How To Lock Down Windows Xp

In this article, nosotros volition look at Windows based Security on your XP Desktop Systems. I have yet to come across anything out at that place most how to cheque over and secure your desktop on Microsoft'southward newest OS. In this article we will look at Windows XP Professional person and what you need to do to be secure. This is a kickoff to finish article on the fundamentals of Bone desktop security – Microsoft style. After reading this, you may exist surprised about some of the items yous may accept taken for granted! Lets have a look…

Lock it down – at present!

In this article, nosotros will look at the post-obit items and how to lock them downwardly pace by stride. This volition enable your XP organisation to be lean, mean and fix to do battle with attackers of all types.

• Windows XP Professional Configuration Checklist Details
  
• Verify that all deejay partitions are formatted with NTFS
  
• Protect file shares
  
• Use Net Connexion Sharing for shared Internet connections
  
• Enable Internet Connection Firewall
  
• Use software brake policies
  
• Use business relationship passwords
  
• Disable unnecessary services
  
• Disable or delete unnecessary accounts
  
• Make sure the Guest account is disabled
  
• Set stronger countersign policies
  
• Set account lockout policy
  
• Install anti-virus software and updates
  
• Keep upward-to-engagement on the latest security updates
  

Verify that all disk partitions are formatted with NTFS

NTFS partitions offer access controls and protections that aren't bachelor with the FAT, FAT32, or FAT32x file systems. Make sure that all partitions on your reckoner are formatted using NTFS. If necessary, utilise the Convert utility to non-destructively convert your FAT partitions to NTFS. Be careful! I take goofed this up myself then exist careful and e'er make a backup of critical data, merely that should go without saying!

Protect file shares

Past default, Windows XP Professional systems that are not connected to a domain apply a network access model called "Simple File Sharing," where all attempts to log on to the computer from across the network volition be forced to apply the Guest account. This ways that network admission through Server Message Cake (SMB, used for file and impress access), also as Remote Procedure Call (RPC, used by most remote management tools and remote registry access) will only be available to the Guest account. Ok, this is lame and we should modify this. To change it, get to: Start => Programs => Accessories => Windows Explorer and drop down the Tools menu and select 'Folder Options'.

In the Unproblematic File Sharing model, file shares tin be created and so that access from the network is read-just, or admission from the network is able to read, create, change, and delete files. Uncomplicated File Sharing is intended for use on a home network and behind a firewall, such every bit the ane provided past Windows XP. If you are connected to the Internet, and are non operating behind a firewall, you lot should remember that any file shares you create might be accessible to whatsoever user on the Internet.

My recommendation is that y'all DISABLE IT!

To disable Simple File Sharing

• Go to Folder Options as viewed above
  
• Select the View tab
  
• Go to Advanced Settings
  
• Clear the Utilize Simple File Sharing box
  
• Close out of Binder Options

For more info on File Sharing with XP, you can visit commodity Q304040

Enable Internet Connection Firewall (ICF)

ICF provides protection for Windows XP computers that are direct connected to the Internet, or for the computers or devices connected to the Internet Connection Sharing host computer that is running ICF.

To enable ICF, correct-click an Internet connexion in Network Connections, click Properties, click the Advanced tab, and then select the advisable bank check box.

I would advise getting a real firewall product that is more robust then this, simply if this is all you have, enable it!

Employ software brake policies

Software restriction policies provide administrators with a policy driven machinery that identifies software running in their domain, and controls the power of that software to run. Using a software restriction policy, an administrator can prevent unwanted programs from running; this includes viruses and Trojan horses, or other software that is known to cause conflicts when installed. Software restriction policies can be used on a standalone computer by configuring the local security policy. Software restriction policies also integrate with Group Policy and Active Directory.

Use account passwords

To protect users who practice non password-protect their accounts, Windows XP Professional accounts without passwords can simply be used to log on at the physical computer panel. By default, accounts with blank passwords can no longer exist used to log on to the computer remotely over the network, or for any other logon activity except at the principal concrete console logon screen.

Disable unnecessary services

After installing Windows XP, you should disable any network services not required for the estimator. In item, you should consider whether your computer needs any IIS Web services. By default, IIS is not installed as function of Windows XP and should merely be installed if its services are specifically required. It is my recommendation that if you don't need them, disable the following services ASAP:

• Telnet
  
• Universal Plug and Play Device Host
  
• IIS (not installed by default)
  
• Netmeeting Remote Desktop Sharing
  
• Remote Desktop Assistance Session Manager
  
• Remote Registry
  
• Routing & Remote Access
  
• SSDP Discovery Service

I besides recommend that the server service and figurer browser be eliminated if you lot are on a stand-alone car connected to the Internet. There is no practical use for them and leave you exposed.

Disable or delete unnecessary accounts

Yous should review the listing of agile accounts (for both users and programs) on the system in the Computer Management snap-in. Disable whatever non-active accounts and delete any accounts which are no longer required.

Brand certain the Guest business relationship is disabled

This setting recommendation only applies to Windows XP Professional computers that vest to a domain, or to computers that do not use the Unproblematic File Sharing model.

On Windows XP Professional systems that are non continued to a domain, users who attempt to log on from across the network will be forced to use the Guest account past default. This change is designed to preclude hackers attempting to access a system across the Internet from logging on by using a local Administrator account that has no password.

Set stronger password policies

To protect users who practice non password-protect their accounts, Windows XP Professional accounts without passwords tin can only be used to log on at the physical computer panel. By default, accounts with bare passwords can no longer be used to log on to the computer remotely over the network, or for whatever other logon activity except at the chief concrete console logon screen. Apply the Local Security Policy snap-in to strengthen the system policies for countersign acceptance. Microsoft suggests that you brand the post-obit changes:

• Set the minimum password length to at least 8 characters
  
• Set a minimum password age appropriate to your network (typically between i and 7 days)
  
• Set up a maximum password age appropriate to your network (typically no more than 42 days)
  
• Set a password history maintenance (using the "Remember passwords" radio button) of at least 6

Gear up account lockout policy

Windows XP includes an account lockout feature that will disable an account after an administrator-specified number of logon failures.

Consider reasonable settings for your environment and retrieve about how secure your environment needs to be. If its also much, and then users will freak out.

Install anti-virus software and updates

One of the nearly important things for protecting systems is to utilize anti-virus software, and ensure that information technology is kept upwardly-to-date. All systems on the Internet, a corporate Intranet, or a dwelling network should have anti-virus software installed.

Keep up-to-date on the latest security updates

The Auto Update feature in Windows XP tin automatically detect and download the latest security fixes from Microsoft. Auto Update can be configured to automatically download fixes in the background then prompt the user to install them once the download is complete. To configure Auto Update, click System in Command Console and select the Automatic Updates tab. Choose the beginning notification setting to download the updates automatically and receive notification when they are ready to be installed.

In Sum,

Now, you should be able to sleep easy at nighttime knowing your XP arrangement is at least in ameliorate security posture than information technology always was… you must go on upwards on your updates though and make sure you virus definitions are too updated. If you do these few things, you volition notice your XP system manner more secure than information technology ever was.

Source: https://techgenix.com/windows_xp_your_definitive_lockdown_guide/

Posted by: labombardtrage1936.blogspot.com

Share this post