PC Security: Hardening Windows Security - Part 2

Details
Category: PC Security

Continuing on from our previous article: PC Security: Hardening Windows Security - Part 1  

 

These spyware prevention and other malware prevention tips and ideas are designed for a Home PC running Windows XP Professional and certain tips may apply to small home network running Windows XP Professional, as such some of the

recommendations may not work for other versions of Windows. As always, it is recommended to back up the data before making any changes to your computer.

Out of the box Windows installs with certain dangerous defaults which when left alone will prove to be the biggest bottle neck when you set upon to secure your system against malware and hackers.

 

Use the screensaver to secure your PC

This step will secure your computer when you are away for a short period. Turn on the screensaver manually or set it to activate after a fixed time interval, such as 10 minutes. Normally, in all versions of Windows the screensaver password can be set from the screensaver tab in the display properties window.

 

Turn off/Rename/Password protect the Guest account

A guest account provides access to the computer for any user who does not have a user account on the computer. Microsoft recommends against disabling the Guest account in XP Description of the Guest account in Windows XP , it can be turned off, renamed and passworded to provide comparatively more security.

To turn off Guest account access, follow these steps:

  • Click Start, click Control Panel, and then double-click User Accounts.
     
  • Click the Guest account.
     
  • Click Turn off Guest access.

Rename and password protect the Guest account, because the Guest account is known to exist on all Windows 2000 Server, Windows 2000 Professional, and Windows XP computers, renaming the account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.

To rename the Guest account in XP Pro, follow these steps:

  • Right click on 'My computer' and click 'Manage', which opens the Microsoft Management console.
     
  • Open the Users folder under Local users and groups, right click on 'Guest' and click Rename and type in your preferred unique name.
     
  • Right click on 'Guest', click properties and edit the description for the account, so as not to reveal its true nature.

To Password Protect the Guest account, follow these steps:

Right click on 'My computer' and click 'Manage', which opens the Microsoft Management console. Open the Users folder under Local users and groups, right click on 'Guest' and click set password and proceed past the security warning and set the password for the Guest account.

As Local Users and Groups option is not available in XP Home edition, follow these steps:

Click start, click run and type in the command "net user guest *" without quotes, press enter and you will be prompted for a password to use.


Rename/Password protect the administrator account

An administrator account has the largest amount of default permissions and the ability to change their own permissions. To stop the intruders from accessing your computers and gaining administrative rights from the built-in Administrator account, it is highly recommended to rename the Administrator account

To rename the administrator account in windows XP Pro, follow these steps:

  • Right click on 'My computer' and click 'Manage', which opens the Microsoft Management console.
  • Open the Users folder under Local users and groups, right click on 'Administrator' and click Rename and type in your preferred unique name.
  • Right click on 'Administrator', click properties and edit the description for the account, so as not to reveal its true nature.

To password protect the administrator account, if you have not done it already, or to change the password follow these steps:

  • Right click on 'My computer' and click 'Manage', which opens the Microsoft Management console.
  • Open the Users folder under Local users and groups, right click on 'Administrator' and click Set Password.
  • Click Proceed in the message box that appears.
  • Type and confirm the new password in the appropriate boxes, and then click OK.

 

Disable Enumeration of Account SIDs

Even if you rename the Guest and Administrator accounts, you need to be aware that there are software programs which will let an intruder find the real account by enumerating the account SIDs (Security Identifiers) as renaming an account does not change its SID. Once administrator account names were identified (by the SID), brute force password guessing began and exploitation of accounts with weak passwords immediately followed.

To disable enumeration of Account SIDs follow these steps:

  • Click Start, go to control panel, Click administrative tools and click local security policy.
     
  • Click on the "Security Options" folder in the left pane.
     
  • Scroll down and double click on Network access: Do not allow anonymous enumeration of SAM accounts and shares on the right pane.
     
  • Choose Enabled and click Apply & Ok to save the settings.

 

Use NTFS File system

Install Windows XP in a partition formatted with NTFS file system. NTFS has built-in security features which other older file systems like FAT lacks. NTFS file system allows you to configure which user can perform what sorts of operations on the available data. It allows you to encrypt files and folders to protect your sensitive data.

More on NTFS file system......NTFS.com NTFS File System.

 

Continued ... 

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok
More information