High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Securing MicrosoftWindows
(2000/XP/2003)
by Guillaume Kaddouch, November 2006
INDEX TABLE
INTRODUCTION....................................................................................3I – KEEPING YOUR WINDOWS UP TO DATE...........................................4
1.1. Enabling Automatic Windows Update........................................................41.2. Checking Microsoft Office updates.............................................................5
II - CONFIGURING WINDOWS SERVICES..............................................6
2.1. Disabling unneeded Windows services......................................................62.2. Setting services startup to manual............................................................9
III – REMOVING UNNEEDED PROGRAMS AT STARTUP........................10IV - RUNNING EXPOSED PROGRAMS WITH RESTRICTED RIGHTS.......11
4.1. Identifying 'critical' or 'exposed' applications..........................................114.2. Setting restricted rights for a given program (WinXP PRO/Win2K3).......114.3. Setting restricted rights for a given program (WinXP Home/Win2K).......14
V - CONFIGURING FILES AND EXTENSIONS DISPLAY.........................15VI - SETTING UP STRONG PASSWORDS..............................................16
6.1. Password complexity...............................................................................166.2. Password diversity..................................................................................16
CONCLUSION.......................................................................................18
Securing Microsoft Windows
2
/
18
Guillaume Kaddouch
INTRODUCTION
This guide is for the average user or a new user who just bought a computer, and is willing tosecure his Windows Operating System. This guide does not contain complex tips meant foradvanced users, but rather the basis of Windows security for everyday use. There is nothingincredible or until now unknown in this guide, so if you are looking at this, you can skip it. Thepurpose of this paper is to help you configuring securely your OS, and to disable some defaultdangerous settings.Lastly, I have came across badly infected computers, and some of them had at least oneantivirus, and even a firewall. Nowadays malware are more aggressive than ever, and aremore and more using user-mode rootkits to hide their files and processes, while attacking yourmain security applications to disable them. Some of these infected systems were not withoutany security, but the users have randomly added some security software withoutunderstanding what they were doing. Security is not a setup executable that you can installand forget, but instead a
global process
, beginning with the OS (configuring it), and requiringunderstanding and awareness from the one who is securing his system.Usually, when you first get a computer and are asking for advices to secure it, you are oftentold to install various security software, such as an antivirus. However, following this way, youare adding security on the top of something insecure by default, your Operating System.Windows is your security foundations, if it is weak, then everything on top of it can collapse.For instance, a malware could exploit a known Windows vulnerability in a service running bydefault, to execute, but if this vulnerability is patched, and that this service is disabled, thenthe malware is dead in it's track. Thus, you must take care of Windows itself first, this is ascritical as making the foundations of a building.In what follows, we will see together how to decrease your exposure to various threats, bydisabling unneeded Windows services, configuring few Windows options, setting up updates,controlling what is starting up, setting strong passwords, and by setting up some criticalprograms rights and privileges.This guide applies to Windows XP Home Edition and Professional Edition, Windows 2000, andWindows 2003. However, some general advices are true for all OS, so it's still good to read thisguide even if you have Windows 98.Securing Microsoft Windows
3
/
18
Guillaume Kaddouch
Add a Comment