Results 1 to 6 of 6

Thread: Security Sticky

  1. #1
    Join Date
    Oct 2006
    Location
    Moderator
    Posts
    231
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default Security Sticky

    Maybe I'll make one if you guys would find it useful.
    -dB

  2. #2
    Join Date
    Oct 2006
    Location
    jonnyGURU forums, of course!
    Posts
    16,073
    Thanks Thanks Given 
    539
    Thanks Thanks Received 
    274
    Thanked in
    198 Posts

    Default

    Ok. After all, you're the software moderator.

  3. #3
    Join Date
    Oct 2006
    Location
    Moderator
    Posts
    231
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    I am? You never responded to my PM
    -dB

  4. #4
    Join Date
    Feb 2007
    Location
    Frogstar World B
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    working on a new one myself
    (excerpt about discussing it)


    my current lineup & proceedure goes something like this:

    Hardware Firewall
    advantages and typical configurations

    Secure the OS
    partitioning the drive to separate the OS system partition and the data partition(s) from the recovery partition with the image of the secured OS.
    download and burn service packs and hotfixes previous to the install
    or employ Knoppix to do so from the fresh install
    setup automatic updates
    disable unecessary services
    disable NetBIOS (implying there are also no insecure "legacy" OS's on your network)
    disable Guest account
    setup a general user account
    rename Administrator account
    create fake Administrator account (disabled)
    enable network lockout of the true Administrator account
    Limit the number of logon accounts

    remove the "Everyone" group and replace with "Authenticated Users" shares
    disable default hidden shares, administrative shares, IPC$ (depending on networking needs)

    Unhide File extensions, protected files, all files and folders
    remove insecure subsystems (OS/2 and POSIX)

    optionally how to protect, watch\log, remove and reinstall: arp.exe \ at.exe \ cacls.exe \ cmd.exe \ Command.com \ cscript.exe \ debug.exe \ edit.com \ edlin.exe \ finger.exe \ ftp.exe \ pconfig.exe \ Issync.exe \ nbtstat.exe \ net.exe \ Net1.exe \ netstat.exe \ netsh.exe \ nslookup.exe \ ping.exe \ posix.exe \ qbasic.exe \ rcp.exe \ regedit.exe \ regedt32.exe \ regini.exe \ rexec.exe \ rsh.exe \ route.exe \ Runas.exe \ runonce.exe \ telnet.exe \ tftp.exe \ tracert.exe \ Tlntsvr.exe \ wscript.exe \ xcopy.exe
    how to remove and as needed replace the .reg file association from the registry editor (breaking any automated malware that requires the above)

    configure security policy control through GPedit and building your own MMC console
    (here you see where my tutorial is really aimed at W2K\XP Pro versions with registry tweak alternatives for XP Home)
    enable auditing (logon, object, privilege, account management, policy, system)
    set permissions on the security event log
    set account lockout policy
    assign user rights set NTFS permissions


    Install Software
    disable HTML in e-mail
    (in both Internet Explorer & Thunderbird with the option to use Allow HTML temporary in TB)
    Installing Firefox with the noscript extension
    how to restrict IE with a noaccess.rat
    optionally how to disable and restore ActiveX\WHS\VB\Java\Java Scripts in the OS itself

    Install, configure and log an AV (likely freeware with a general discussion of advantages and disadvantages of various paidware)

    Install, configure and log a rule based HIPS (my first example will employ ProcessGuard since I have a full license but here is where additional alternatives are welcome)

    Install, configure and log a rule based firewall (again recommendations Im still using Kerio PF2)

    Install, configure, log and employ a sandbox (Im going to use sandboxie in my initial example configured as a service protected by the HIPS from termination) a step by step of how to get it to play nice with the HIPS, scan and save data out of it, where and why youd want to use it, ect.

    Install and configure checksum tripwires to watch the security .exe and .dll
    (intially I'll be using Filechecker with an additional baseline generated at startup and on demand with a .bat and fsum for additional verification)

    Baselining the security with Rootkitrevealer and HijackThis and running down entries as you install additional software to maintain a current baseline. (again additional alternatives are welcome)

    Configure applications to write to the data partition rather than their default locations, change the default locations of the OS to do the same (My Documents et al)

    how to install the recovery console to the HDD\boot menu
    a .bat to automatically backup the registry at each boot (system32/config) enabling you to roll back to any previous boot not just the last known good (which gets overwritten) from the boot menu recovery console

    >>> connect to the internet start configuring software firewall

    Installing and running Baseline Security Advisor
    optionally NessusWX\Nessus 2.2.5, ATK

    installation of common aps with a good freeware list, the advantages of aps that arent employing DRM and phoning home, and what these aps require to run correctly without overloading the event log with errors or failing to run altogether if youve chosen to be really paranoid and remove\restrict the files listed above.

    some common OS tweaks and customizations (shell integrations, reg tweaks ect)
    how to Install and secure TightVNC w\ openSSH so you can remotely admin your brother\sister\GF\ect's box (if this is for them) with a tutorial on dynamicIP services

    optionally how to employ XPLite to remove large chunks of the OS that arent needed (potentially insecure) and what that can mean for updating and how to circumvent that manually. (IE, OE, WMP ect)


    cleanup HIPS and firewall rules, double check logs, save up-to-date baselines and clear all log entries

    Imaging the secured and tweaked install to the rescue partition employing examples of both freeware and Ghost.

    (a brief discussion of the importance of hard backups of the data partitions with checksum verifications, with a sad story of how a bad stick of RAM corrupted 200GB of RAID 5 array as I moved data around )

    the closing discussion leads the security wannabe to SANS, Snort, Bugtrac, Honeynet ect (and of course here) for further education or extracurricular activities. The really scary monsters that are both real and may soon be real (undetectable rootkits, virtualization exploits, port knocking, subversion of hardware EEPROM and flash memory)
    and the advantages of configuring Google news to include a few custom news sections like worm, virus, malware, exploit, hotfix and rootkit which should at least be skimmed once or twice a week.

    and finally how to conduct really risky behavior via a Live CD
    also how to employ a LiveCD (or parallel install) to detect malware from outside the OS (Slax w\ Fprot ClamAV Snort ect modules from a USAB or live CD)

    and the alternative path

    employ a Linux system to virtualize XP\W2K
    Two windigo are eating a clown, one turns to the other and says, does this taste funny to you?

  5. #5
    Join Date
    Feb 2007
    Location
    Roll around the world
    Posts
    697
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Just some comments and suggesstions
    Quote Originally Posted by Ice Czar View Post
    Hardware Firewall
    advantages and typical configurations
    Excellent for managing incoming packets -- but not everyone is in a position to buy one so its more of a "recommended" suggestion.
    Secure the OS
    partitioning the drive to separate the OS system partition and the data partition(s) from the recovery partition with the image of the secured OS.
    download and burn service packs and hotfixes previous to the install
    or employ Knoppix to do so from the fresh install
    *Use nLite to slipstream Windows and SP2 with other software, and dwonload RyanVMs Update packs to install all of Win updates with the Win installation itself.
    *Make a backup of the HDD, using XXClone or DriveImage XML, so that if any change corrupts your system, yu can load the same OS with all your files/folders/software, but working, back on.
    *When on a fully functional and stable OS (Win), scan your system for any rogue products and when clean make a good System Restore point.

    *Alternatively use Linux (any distro) for better protection and less hassle in terms of safety/security on all gates.

    I can provide you links to video and picture tutorials on nLite if you need.
    disable NetBIOS (implying there are also no insecure "legacy" OS's on your network)
    disable Guest account
    setup a general user account
    rename Administrator account
    create fake Administrator account (disabled)
    enable network lockout of the true Administrator account
    Limit the number of logon accounts

    remove the "Everyone" group and replace with "Authenticated Users" shares
    disable default hidden shares, administrative shares, IPC$ (depending on networking needs)
    Use Microsft Baseline Security Analyzer and follow its recommendations for system security especially Group Policy settings and passwords.
    Use BigFix to scan your system and net for any MS updates and install them automatically (without manual download etc). Gives more options than a Windows Auto Update...
    optionally how to protect, watch\log, remove and reinstall: arp.exe \ at.exe \ cacls.exe \ cmd.exe \ Command.com \ cscript.exe \ debug.exe \ edit.com \ edlin.exe \ finger.exe \ ftp.exe \ pconfig.exe \ Issync.exe \ nbtstat.exe \ net.exe \ Net1.exe \ netstat.exe \ netsh.exe \ nslookup.exe \ ping.exe \ posix.exe \ qbasic.exe \ rcp.exe \ regedit.exe \ regedt32.exe \ regini.exe \ rexec.exe \ rsh.exe \ route.exe \ Runas.exe \ runonce.exe \ telnet.exe \ tftp.exe \ tracert.exe \ Tlntsvr.exe \ wscript.exe \ xcopy.exe
    how to remove and as needed replace the .reg file association from the registry editor (breaking any automated malware that requires the above)
    Setup the Debugging Tools for WIndows in case of any BSOD.
    Use SNARE to analyse and monitor all your system logs.
    Get PTRG Traffic Grapher or Wireshark and keep note of your Internet port activity.
    Use Promoxitron or Cyberhawk for extra system protection.
    DriverMax- backup/check/delete system drivers.
    DriverGuideToolkit- similar to above.
    DriverCleaner- Delete waste drivers not needed.
    Install Software
    disable HTML in e-mail
    Disable JavaScript based images or sanitize them.
    (in both Internet Explorer & Thunderbird with the option to use Allow HTML temporary in TB)
    I think you meant Outlook?
    Can also be done in Mozilla too and also to use Firefox and keep up with the latest updates for security, stability and better surfing
    Installing Firefox with the noscript extension
    Excellent and with Flashblock to turn off flash on any site you need.
    Install, configure and log an AV (likely freeware with a general discussion of advantages and disadvantages of various paidware)
    The recent reviews of all 2007 paid AV, Firewalls, AS, and Security-Suite.
    Also the ones you'll know, Spyware Guard, Spyware Blaster, SpybotS&D (tea-timer), Advanced WindowsCare v2 Personal, Ad-Aware SE, a-squared Free, a-squared-hijackfree, CCleaner (cleanup system regualrly) etc.

    Avast! and AVG are my 2 pick AVs here (free)
    Install, configure and log a rule based HIPS (my first example will employ ProcessGuard since I have a full license but here is where additional alternatives are welcome)
    Install a HOSTS file (MVPS) and IE-SPYAD. Install Hostsman to monitor and manage the HOSTS file.
    Install Process Explorer and ShellXView to monitor and checkup software, handlers, BHO's, DLL,s processes, hosts, services.
    Install, configure and log a rule based firewall (again recommendations Im still using Kerio PF2)
    Sunbelt Kerio and Comodo are my favorite here for all the pluses.
    Install and configure checksum tripwires to watch the security .exe and .dll
    (intially I'll be using Filechecker with an additional baseline generated at startup and on demand with a .bat and fsum for additional verification)
    Most MD5 hash checkers will do there I guess.
    some common OS tweaks and customizations (shell integrations, reg tweaks ect)
    how to Install and secure TightVNC w\ openSSH so you can remotely admin your brother\sister\GF\ect's box (if this is for them) with a tutorial on dynamicIP services
    Style XP themes, Icon hacks etc.
    Not using torrent software thus open ports.
    Download from trusted places.
    Scan a file you download and emails. Not opening exe emails.
    (a brief discussion of the importance of hard backups of the data partitions with checksum verifications, with a sad story of how a bad stick of RAM corrupted 200GB of RAID 5 array as I moved data around )
    I have a RAID 5 setup
    and finally how to conduct really risky behavior via a Live CD
    also how to employ a LiveCD (or parallel install) to detect malware from outside the OS (Slax w\ Fprot ClamAV Snort ect modules from a USAB or live CD)
    Can also use a Live CD or GParted Live CD to edit/manage/partition a HDD.
    How to use UBCD, UBCD4Win or BartPE will be very useful too.

  6. #6
    Join Date
    Oct 2006
    Location
    Boston, MA
    Posts
    230
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Make sure you have the old saying about unplugging the computer and throwing it in the ocean.
    Condoleeza Rice is nice but I prefer A-Roni

Similar Threads

  1. Sticky topic
    By walterm in forum General PC Hardware
    Replies: 0
    Last Post: 08-16-2011, 11:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •