<unlurk>
While I am not exactly the strongest advocate of Microsoft,
I take issue with the statement that XP Home is 'worthless' for the unsavvy
user.
Rather , it is designed for the unsavvy user, with one feature which is
actually perfectly appropriate
The Internet Connection Firewall is in a small way a very good thing.
Any system which enables stateful inspection IP Filtering limited to common
client protocols with a
single checkbox ain't all bad . Better would be to ship it enabled.
(I understand they are thinking of doing that)
Searching Help for ICF will tell you how.
Passwords are always a good thing too ;)
That said, XP Home should *never* be considered for any really secure use -
any more than a Ford Focus should be considered for heavy hauling.
BTW - Red Had 9.0 (my other laptop OS) sets up iptables in a very similar
manner by default at installation
Cheers
d
-----Original Message-----
From: Kamal Habayeb [mailto:k.habayeb (at) cox (dot) net [email concealed]]
Sent: Wednesday, September 10, 2003 4:19 PM
To: Anderson, Kelly
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Security for Win XP Home
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anderson, Kelly wrote:
| Hello. I'm trying to advise a friend about how to better secure his
| WinXP Home machine, and have not found anything that explains how this
| can be done. This is a home machine, on an always-on cable modem,
| with very un-savvy users.
|
| All the books on XP Home I've found are pretty dumbed-down. And most
| of the articles I've found discuss XP Pro and include a "blurb" about
| such-and-such not being available in XP Home. Thus far, I've
| discovered that the Local Users and Groups is not available, and that
| all connections authenticate as "guest". This is uncomfortable for
| someone who deals with domain security.
|
| For instance, it seems that to get administrator access, one must boot
| to safe mode? And what about local security policies? I'm very
| familiar with locking down an XP Pro machine, both inside and outside
| Active Directory domains, but can't seem to understand what's up with
| Home. Anyone have any advice?
In my opinion WinXP home is worthless, but if you must use it then you can't
beat setting up a hardware firewall. This will handle most of the problems.
If this can't be done, then a software firewall is the next best thing.
Also, make sure that all the accounts have passwords. It should have a
users option under the control panel where you can set account passwords and
make the accounts private. You should also be able to disable the guest
account. For someone used to domain security, WinXP home is like driving a
car from the 1960's. -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security
Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
While I am not exactly the strongest advocate of Microsoft,
I take issue with the statement that XP Home is 'worthless' for the unsavvy
user.
Rather , it is designed for the unsavvy user, with one feature which is
actually perfectly appropriate
The Internet Connection Firewall is in a small way a very good thing.
Any system which enables stateful inspection IP Filtering limited to common
client protocols with a
single checkbox ain't all bad . Better would be to ship it enabled.
(I understand they are thinking of doing that)
Searching Help for ICF will tell you how.
Passwords are always a good thing too ;)
That said, XP Home should *never* be considered for any really secure use -
any more than a Ford Focus should be considered for heavy hauling.
BTW - Red Had 9.0 (my other laptop OS) sets up iptables in a very similar
manner by default at installation
Cheers
d
-----Original Message-----
From: Kamal Habayeb [mailto:k.habayeb (at) cox (dot) net [email concealed]]
Sent: Wednesday, September 10, 2003 4:19 PM
To: Anderson, Kelly
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Security for Win XP Home
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anderson, Kelly wrote:
| Hello. I'm trying to advise a friend about how to better secure his
| WinXP Home machine, and have not found anything that explains how this
| can be done. This is a home machine, on an always-on cable modem,
| with very un-savvy users.
|
| All the books on XP Home I've found are pretty dumbed-down. And most
| of the articles I've found discuss XP Pro and include a "blurb" about
| such-and-such not being available in XP Home. Thus far, I've
| discovered that the Local Users and Groups is not available, and that
| all connections authenticate as "guest". This is uncomfortable for
| someone who deals with domain security.
|
| For instance, it seems that to get administrator access, one must boot
| to safe mode? And what about local security policies? I'm very
| familiar with locking down an XP Pro machine, both inside and outside
| Active Directory domains, but can't seem to understand what's up with
| Home. Anyone have any advice?
In my opinion WinXP home is worthless, but if you must use it then you can't
beat setting up a hardware firewall. This will handle most of the problems.
If this can't be done, then a software firewall is the next best thing.
Also, make sure that all the accounts have passwords. It should have a
users option under the control panel where you can set account passwords and
make the accounts private. You should also be able to disable the guest
account. For someone used to domain security, WinXP home is like driving a
car from the 1960's. -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/X5UoWz5e+owG3loRAkWyAJ9Pur3rpXsC+q1hTFqkd05mTmYSbwCfV3h/
J9DEZ7r5EI4ggKWSw8pGJ3o=
=KYKz
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security
Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]