I'm not sure how well you can lock down a machine in a situation like
that, but there is a few things you can do to make them a little better
off.
1: have them get a dsl/cable modem router (I use a Linksys myself). This
will do a couple of things. First, it will NAT them behind the router.
This will cause the router to reject all connections that the
computer(s) behind it didn't request (making the computer ignore port
scans, somebody trying to connect to a shared drive on their computer,
etc) Secondly, most of the newer ones have a 4-port switch built in, so
that they can easily and safely add more computers.
2: get them some anti-virus software and make sure it's set to
automatically update and apply new virus definitions without
interrupting them
3: set windows xp to automatically update with microsoft
4: tell them to not click on any e-mail attachments they're not sure of
(and even if they do, the virus scanner should pick it up if it is
updating correctly)
This should protect them from just about everything popular that's
spreading around the internet these days. If everything is set up
properly, they shouldn't notice a thing (transparency is key with
un-savvy users). The only thing that would require user intervention is
#4, which is pretty easy. Just tell them that microsoft is not sending
them patches via e-mail and that's not really a picture of anna
kournikova!
In a nutshell, don't try to secure the OS, try to secure it's
environment and just make sure the OS is up to date with patches..
That's about the best you can do!
___________________________
Michael J. Wheeler
Computer Information Specialist
Pittsburg State University
Ph: 620-235-4610
E-Mail: mwheeler (at) pittstate (dot) edu [email concealed]
-----Original Message-----
From: Anderson, Kelly [mailto:kjanders (at) umich (dot) edu [email concealed]]
Sent: Wednesday, September 10, 2003 9:02 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Security for Win XP Home
Hello. I'm trying to advise a friend about how to better secure his
WinXP Home machine, and have not found anything that explains how this
can be done. This is a home machine, on an always-on cable modem, with
very un-savvy users.
All the books on XP Home I've found are pretty dumbed-down. And most of
the articles I've found discuss XP Pro and include a "blurb" about
such-and-such not being available in XP Home. Thus far, I've discovered
that the Local Users and Groups is not available, and that all
connections authenticate as "guest". This is uncomfortable for someone
who deals with domain security.
For instance, it seems that to get administrator access, one must boot
to safe mode? And what about local security policies? I'm very
familiar with locking down an XP Pro machine, both inside and outside
Active Directory domains, but can't seem to understand what's up with
Home. Anyone have any advice?
-Kelly
***********************************************
Kelly J. Anderson, MCSE
Windows 2000 Infrastructure
University of Michigan
http://www.umich.edu/~lannos/win2000
***********************************************
---
KaVaDo provides the first and only integrated Web application scanner
and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on
Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
that, but there is a few things you can do to make them a little better
off.
1: have them get a dsl/cable modem router (I use a Linksys myself). This
will do a couple of things. First, it will NAT them behind the router.
This will cause the router to reject all connections that the
computer(s) behind it didn't request (making the computer ignore port
scans, somebody trying to connect to a shared drive on their computer,
etc) Secondly, most of the newer ones have a 4-port switch built in, so
that they can easily and safely add more computers.
2: get them some anti-virus software and make sure it's set to
automatically update and apply new virus definitions without
interrupting them
3: set windows xp to automatically update with microsoft
4: tell them to not click on any e-mail attachments they're not sure of
(and even if they do, the virus scanner should pick it up if it is
updating correctly)
This should protect them from just about everything popular that's
spreading around the internet these days. If everything is set up
properly, they shouldn't notice a thing (transparency is key with
un-savvy users). The only thing that would require user intervention is
#4, which is pretty easy. Just tell them that microsoft is not sending
them patches via e-mail and that's not really a picture of anna
kournikova!
In a nutshell, don't try to secure the OS, try to secure it's
environment and just make sure the OS is up to date with patches..
That's about the best you can do!
___________________________
Michael J. Wheeler
Computer Information Specialist
Pittsburg State University
Ph: 620-235-4610
E-Mail: mwheeler (at) pittstate (dot) edu [email concealed]
-----Original Message-----
From: Anderson, Kelly [mailto:kjanders (at) umich (dot) edu [email concealed]]
Sent: Wednesday, September 10, 2003 9:02 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Security for Win XP Home
Hello. I'm trying to advise a friend about how to better secure his
WinXP Home machine, and have not found anything that explains how this
can be done. This is a home machine, on an always-on cable modem, with
very un-savvy users.
All the books on XP Home I've found are pretty dumbed-down. And most of
the articles I've found discuss XP Pro and include a "blurb" about
such-and-such not being available in XP Home. Thus far, I've discovered
that the Local Users and Groups is not available, and that all
connections authenticate as "guest". This is uncomfortable for someone
who deals with domain security.
For instance, it seems that to get administrator access, one must boot
to safe mode? And what about local security policies? I'm very
familiar with locking down an XP Pro machine, both inside and outside
Active Directory domains, but can't seem to understand what's up with
Home. Anyone have any advice?
-Kelly
***********************************************
Kelly J. Anderson, MCSE
Windows 2000 Infrastructure
University of Michigan
http://www.umich.edu/~lannos/win2000
***********************************************
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner
and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on
Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]