1

HARDENING WINDOWS XP:

YOUR DEFINITIVE LOCKDOWN GUIDE

222

WHAT IS A SERVICE PATCH?

This presentation will examine the following items and how to lock them down step by step. This will enable your XP system to be lean, mean and ready to do battle with attackers of all types. Windows XP Professional Configuration Checklist Details 1.Verify that all disk partitions are formatted with NTFS 2.Change Logging Settings3.Disable Indexing Service4.Protect file shares 5.Disable fast User Switching6.Use software restriction policies 7.Disable unnecessary services 8.Keep up-to-date on the latest security updates9.Use Security Baseline Analyzer

333

BEST PRACTICE #1: DISK PARTITIONS ARE FORMATTED WITH NTFS

Many older XP workstations still use the older less secure FAT, FAT32, or FAT32x files systems. The enhanced NTFS file system offers greater access controls and protections that aren't available with the FAT, FAT32, or FAT32x file systems.

Make sure that all partitions on your computer are formatted using NTFS. If necessary, use the “Convert Utility” to non-destructively convert your FAT partitions to NTFS. Before running this utility always make a backup of critical data, but that should go without saying!   

444

BEST PRACTICE #2: CHANGE SYSTEM LOGGING SETTINGS

By default the system logging does not provide for extensive logging activity. To change the system logging follow these steps:1.Open Event Viewer 2.In the console tree, click the log you want to change. 3.On the Action menu, click Properties. 4.On the General tab, in Maximum log size, specify the new log size in kilobytes. Change log sizes5.Application: 81920, overwrite as needed6.Security: 81920, overwrite as needed7.System: 81920, overwrite as needed8.To put the new setting in effect, click Clear Log.   

555

BEST PRACTICE #3: DISABLE INDEXING SERVICE

Indexing Service is a base service for Microsoft Windows operating systems that extracts content from files and constructs an indexed catalog to facilitate efficient and rapid searching. Indexing Service can extract both text and property information from files on the local host and on remote, networked hosts. The files can be simply members of a selected file system or part of a virtual Web hosted by, for example, Internet Information Services (IIS). The index server has been a major vulnerability of the XP operating systems. It is recommended to turn off this service unless otherwise needed.

To disable the indexing service performs the following steps:1.In the "Start" menu, choose "Run."2.Type "services.msc" and press Enter.3.Scroll-down to "Indexing Service" and double-click it. 4.If the service status is "Running", then stop it by pressing the "Stop" button.5.To make sure this service doesn't run again, under "Startup Type:", choose "Disabled."6.Windows search will still work if you perform these steps, but it will work more slowly than if indexing was enabled.

666

BEST PRACTICE #3: DISABLE INDEXING SERVICE

777

BEST PRACTICE #4: PROTECT FILE SHARES

By default, Windows XP Professional systems that are not connected to a domain use a network access model called "Simple File Sharing," where all attempts to log on to the computer from across the network will be forced to use the Guest account. This means that network access as well as Remote Procedure Calls (RPCS) will only be available to the Guest account. This can be a big vulnerability and has been exploited by some the most widely used attack tools targeting the Windows XP OS.

1.To change it, go to: Start => Programs => Accessories => Windows Explorer and drop down the Tools menu and select ‘Folder Options’.

888

BEST PRACTICE #5: DISABLE FAST-USER SWITCHING

When multiple users share a computer, logging off and logging on to the computer in order to switch users can become tiresome. Fast User Switching, a feature that makes it possible for you to quickly switch between users without actually logging off from the computer. Multiple users can share a computer and use it simultaneously, switching back and forth without closing the programs they are running. However, if you are not sharing computers this feature should be disable.

To disable fast-user switching:1.Go to control panel > User Accounts 2.Select “change the way users log in and out”3.Click “Off” the option for “Use Fast User Switching” 4.Apply Changes

999

BEST PRACTICE #5: DISABLE FAST-USER SWITCHING

101010

BEST PRACTICE #6: USE SOFTWARE RESTRICTION POLICIES

Software restriction policies provide administrators with a policy driven mechanism that identifies software running in their domain, and controls the ability of that software to run.

Using a software restriction policy, an administrator can prevent unwanted programs from running; this includes viruses and Trojan horses, or other software that is known to cause conflicts when installed.

Software restriction policies can be used on a standalone computer by configuring the local security policy.

Software restriction policies also integrate with Group Policy and Active Directory.

111111

BEST PRACTICE #7: DISABLE UNNECESSARY SERVICES

Hardening Windows XP included turning off any network services not required for normal operations. In particular, you should consider whether your computer needs any IIS Web services. By default, IIS is not installed as part of Windows XP and should only be installed if its services are specifically required. It is recommended that if you don’t need them, disable the following services ASAP:

1.Telnet 2.Universal Plug and Play Device Host 3.IIS (not installed by default) 4.Netmeeting Remote Desktop Sharing 5.Remote Desktop Help Session Manager 6.Remote Registry 7.Routing & Remote Access 8.SSDP Discovery Service

It is also recommend that the server service and computer browser be eliminated if you are on a stand-alone machine connected to the Internet. There is no practical use for them and leave you exposed.

121212

BEST PRACTICE #7: DISABLE UNNECESSARY SERVICES

131313

Best Practice #9: Keep up-to-date on the Latest Security Updates

The Auto Update feature in Windows XP can automatically detect and download the latest security fixes from Microsoft. Auto Update can be configured to automatically download fixes in the background and then prompt the user to install them once the download is complete.

To configure Auto Update, click System in Control Panel and select the Automatic Updates tab. Choose the first notification setting to download the updates automatically and receive notification when they are ready to be installed.

141414

WHAT IS A PRODUCT FAMILY?

A product family is a collection of products that have a related purpose. For instance, the Microsoft Windows® product family includes all Windows operating systems, such as Windows 3.11, Windows 95, and Windows 2000.

A product is one member of a product family. For instance, Microsoft Windows NT® is a product in the Windows family.

A version is an instance of a product. For instance, Windows NT 3.5, Windows NT 4.0, and Windows 2000 are different versions of the Windows NT product.

151515

SERVICE PACK VERSUS PATCHES

A service pack is a periodic update that corrects problems in one version of a product. For instance, there have been six service packs for Windows NT 4.0. Some Microsoft products use the term service release rather than service pack, but the terms mean the same thing.

A patch is an update that occurs between service packs. A patch is sometimes also referred to as a hotfix.

Note: Most patches are built to correct security vulnerabilities, but we also build patches to correct critical stability or performance issues. In this article, though, we'll only discuss security patches.

http://technet.microsoft.com/en-us/library/cc723502.aspx

161616

WINDOWS UPDATE UTILITY WINDOWS 7

Click Start > Control Panel > Windows Update

171717

VIEW UPDATE INFORMATION WINDOWS 7

From the Windows Update window, click on a link to view additional information on that update. The 1 important update was selected in this example,.

181818

Review the Update History

From the Windows Update Window, select View Update History

191919

Frequently Asked Questions

From the Windows Update window, select Updates: frequently asked questions to find out more information

202020

Settings for Automatic Updates

From the Windows Update window, select Change Settings

212121

Running Microsoft Baseline Security Analyzer

Sample Scan

222222

Additional System Information

• Links provide more information for a particular issue

• Report can be printed for documentation• Report can be copied to clipboard

232323

Administrative Vulnerabilities

Links are provided as to what was scanned, the result details, and instructions on how to correct an issue.