Guidelines to secure your PC on your own
Securing your Windows
Microsoft Windows XP is being
used by a growing number of users. Windows XP is potentially much more conducive to security than its predecessors such as Windows 95 and 98—a good reason for you to upgrade your desktop system to Windows XP if you have not already done so. Following checklist describes the measures you will need to take to achieve baseline security in your Windows XP system.
Baseline Security Measures for securing your computer:
Your system will achieve a baseline level of security if you deploy the following measures:
> Use only Windows XP Professional. Windows XP Home has too many major security flaws (e.g., in XP Home every
default account has superuser privileges and cannot belong to any domain) to enable it to achieve even a baseline level of security.
> Install Windows XP only from trusted media.
> Ensure that every
partition is an NTFS partition. If any volume is FAT-formatted, enter convert <partition letter>: /fs:ntfs
For example, to convert the D partition into an NTFS partition, enter convert d: /fs:ntfs and then reboot your system.
> Check to see whether Service Pack 2 (SP2) has been installed by going from Start to Run, then entering “winver”.
> Install the latest post-SP2 hotfixes from www.windowsupdate.com
> An "unprotected share" is a share that permits everyone to connect to it; the worst case is a share that allows everyone to assume full control or to write and delete. Many Windows systems users have unprotected shares. The result is greater likelihood that their systems will be successfully attacked by hackers, worms, etc. Unprotected shares are one of the major causes of security-related incidents in Windows systems.
> Leave the Guest account disabled. Double-click on this account name and ensure that "Account is Disabled" is checked.
> Activate the screen saver. This will help protect against unauthorized physical access. Go to the Control Panel, then Display, then Screen Saver (or right click on the desktop to Properties and click on the Screen Saver tab). Be sure to password-enable the screen saver and also to set the activation period to 30 minutes.
> Be sure to run AntiVirus on your system, and to keep its signatures updated every day.
Block NetBIOS ports over TCP/IP
Block NetBIOS ports over TCP/IP to all Internet traffic if you need to enable file sharing for your machine so no one from the outside can access the contents of your hard drives through these ports. This can be accomplished with either one of these two methods:
Preferred method: Block incoming and outgoing access to ports 135, 137-139, and 445 with your firewall. ZoneAlarm (a free personall firewall) does this by default when you set the Internet Zone Security to "high". (The "medium" Internet Zone Security default settings only block incoming access to NetBIOS ports and you can manually change that to include outgoing, but remember - any Internet Zone Security setting lower than "high" is not recommended for use in the Internet Zone.)
Backup your files Keep current backups of all personal and system files. A backup can restore lost data in the event your system's security is compromised or your critical files become corrupt.
What system files to backup?
Daily backups of your registry files are recommended. In addition, always create a backup before installing any new program or making any changes to your system settings.
Since system files in Windows XP cannot be simply copied while they are in use, XP users should use System Restore to create restore points. (A shortcut is placed by default under System Tools in the Start Menu, or you can find it at %SystemRoot%System32restorerstrui.exe.)
Disable Fiand Print Sharing
Disable File and Printer Sharing in your network settings if you are using a computer that is not connected to a Local Area Network (LAN). This will shut all NetBIOS ports - those which are used for the sharing of files. Even if you are using a router and a firewall, this is giving you added protection by disabling something you don't need.