Articles and Information on Cooling and Computers Reviews of Computer and Cooling Products About a True Review, Why we got Started Contact Information for A True Review Check out our affiliates.
 
 
 

Computer Specials
 

 

 

Increasing Windows 2000 and XP Security

Windows 2000 and Windows XP are a very strong server solution. Backwards compatibility, Microsoft's default assumptions, and improper configurations have created many security issues. There are a lot of unneeded services installed in Windows 2K and XP that take up extra resources and create security holes for hackers to attack your computer. This article will identify common security threats and services to disable. This article is written mainly on information for Windows 2000 but many of the same threats are in Windows XP as well.

Windows Security Threats:

A properly configured Windows machine is a very secure machine. Writing an article on security could entail thousands of pages for each setting and how to defend against each type of attack. This article is meant to be a brief overview of the major steps a user or administer can take to gain a strong foothold in securing their Windows computer.

Editing the registry and disabling services can lead to problems. Make sure you double check all your edits and perform a backup before making major changes. Only change one setting at a time to allow for ease of recovery if a problem occurs.

Registry settings are edited with a program call regedit32. Click on the Start Menu > Run > type regedt32

Services are turned on and off by the services.msc. Clock on the Start Menu > Run > type services.msc

Stop Null Sessions
This is the biggest security threat to Windows. Null sessions allow unwanted users to gain access to your computer. Null sessions are opened on NetBIOS ports 139 and 445. NetBios is Windows' default protocol for "File and Print Sharing." With automated tools, hackers will gain access to crucial system information such as accounts and passwords. NULL sessions are a built in communication share using an anonymous user and a NULL password on the NetBios port.
 
The easiest way to stop NULL session is by disabling "File and Print Sharing" on all network devices. On XP go to Control Panel > Network Connections > Properties for each adapter. On Windows 2000 go to Control Panel > Network and Dial-up Connections and select the proper connection.
 
If these services are required then make a registry entry to protect from sending sensitive data through the NetBios port. Open regedt32 from the Run Menu. Select HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > LSA. The key you want to edit is RestrictAnonymous. Change the value to a 1 or 2. A setting of 1 indicates that null connections are allowed but sensitive data is blocked being sent via the connection (only option available in NT4). A setting of 2 will disallow any NULL connections; this may conflict with some 3rd party software. There are a few hacking tools that will work on a level 1 setting and retrieve information. Reboot the machine when done.

Another way to prevent access to port 139 is to disable NetBIOS over TCP/IP. Windows will cascade to port 445 to respond to NULL sessions and other requests.
Disable SNMP services
If null sessions are disabled, another easy way to gain system information is through public SNMP.

If there are no programs using SNMP, disable this service. This is the easiest way protect against hacks and free up some memory.

If SNMP access is needed, then set SNMP not to run in a public mode. Open the registry editor. Go to HKLM > System > CurrentControlSet > Services > SNMP > Parameters > ValidCommunities. Select Security> Permissions and change them to permit only approved users access.

There is one more step to disabling public access to SNMP. Go to HKLM > System > CurrentControlSet > Services > SNMP > Parameters > ExtensionAgents and delete the value that contains the LANManagerMIB2Agent. Then rename the other entries to update the sequence, ie. 2, 3 etc. until the sequence begins with a 1.
Disable Unused Services
Disable all services that are not needed for system. Unused services only take up resources and allow attackers to use them or come through the ports they leave open.

Disable Alerter and Messenger if they are not used for they give an attacker SYSTEM rights, basically the right to run anything on your computer.

<next page>