Peace. I am sun7. I browsed this site and it looks like this is the place to get aid.
I want to format my harddrive, install windows XP, and Securely "lock it down"
My OS is windows xp pro sp2. Looking for information on closing my ports and information on software that: alerts me when i am being attacked on my ports. Also antivirus recommendations wwould be needed
On paper i have 4yrs hardware and 1 yr service desk, with non profit experience so i am comfortable with downloads, installs and exchanging hardware.
My program, programming, OS and Wireless Security knowledge needs much improvement. my lack of software experience with, is affecting my hardware now. striving to "Learn the basics in a safe environment!!!"
Windows xp - securing pc against viruses and port awarene.
Windows xp - securing pc against viruses and port awarene.
Intelligence is born from the mind, Teaching and studying are ways of a civilized person.....
-
hiper
- On the way to fame!
- Posts: 49
- Joined: 19 Jan 2009, 17:00
- 15
- Location: in front of my comp
- Contact:
take a look at
HIPS - Host-based Intrusion Prevention Systems
and
Snort is an open source network intrusion prevention and detection system
hiper
HIPS - Host-based Intrusion Prevention Systems
Code: Select all
http://suck-oold.com/modules.php?name=Forums&file=viewtopic&t=6415
Snort is an open source network intrusion prevention and detection system
Code: Select all
http://www.snort.org/
Hey Sun,
Securing your box starts with the right mind set, good practices like cautious/intelligent downloading, keeping your security updates current, and knowing what your system is supposed to look like. After that you have 2 main focuses and a bunch of spin-offs. The major groups are firewall and anti-virus... the spin-offs are as varied as your needs.
Firewalls block in one of two ways, application level or packet level. Application level firewalls (like zonealarm) ask you if specific programs have access to the internet, while packet level firewalls (like comodo) tell you that program X is acessing site Y from port Z.
After that you have hardware firewalls which you can put between you and the interwebs... but that's not really about software.
Anti-virus is important, but less so then firewalling in my opinion. with good practices your need for a virus scanner is minimal... good to keep one around, yeah... necessary to have it scan ever night while you're sleeping... probably not so much.
The forums go round and round about best firewall and best AV, you're just gonna have to try a few and find which ones you like. I use AVG Free for antivirus, she's not the slim and efficient lady I fell in love with all those years ago... but I have faith in her abilities. Other ones that have a strong following are AVAST and ESET 32.
I use Comodo Free firewall, when I use one at all, and I am behind a hardware firewall as well. Comodo isn't the easiest to set up... but once you hammer out the settings it's a good one.
Before hooking your computer up to the internet, and after you have your drivers installed, is a good time tto creat a back up or ghost image. It's also a good time to install tripwire if you're going to take a snapshot of your system and if you are not going to snap shot it is a good time to use process explorer to get an idea of what is 'normal' for your system. Check this 'snap shot' with future ones and see how your system changes as you install and move things.
EDIT: It just occurred to me that Tipwire is predominately a Linux solution and I'm not sure of a free Windows alternative.
More advanced topics include IDS's... but if you are running a home computer, I don't think you need to worry about that level of security
Not a complete llist, but a good start I feel... just woke up so I'm off to get some food
Securing your box starts with the right mind set, good practices like cautious/intelligent downloading, keeping your security updates current, and knowing what your system is supposed to look like. After that you have 2 main focuses and a bunch of spin-offs. The major groups are firewall and anti-virus... the spin-offs are as varied as your needs.
Firewalls block in one of two ways, application level or packet level. Application level firewalls (like zonealarm) ask you if specific programs have access to the internet, while packet level firewalls (like comodo) tell you that program X is acessing site Y from port Z.
After that you have hardware firewalls which you can put between you and the interwebs... but that's not really about software.
Anti-virus is important, but less so then firewalling in my opinion. with good practices your need for a virus scanner is minimal... good to keep one around, yeah... necessary to have it scan ever night while you're sleeping... probably not so much.
The forums go round and round about best firewall and best AV, you're just gonna have to try a few and find which ones you like. I use AVG Free for antivirus, she's not the slim and efficient lady I fell in love with all those years ago... but I have faith in her abilities. Other ones that have a strong following are AVAST and ESET 32.
I use Comodo Free firewall, when I use one at all, and I am behind a hardware firewall as well. Comodo isn't the easiest to set up... but once you hammer out the settings it's a good one.
Before hooking your computer up to the internet, and after you have your drivers installed, is a good time tto creat a back up or ghost image. It's also a good time to install tripwire if you're going to take a snapshot of your system and if you are not going to snap shot it is a good time to use process explorer to get an idea of what is 'normal' for your system. Check this 'snap shot' with future ones and see how your system changes as you install and move things.
EDIT: It just occurred to me that Tipwire is predominately a Linux solution and I'm not sure of a free Windows alternative.
More advanced topics include IDS's... but if you are running a home computer, I don't think you need to worry about that level of security
Not a complete llist, but a good start I feel... just woke up so I'm off to get some food
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
-
computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
I agree with everything lilrofl said....well almost. 
Everything at least up to the Anti-Virus part. As i do a lot of repairs and fix computers, i fix a lot with virus's due to downloading music, movies and software and any other thing people look for on the internet. The amount of computers that i repair with AVG Free on, which even after spyware, malware and virus scans, i can run comodo anti-virus on and find more is.....well almost always. I would also say you have more control over the way you use your ant-virus and the files it does pick up where a lot of ant-virus software automatically remove the suspect file. OK you can turn it off for cracks etc but with Comodo you have the control.
I am a great believer in free software, what i dont like is the free 30 BS free day trials with norton or the amount of people i speak to that have paid up to £60 from PC World etc. I used to put AVG on to peoples computers a few years ago, also Avast to. What i wont do is put a cracked version on for anyone, its not worth getting done for, you never know who the customer is. Free is always the best option. A lot of people can only just afford the £30 fee for the repair never mind an extra X amount of Pounds for anti-virus software.
Get used to netstat too or download TCPView and also download and learn how to use wireshark. Learn how your computer connects to other machines. If you think something is suspicious then run a virtual machine and work from there.
Check also which services you need running, windows has a lot of services running that a home user would never use, some may, some may not. Learn which can be disabled and what each one is for.
Know your machine
Everything at least up to the Anti-Virus part. As i do a lot of repairs and fix computers, i fix a lot with virus's due to downloading music, movies and software and any other thing people look for on the internet. The amount of computers that i repair with AVG Free on, which even after spyware, malware and virus scans, i can run comodo anti-virus on and find more is.....well almost always. I would also say you have more control over the way you use your ant-virus and the files it does pick up where a lot of ant-virus software automatically remove the suspect file. OK you can turn it off for cracks etc but with Comodo you have the control.
I am a great believer in free software, what i dont like is the free 30 BS free day trials with norton or the amount of people i speak to that have paid up to £60 from PC World etc. I used to put AVG on to peoples computers a few years ago, also Avast to. What i wont do is put a cracked version on for anyone, its not worth getting done for, you never know who the customer is. Free is always the best option. A lot of people can only just afford the £30 fee for the repair never mind an extra X amount of Pounds for anti-virus software.
Get used to netstat too or download TCPView and also download and learn how to use wireshark. Learn how your computer connects to other machines. If you think something is suspicious then run a virtual machine and work from there.
Check also which services you need running, windows has a lot of services running that a home user would never use, some may, some may not. Learn which can be disabled and what each one is for.
Know your machine
The devil can cite Scripture for his purpose.
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
You said it Thugy. 'know your machine'
I'll look into Comodo AV Free on your recommendation. I've been using AVG for a decade, and I'm always looking for other options. I didn't like Avast at all, but I've never tried Comodo.
I agree that AV is important, I rarel feel the need to run them without cause as I practice very good download habbits and do not P2P.
great POV, and again to know your machine is the best security measure you can make..
I'll look into Comodo AV Free on your recommendation. I've been using AVG for a decade, and I'm always looking for other options. I didn't like Avast at all, but I've never tried Comodo.
I agree that AV is important, I rarel feel the need to run them without cause as I practice very good download habbits and do not P2P.
great POV, and again to know your machine is the best security measure you can make..
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
One interesting source I found was the NSA's guidance papers on securing a variety of Operating Systems from Mac OS X (10.5 and 10.4) to Vista, Server 2003, and XP.
[
[
Code: Select all
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtmlVery useful information This is getting me on the right path.
Services to run on XP? There are a lot so this could take a while. I am not familiar with which ones to disable, so i am researching now.
I am going to ghost when i get done with my knowledge on "services". That's a strategy i've heard about but nobody taught me the reason or importance.
I fix computers too, so i want to make the people in my family and my immediate friends "bare minimum" OS's with free/open source AV/FW.
hiper - good look on the post. HIPS is a new term for me that I wont forget, and I read a bunch of other posts to see whats going on in technology with that.
Snort just didnt work for me, but the posts helped and continued to lead me in the right direction...sincerely appreciate that hiper
lilrofl - downloading in the past has gave me trouble. I can get all the information from trusted sites like this. I am also new to forums and posting.....Im loving it though....
I appreciate that info you gave and i tried the look and feel of the AV & F/W websites, information on the product and support info, then i downloaded and played around to see how fast the installs were, what information was presented and how clear it was presented for me. If it was software or packet based, and a whole bunch of things just to get a quick feel. Bulkyness, speed, etc... I was really looking for "port" information in the AV/FW b/c i want to understand that better.
I am going to stick with Comodo lilrofl. That is a great tool.
trip, snap and ghosting are coming soon. i just have to understand services better to figure out what i can disable for good.
cthug - there you go man i see you
i immediately saw the control that you have with comodo, so that stood out. The website stood out too with information on what i was about to get. the download was easy and configuration was cool. for not having hardware as a firewall, i was convinced to try out comodo until a change is needed for fw and av.
wireshark, i am new to but i understand the basics. im gonna research the questions i have about that because i see it can be very useful. i like the netstat commands, mixed with the protocol/port information in comodo and that TCPview, and you can learn alot about your system and network traffic montoring. i like those 3 in combination, i just need to get further with wirshark when i lock my system down better.
I feel your fire cthug on the money and fixing pc's for people. i will talk to you about that later but not on this post. i was about to get a little emotional b/c to me, nothing beats the look of a persons face after you fix their pc. Lets be forreal...........A company has all those, scientist, mathmeticians, lawyers, engineers, financiers, and employees and the thing still breaks and "WE" fix it....
cthug you gotta give me some time to understand the services to disable. everyone is helping on the right path tho
alien1 - Peace, just curious what you are running for AV/FW?
sun7
stavros - that information looks useful. that actually led me to search for configuration guiedlines etc. im gonna see whats out there because this is a new term for me. thanks for that extremely useful link....
sincere thanks yall for the help.
Defeat failure by work - The only way to defeat failure is to keep working..
Services to run on XP? There are a lot so this could take a while. I am not familiar with which ones to disable, so i am researching now.
I am going to ghost when i get done with my knowledge on "services". That's a strategy i've heard about but nobody taught me the reason or importance.
I fix computers too, so i want to make the people in my family and my immediate friends "bare minimum" OS's with free/open source AV/FW.
hiper - good look on the post. HIPS is a new term for me that I wont forget, and I read a bunch of other posts to see whats going on in technology with that.
Snort just didnt work for me, but the posts helped and continued to lead me in the right direction...sincerely appreciate that hiper
lilrofl - downloading in the past has gave me trouble. I can get all the information from trusted sites like this. I am also new to forums and posting.....Im loving it though....
I appreciate that info you gave and i tried the look and feel of the AV & F/W websites, information on the product and support info, then i downloaded and played around to see how fast the installs were, what information was presented and how clear it was presented for me. If it was software or packet based, and a whole bunch of things just to get a quick feel. Bulkyness, speed, etc... I was really looking for "port" information in the AV/FW b/c i want to understand that better.
I am going to stick with Comodo lilrofl. That is a great tool.
trip, snap and ghosting are coming soon. i just have to understand services better to figure out what i can disable for good.
cthug - there you go man i see you
i immediately saw the control that you have with comodo, so that stood out. The website stood out too with information on what i was about to get. the download was easy and configuration was cool. for not having hardware as a firewall, i was convinced to try out comodo until a change is needed for fw and av.
wireshark, i am new to but i understand the basics. im gonna research the questions i have about that because i see it can be very useful. i like the netstat commands, mixed with the protocol/port information in comodo and that TCPview, and you can learn alot about your system and network traffic montoring. i like those 3 in combination, i just need to get further with wirshark when i lock my system down better.
I feel your fire cthug on the money and fixing pc's for people. i will talk to you about that later but not on this post. i was about to get a little emotional b/c to me, nothing beats the look of a persons face after you fix their pc. Lets be forreal...........A company has all those, scientist, mathmeticians, lawyers, engineers, financiers, and employees and the thing still breaks and "WE" fix it....
cthug you gotta give me some time to understand the services to disable. everyone is helping on the right path tho
alien1 - Peace, just curious what you are running for AV/FW?
sun7
stavros - that information looks useful. that actually led me to search for configuration guiedlines etc. im gonna see whats out there because this is a new term for me. thanks for that extremely useful link....
sincere thanks yall for the help.
Defeat failure by work - The only way to defeat failure is to keep working..
Intelligence is born from the mind, Teaching and studying are ways of a civilized person.....
-
computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Well you are on the right track, and you'll find no lack of opinion here for security from competent people.
Glad you like comodo firewall, it's a good one having all the options you'll need to grow into while being simple enough to start using without too much hassle.
Making an image of your computer after setup, but before you connect to the net is a valuable thing, I am predominately a linux user so I use DD for that, windows utilities are available but the only one I've had any experience with would be Norton Ghost... and only because it came with the computer. Look around, I'm sure you;ll find something. Reason it's important is because when you DO have a catastrophic failure you can get back to base very quickly.
Wireshark is just another topic, but it is your friend Along with nmap it is very useful in discovering malware that your scanner hasn't picked up. Use it and get familiar with what your system looks like while preforming your routines because everything you do has a pretty consistent footprint (yahoo messenger as compared to MSN messenger for instance look different)
I'll mention again that IDS is a bit over home use need... but if you want to get into it there is no reason not to.
You're on a good road, good luck =)
Glad you like comodo firewall, it's a good one having all the options you'll need to grow into while being simple enough to start using without too much hassle.
Making an image of your computer after setup, but before you connect to the net is a valuable thing, I am predominately a linux user so I use DD for that, windows utilities are available but the only one I've had any experience with would be Norton Ghost... and only because it came with the computer. Look around, I'm sure you;ll find something. Reason it's important is because when you DO have a catastrophic failure you can get back to base very quickly.
Wireshark is just another topic, but it is your friend
Along with nmap it is very useful in discovering malware that your scanner hasn't picked up. Use it and get familiar with what your system looks like while preforming your routines because everything you do has a pretty consistent footprint (yahoo messenger as compared to MSN messenger for instance look different)I'll mention again that IDS is a bit over home use need... but if you want to get into it there is no reason not to.
You're on a good road, good luck =)
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, "open ports" are only open because of the services that wait for connections behind those ports. better than blocking those ports is always to simply disable the services completely. disabling unneeded services also improves the general system performance...
so here are some quick tips (I use those settings too since years):
- start->run->services.msc
- disable the "SSDP discovery" service (rightclick->properties->starttype disabled)
- disable the "windows time" service
I am using the german XP version, so the services are most likely named a little different. after a reboot port 5000/1900 and port 123 (UDP) will be closed.
- disable netbios (port 445):
start->run->regedit
HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
create a new DWORD entry:
"SMBDeviceEnabled"=dword:00000000
those settings are all safe to use, don't disable other services if you don't exactly know what you are doing...
so here are some quick tips (I use those settings too since years):
- start->run->services.msc
- disable the "SSDP discovery" service (rightclick->properties->starttype disabled)
- disable the "windows time" service
I am using the german XP version, so the services are most likely named a little different. after a reboot port 5000/1900 and port 123 (UDP) will be closed.
- disable netbios (port 445):
start->run->regedit
HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
create a new DWORD entry:
"SMBDeviceEnabled"=dword:00000000
those settings are all safe to use, don't disable other services if you don't exactly know what you are doing...
cthug peace. -
i went to that and it was what i needed. it helped me compare to other charts too, so i saw an overall base of what i needed and not needed. VERY MUCH appreciated. Now im confidant enough to research, disable, enable, start/stop different services as i add/remove, hardware/software. I can see how services affect my pc directly. really helps to get deeper in "knowing your machine". with adding in the info about registry (bad_b post - i am novice to registry) it is key element. thx - wont ever forget and i have more to learn, understand, teach and share now....peace
lilrofl -
you are definitely right simple to start, not much hassle, all the options...COMODO
Wireshark looks like is more detailed packet info so that is too useful. . Nmap, i have heard of that and footprints but never used tested. ill look for the information and read through some tutorials, etc and look at some videos. ill look at other competition too in case thats not for me.
i will look at norton ghost for windows and DD b/c i am going to use linux/ubnuntu. i couldnt get the sound driver or wireless adapters working for it a few months ago so i went back to windows xp .](./images/smilies/eusa_wall.gif "Brick wall")
i have a copy of ubuntu though. i have a second machine so ill install and research, then talk in another post for DD.
appreciate that. you helped me tremendously...peace
bad_b peace - you.are.a.bad.man-nice.stuff
done and done.
im on a home network, but using xp pro ps2 eng, us. windows time service was on so i disabled that. no need with no servers to connect to... research led me to see that hackers really exploit that so i am glad i can prevent on my system.
Upnp makes sense. i immediately saw difference between upnp and pnp and now i know this is not needed for me. i saw it opens port 1900 udp alot too and that was questionable. i now se with the software tools yall showed me how that directly relates to some of the services on my system. helping to "know my system". thx man.
i am looking through information on registry. i only made small changes to it a while back on other systems, so i am reading up on it now before i make changes to that on my system. i know it is very important to a system,and read that everything on a system hardware and software relates to registry. i will research here to familiarize before editing.
sincerely appreciated you all.
MORE TO KNOW - MORE TO GROW.
i went to that and it was what i needed. it helped me compare to other charts too, so i saw an overall base of what i needed and not needed. VERY MUCH appreciated. Now im confidant enough to research, disable, enable, start/stop different services as i add/remove, hardware/software. I can see how services affect my pc directly. really helps to get deeper in "knowing your machine". with adding in the info about registry (bad_b post - i am novice to registry) it is key element. thx - wont ever forget and i have more to learn, understand, teach and share now....peace
lilrofl -
you are definitely right simple to start, not much hassle, all the options...COMODO
Wireshark looks like is more detailed packet info so that is too useful. . Nmap, i have heard of that and footprints but never used tested. ill look for the information and read through some tutorials, etc and look at some videos. ill look at other competition too in case thats not for me.
i will look at norton ghost for windows and DD b/c i am going to use linux/ubnuntu. i couldnt get the sound driver or wireless adapters working for it a few months ago so i went back to windows xp .
i have a copy of ubuntu though. i have a second machine so ill install and research, then talk in another post for DD.appreciate that. you helped me tremendously...peace
bad_b peace - you.are.a.bad.man-nice.stuff
done and done.
im on a home network, but using xp pro ps2 eng, us. windows time service was on so i disabled that. no need with no servers to connect to...
research led me to see that hackers really exploit that so i am glad i can prevent on my system. Upnp makes sense. i immediately saw difference between upnp and pnp and now i know this is not needed for me. i saw it opens port 1900 udp alot too and that was questionable. i now se with the software tools yall showed me how that directly relates to some of the services on my system. helping to "know my system". thx man.
i am looking through information on registry. i only made small changes to it a while back on other systems, so i am reading up on it now before i make changes to that on my system. i know it is very important to a system,and read that everything on a system hardware and software relates to registry. i will research here to familiarize before editing.
sincerely appreciated you all.
MORE TO KNOW - MORE TO GROW.
Intelligence is born from the mind, Teaching and studying are ways of a civilized person.....
-
Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
I am going to have to start to learn how to make copies of my installations my self. I have tried using clonezilla but I have not had much luck with that too my surprise. I did not expect that. I figured I was going to make several copies of my linux installations as well and save it all to some HD all in one go but now I figure I may need to use a windows program to make a copy of my windows installation. That way I can avoid making new installations of windows. Once I set out to do this I am going to make a really secure windows installation. One of the things that I am going to do is to remove all those unecesary services. There is quite a lot of them you do not actually need and it can speed up the boot up process of windows too as well as making it more secure. After that I would create a limited account from which I would surf the net. I would install a firewall but preferably one that does not install an AV. That may be difficult as most firewalls now come with AV's and most AV's come with firewall.
We will either find a way, or make one.
- Hannibal
- Hannibal
-
Pong18
- Cyber Mushroom
- Posts: 357
- Joined: 20 May 2009, 16:00
- 14
- Location: Manila, Philippines
- Contact:
Optimize XP:
Try this link on for Optimizing XP
this is where i learned how to make XP faster. but i really do have some doubts on the web browser part about ie and ff. but anyway 90+% of it really speeds up your xp machine. it also contains a list of services to set automatic or disabled and some useful tips. just don't mind the stuff that it sells on the middle part of the page.
Try this link on for Optimizing XP
this is where i learned how to make XP faster. but i really do have some doubts on the web browser part about ie and ff. but anyway 90+% of it really speeds up your xp machine. it also contains a list of services to set automatic or disabled and some useful tips. just don't mind the stuff that it sells on the middle part of the page.
