANT USERS TO BE ABLE TO DOWNLOAD FILES FROM THE INTERNET!)
    -----> Local intranet
    ------> Sites
    -------> Make sure nothing is selected!
    -----> Trusted sites
    ------> Sites
    -------> Add this web site to the zone:
    --------> Add all the domains here you can absolutely trust here (and press add after each domain)
    ---------> For example, add: *.microsoft.com
    ---------> For example, add: *.passport.com
    ---------> For example, add: *.msn.com
    ---------> For example, add: *.markusjansson.net
    --------> Make sure "require server verification..." is not selected!
    ------> Move the tab to "Medium"
    -----> Restricted Sites
    ------> Custom level
    -------> Reset to: High
    --------> Reset (yes)
    ------> Scroll down to "File download"
    -------> Set to: Enable (yes)
    ----> Privacy
    -----> Advanced
    ------> Override automatic cookie handling
    -------> First party cookies: Block
    -------> Third-party cookies: Block
    -------> Enable: Always allow session cookies
    ----> Content
    -----> Autocomplete
    ------> Disable all
    ------> Clear forms (yes)
    ------> Clear passwords (yes)
    ------> Programs
    ------> Disable: Internet Explorer should check whether it is the default web browser
    ----> Advanced
    -----> Disable everything else, but enable the following
    + Always send URL:s as UTF-8
    + Disable script debugging
    + Enable folder view on FTP sites
    + Enable page transitions
    + Show friendly http error messages
    + Show go button in address bar
    + Use passive ftp
    + Use smooth scrolling
    + Use http 1.1
    + Use http 1.1 through proxy connections
    + Dont display online media content in the media bar
    + Play animations in webpages
    + Play sounds in webpages
    + Play videos in webpages
    + Show pictures
    + Smart image dithering
    + Check for publishers certificate revocation
    + Check for server certificate revocation
    + Check signatures on downloaded programs
    + Do not save encrypted pages to disk
    + Use SSL 3.0
    + Use TLS 1.0
    + Warn about invalid site certificates
    + Warn if form submittal is being redirected

    Turn Telnet NTLM logings off
    -> Run: telnet.exe
    --> Type (and press enter): unset ntlm

    Turn SYSKEY on-> Run: syskey.exe
    --> Encryption enabled
    ---> Update
    ----> Store key locally

    Turn extra accounts off
    -> Control Panel
    --> Performance and maintenance
    ---> Administrator tools
    ----> Computer management
    -----> Local Users and groups
    ------> Local Users
    -------> Delete all users other than "Administrator" and "Guest" and the user accounts you specially have created.

    Create/edit user level accounts
    -> Run: control userpasswords2
    --> Here you can easily add, remove and edit existing accounts. Ideal composition is that you have administrator account and one user account per every user who uses your computer (and they all are protected by good passwords). If you didn't create a user level account during setup, you can easily change one of the accounts here from "administrators group" to "user".
    --> Enable: Users must enter a user name and password to use this computer
    --> After installing, you usually have TWO accounts that are in administrator group. One that is "administrator" and other that is account in administrators group (named as you named it during Windows XP installation).
    ---> Select the latter account
    ----> Properties
    -----> Group membership
    ------> Set to "Restricted User"
    ----> Reset password
    -----> Set the password what you desire, but do not use the same password as you used with your administrator account


    Turn safer login on
    -> Control Panel
    --> User Accounts
    ---> Change the way users login
    ----> Disable: Use welcome screen

    -> Run: regedit.exe
    --> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    ---> DefaultPassword
    ----> (Delete this KEY if present)

    To be continued...
    Last edited by monique; Sep 8th, 2006 at 21:34:43.

  3. #3
    Part two continued...

    Prevent not-needed programs from starting up
    -> Run: msconfig.exe
    --> Startup
    ---> Unselect all (unless you KNOW that there is some specific program launching up that you need, for example third party application for your printer, xDSL connection or similiar).
    ----> If you are unsure, still unselect all. You can later come back and re-select some if it was important.

    Close all not-needed services

    -> Control Panel
    --> Performance and maintenance
    ---> Administrative tools
    ----> Services
    -----> Go to every service EXCEPT
    + Application Layer Gateway Service
    + Application Management
    + Automatic Updates
    + Backround Intelligent Transfer Service
    + Cryptographic Services
    + DHCP Client
    + Event Log
    + Help and support
    + Human Interface Device Access
    + Internet Connection Firewall
    + Network Connections
    + Network Location Awareness (NLA)
    + Plug and Play
    + Print Spooler (if you have printers)
    + Remote Access Connection Manager
    + Remote Procedure Call (RPC)
    + System Event Notification
    + Task Scheduler
    + Telephony
    + Themes (hey, you dont want to shutdown cute themes right?)
    + Windows Audio
    + Windows Image Acquisition (if you have scanners or digital cameras attached)
    + Windows Installer
    + Windows Management Instrumentation
    + Windows Management Instrumentation Driver Extensions
    ------> Doubleclick with left mouse button or click right mouse button and select "Properties"
    -------> Startup type
    --------> Set to: Disabled
    -----> Go to
    + Automatic Updates
    ------> Startup type
    -------> Set to: Automatic

    Secure settings
    -> Control panel
    --> Performance and maintenance
    ---> Administrative tools
    ----> Local security policy
    -----> Account policies
    ------> Password policy
    ------> Enforce password history - 0 passwords remembered
    ------> Maximum password age - 360 days
    ------> Minimum password age - 0 days
    ------> Minimum password lenght - 14 characters
    ------> Password must meet complexity requirements - Enabled
    ------> Store passwords using reversible encryption for all users in the domain - Disable
    -----> Account lockout policy
    ------> Account lockout threshold - 3 invalid logon attempts.
    ------> Account lockout duration - 15 minutes
    ------> Reset account lockout counter after - 15 minutes
    -----> Local policies
    ------> Audit policy
    -------> Audit account logon events - Success, failure
    -------> Audit account management - Success, failure
    -------> Audit logon events - Success, failure
    -------> Audit Object access - Success, failure
    -------> Audit policy change - Success, failure
    -------> Audit system events - Success, failure
    ------> User rights assignment
    -------> Access this computer from the network -
    -------> Act as part of the operating system -
    -------> Add workstations to domain -
    -------> Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
    -------> Allow logon through Terminal Services -
    -------> Back up files and directories - Administrators
    -------> Bypass traverse checking - Authenticated Users,Administrators
    -------> Change the system time - Administrators
    -------> Create a pagefile - Administrators
    -------> Create a token object -
    -------> Create permanent shared objects -
    -------> Debug programs - Administrators
    -------> Deny access to this computer from the network - Everyone
    -------> Deny logon as a batch job -
    -------> Deny logon as a service -
    -------> Deny logon locally -
    -------> Deny logon through Terminal Services - Everyone
    -------> Enable computer and user accounts to be trusted for delegation -
    -------> Force shutdown from a remote system -
    -------> Generate security audits - LOCAL SERVICE,NETWORK SERVICE
    -------> Increase scheduling priority - Administrators
    -------> Load and unload device drivers - Administrators
    -------> Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
    -------> Log on as a batch job -
    -------> Log on as a service -
    -------> Log on locally - Authenticated Users, Administrators
    -------> Manage auditing and security log - Administrators
    -------> Modify firmware environment values - Administrators
    -------> Perform volume maintenance tasks - Administrators
    -------> Profile single process -
    -------> Profile system performance -
    -------> Remove computer from docking station - Authenticated Users,Administrators
    -------> Replace a process level token - LOCAL SERVICE
    -------> Restore files and directories - Administrators
    -------> Shut down the system - Authenticated Users, Administrators
    -------> Synchronize directory service data -
    -------> Take ownership of files or other objects - Administrators
    ------> Security options
    -------> Accounts: Administrator account status - Enabled
    -------> Accounts: Guest account status - Disabled
    -------> Accounts: Limit local account use of blank passwords to console logon only - Enabled
    -------> Accounts: Rename administrator account - (TYPE SOME NAME HERE AND USE IT WHEN YOU LOGIN AS ADMINISTRATOR IN THE FUTURE)
    -------> Accounts: Rename guest account - Guest
    -------> Audit: Audit the access of global system objects - Disabled
    -------> Audit: Audit the use of Backup and Restore privilege - Disabled
    -------> Audit: Shut down system immediately if unable to log security audits - Disabled
    -------> Devices: Allow undock without having to log on - Disabled
    -------> Devices: Allowed to format and eject removable media - Administrators
    -------> Devices: Prevent users from installing printer drivers - Enabled
    -------> Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
    -------> Devices: Restrict floppy access to locally logged-on user only - Enabled
    -------> Devices: Unsigned driver installation behavior - DO not allow installation
    -------> Domain controller: Allow server operators to schedule tasks - Disabled
    -------> Domain controller: LDAP server signing requirements - Not defined
    -------> Domain controller: Refuse machine account password changes - Enabled
    -------> Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
    -------> Domain member: Digitally encrypt secure channel data (when possible) - Enabled
    -------> Domain member: Digitally sign secure channel data (when possible) - Enabled
    -------> Domain member: Disable machine account password changes - Enabled
    -------> Domain member: Maximum machine account password age - 1
    -------> Domain member: Require strong (Windows 2000 or later) session key - Enabled
    -------> Interactive logon: Do not display last user name - Enabled
    -------> Interactive logon: Do not require CTRL+ALT+DEL - Disabled
    -------> Interactive logon: Message text for users attempting to log on -
    -------> Interactive logon: Message title for users attempting to log on -
    -------> Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
    -------> Interactive logon: Prompt user to change password before expiration - 14 days
    -------> Interactive logon: Require Domain Controller authentication to unlock workstation - Enabled
    -------> Interactive logon: Smart card removal behavior - Lock Workstation
    -------> Microsoft network client: Digitally sign communications (always) - Enabled
    -------> Microsoft network client: Digitally sign communications (if server agrees) - Enabled
    -------> Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
    -------> Microsoft network server: Amount of idle time required before suspending session - 1
    -------> Microsoft network server: Digitally sign communications (always) - Enabled
    -------> Microsoft network server: Digitally sign communications (if client agrees) - Enabled
    -------> Microsoft network server: Disconnect clients when logon hours expire - Enabled
    -------> Network access: Allow anonymous SID/Name translation - Disabled
    -------> Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
    -------> Network access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
    -------> Network access: Do not allow storage of credentials or .NET Passports for network authentication - Enabled
    -------> Network access: Let Everyone permissions apply to anonymous users - Disabled
    -------> Network access: Named Pipes that can be accessed anonymously -
    -------> Network access: Remotely accessible registry paths -
    -------> Network access: Shares that can be accessed anonymously -
    -------> Network access: Sharing and security model for local accounts - Classic local users authenticate as themselves
    -------> Network security: Do not store LAN Manager hash value on next password change - Enabled
    -------> Network security: Force logoff when logon hours expire - Disabled
    -------> Network security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
    -------> Network security: LDAP client signing requirements - Require signing
    -------> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
    -------> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
    -------> Recovery console: Allow automatic administrative logon - Disabled
    -------> Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
    -------> Shutdown: Allow system to be shut down without having to log on - Disabled
    -------> Shutdown: Clear virtual memory pagefile - Enabled
    -------> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enabled
    -------> System objects: Default owner for objects created by members of the Administrators group - Object creator
    -------> System objects: Require case insensitivity for non-Windows subsystems - Enabled
    -------> System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - Enabled

    Secure various other settings
    -> Control Panel
    --> Appearance and Themes
    ---> Display
    ----> Screen Saver
    -----> Set to: Blank
    -----> Set to: Wait 15 minutes
    -----> Enable: On resume, password protect
    ---> Folder options
    ----> View
    -----> Make sure the following are enabled:
    + Display the content of system folders
    + Display full address in address bar
    + Show hidden files and folders
    + Show encrypted and compressed NTFS files in color
    -----> Make sure the following are NOT enabled:
    + Automatically search for network folders and printers
    + Hide extension of known file types
    + Hide protected operating system files
    + Restore previous folder windows at logon
    + Use simple sharing
    --> Performance and maintenance
    ---> System properties
    ----> Advanced
    -----> Performance - Settings
    ------> Advanced
    -------> Virtual memory
    --------> If you have plenty or RAM (lets say 512MB or more), you can disable Windows Swapfile. This will increase performance and security, since no sensitive data can be written on the hdd (swapfile) in any situation. If you dont have that much RAM, in theory it is good idea to have fixed size swap file, lets say 256 or 512MB.
    ---------> Select each partition and "No paging file" (or set it as fixed on one partition if you dont have 512MB or more RAM)
    -----> Startup and recovery - Settings
    ------> System failure
    -------> Unselect all
    -------> Write debugging information
    --------> None
    -----> Error reporting
    ------> Select: Disable error reporting, but notify me when critical errors occur
    ----> Automatic Updates
    -----> Enable: Keep my computer up to date
    -----> Select: Download the updates automatically and notify me when they are ready to be installed
    ----> Remote
    -----> Unselect: Remote Assistance
    -----> Uselect: Remote Desktop
    ---> Power Options
    ----> Hibernate
    -----> Disable: Enable Hibernation

    -> Run: mmc.exe
    --> File
    ---> Add/Remove snap-in
    ----> Add
    -----> Select: Group policy
    ------> Finish/Close/OK
    --> Local Computer Policy
    ---> Computer configuration
    ----> Administrative Templates
    -----> Windows Components
    ------> Netmeeting
    -------> Disable remote desktop sharing - Enabled
    -----> System
    ------> User profiles
    -------> Only allow local user profiles - Enabled
    ------> Remote assistance
    -------> Solicited remote assistance - Disabled
    -------> Offer remote assistance - Disabled
    ------> Turn off autoplay - Enabled (all drives)
    ------> Network
    -------> Offline Files
    --------> Allow or disallow use of the Offline Files feature - Disabled
    -> Notice that you can use this group policy tool to restric users from altering all kinds of settings in your computer. For example, you could set up Internet Explorer settings very secure (and prevent downloading of files), and then prevent users from altering those settings. This is excellent tool when you learn to use it properly.

    Adjust event viewer settings
    -> Control Panel
    --> Performance and maintenance
    ---> Administrative tools
    ----> Event viewer
    -----> Right click: Application
    ------> Properties
    -------> Maximum log size: 10048
    -------> Select: OVerwrite events as needed
    -----> Right click: Security
    ------> Properties
    -------> Maximum log size: 10048
    --------> Select: Overwrite events as needed
    -----> Right click: System
    ------> Properties
    -------> Maximum log size: 10048
    --------> Select: Overwrite events as needed

    To be continued...

  4. #4
    Part two continued...

    Secure file and folder permissions
    -> My Computer
    --> Right click on your mouse to C:\
    ---> Properties
    ----> General
    -----> Disable: Allow indexing service to index this disk for fast file searching
    ----> Security
    -----> Add
    ------> Type: Authenticated Users
    -------> Press enter
    -----> Select: Authenticated Users
    ------> Allow: Read & Execute, List folder content, Read
    -----> Advanced
    ------> Unselect: Inherent from parent permission entries...
    -------> Copy
    ------> Remove all other users except: Administrator, System and Authenticated Users
    -------> Select: Replace permissions entries...
    --------> OK
    ---------> Yes
    --> Go to C:\documents and settings\
    ---> Right click on your mouse to Administrator folder
    ----> Properties
    -----> Security
    ------> Advanced
    -------> Unselect: Inherent from parent permission entries...
    --------> Copy
    ---------> Remove: Authenticated Users
    ----------> Select: Replace permission entries...
    -----------> OK
    ------------> Yes
    ---> Right click on your mouse to, one at the time, all other user folders (like "mom", "userX", etc.)
    ----> Properties
    -----> Security
    ------> Advanced
    -------> Unselect: Inherent parent permission entries
    --------> Copy
    --------> Remove: Authenticated users
    ---------> Add that users name (like "mom", "userX", etc.) who's folders these are. This will prevent all other users except admins from getting into their folders.
    ----------> Allow: Full Control
    ---------> Select: Replace permission entries...
    ----------> OK
    -----------> Yes
    --> Go to C:\windows (or if your Windows is installed onto some other directory, then go there)
    ---> Select "temp" folder
    ----> Properties
    -----> Security
    ------> Select: Authenticated Users
    -------> Allow: Full Control
    --> You can also set permissions like this in other partitions and folders. Please be adviced, that if you store something like games in somewhere, users who need to play those games need to have, usually, full control on those folders so that they can save games etc. Same goes if you store other files in those partitions, like music, documents etc. that other people want to not only access, but also save and edit. Then you should give "Authenticated Users" full permissions on those folders. The main thing is, that your personal folders (C:\documents and settings\userX\) are safe from other peoples tampering and so are important system folders (C:\windows\).


    -> To encrypt (EFS) the content of directories and prevent all other users (including administrators) from reading the content of files inside (only in XP pro version) the directory (notice: they can still see the file names and alter folder settings)
    -> Only use this for YOUR personal directories (like to folders where you keep personal documents etc.), do not use on system, program, etc. directories!
    --> Right click on your mouse to the directory you wish to encrypt
    ---> Properties
    ----> General
    -----> Advanced
    ------> Enable: Encrypt the contents to secure data (notice: If you are logged in as administrator, this will encrypt the data for administrator account only. To encrypt data for your USER account, please secure you WindowsXP installation, login as user and then start encrypting your folders)

    Reboot your computer, volia'!

  5. #5
    Part three, act sensible.

    Make sure your softwares and OS is regurarly updated!
    Make sure you regurarly scan your pc and use your software!
    Don't EVER give out usernames and passwords to anyone!
    Don't click on links in emails unless you know what it is!
    Understand that windows is not safe by default!
    Viruses don’t suddenly just jump into your computer, note what you download, install and run!
    All your passwords and usernames should be unique and complicated!
    Restrain from giving out personal info where it's not nessesary!
    Secutity is not determined by the pc, but the user!

    Hope this guide will be useful, kthxbye

    Resources...

    http://home.wanadoo.nl/eddy.deyl/frames.html
    http://www.markusjansson.net/
    http://forum.avast.com/index.php?topic=1509.0
    http://www.securityfocus.com/
    http://www.windowsecurity.com/

  6. #6
    Awesome Post!

    But you left out FIREFOX
    Don't even think about it. Just get it. You will be happy.
    Last edited by Sefus; Jul 27th, 2006 at 20:28:50.
    Joe "Sefus" Werkit 212/17
    Squad Commander - PR - Recruitment
    3305 Local

  7. #7
    I agree, firefox is very good.

    You also left out the absolute best anti-spyeare program :P SPYSWEEPER

    it is a yearly subscription program though but is the best

  8. #8
    Quote Originally Posted by Xephious
    I agree, firefox is very good.
    Opera pwn you =)
    now even for Nintendo DS
    (yes yes i know... arguing about what's best between opera and firefox is arguing
    what is better from solitus and atrox )

    btw, what if i'm not administrator of my pc?
    what if i'm behind a router and/or in a LAN?

    i will like to know WHAT i'm doing and WHY (i mean: "disable this option 'cause...")

    btw, BUMP for the great post and the better idea
    make this sticky
    Laerys Thiarsas aka Laerthia,
    Unit Member of Remedy/Serenity
    «There's no place i can be
    since i found Serenity»

    (from Firefly main theme)

    aka Dottor Divago on Real World
    aka Futuros, the Great Captain
    aka Laerkeep, my shopKeeper
    (\ /)
    (O.o)
    (> <)
    Help Bunny dominate Rubi-Ka: copy them in your signature!

  9. #9
    Excellent thread with very informative information. Will sticky this.

  10. #10
    Don't forget Spysweeper, it's not free but completely worth it, definitely the best anti-spyware software on the market. > http://www.webroot.com/
    `((((
    `(. .)
    ((
    v )) Kimarzt
    .m m 220/30/70 Doctor :: First and Only Doctor to Equip Hatred of the Xans :: First Doctor with Sword of Dusk

  11. #11
    Thats my girl, keep up good work Minoque, Great post!!

  12. #12
    Very impressive guide.

    Only things I would say are that Norton is pure pewp, Avast is by far the best written AV software, Norton is as ropey as um very old rope that rotted and been chewed on by rats.

    And as for Firefox, it really isnt that much more secure than IE *ONCE* you have locked it down as suggested. Only good point about it is that it might get any bugs/exploits fixed (and its had more found than IE in the last year) faster than IE does. Oh, and Opera ftw!
    Omutb - President - Ring of Destruction

    If you only knew the power of the Frosted Strawberry Poptart....

    "Once more unto the breach, dear friends, once more; Or close the wall up with our English dead." - because Wales just isnt a country

    Chernobyl, providing the freshest bottled water since 1986, for that healthy green glow.

  13. #13
    It's still plagiarism even if you give a "resource" link...

    The post itself is useful, however. Just very very bad presentation...

  14. #14
    Cool article I just read about Password Security.

    http://www.securityfocus.com/infocus/1554
    "If you say 'plz' because it's shorter than 'please', I'll say 'no' because it's shorter than 'yes'."


    SirNegs - Neutral Keeper
    Negs - Neutral MP
    Lode - Neutral Doctor

  15. #15
    wow. by that thing basicly: we're all screwed
    Joe "Sefus" Werkit 212/17
    Squad Commander - PR - Recruitment
    3305 Local

  16. #16
    Its All About The Phats.
    If you want some anti spyware that actually *works* (breathe people, breathe.....)

    Try a program called Pestpatrol. It works.

    Dont need to use Microsoft antispyware AND spydoctor AND ... AND ... AND...............................

    Just use pestpatrol. Owned.

    Thats a big long list of stuff to do Great post, very informative. I would advice reading and learning - even if people dont everything suggested here, looking at everything and making your own mind up will be a great learning excersise.
    Acetsuntura (220]/21/70) - Adventurer

  17. #17
    For those of you less familiar with the computers that seem to be on and programs in which you run on them, someone created a nice lil tool for you.

    Not really a tool but they basicly set up a bunch of good spyware programs aswell as adware programs grouped them together made it so that all you have to do is install it. http://www.hitmanpro.nl/ this it the site just dl install and let it work it's magic.

  18. #18
    an extra option for antivirus is KAV
    www.kaspersky.com

    oh and ICF should be disabled if you use any other good firewall (like zone alarm, wich disables the ICF automaticaly upon installation)

  19. #19
    Sweet thread. Good to see someone made one like this.

    Couldnt be more detailed if u ask me.
    Hey ? ! Where did my signature go. . . ?

  20. #20
    hair-raising thread!
    very useful stuff, thanks for posting!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •