Hi All,
This is my first mediocre attempt at a tutorial so please keep the comments civilised.
This is aimed primarily at all the home users out there who have no idea what security is or
how it relates to their computer - yes, you lot, the AO lurkers who never post! :)

This is not a tutorial as much as a guide, bringing together various pieces of information
that i did NOT write.

Anyway, lets get to it :-

I realise a lot of people have very little (technical) experience with computers,
if this is you please find someone to help you if you attempt the following steps.

Step One: Harden your operating system.
Best done from scratch, i.e backup your data and perform a new installation.
For those on 95/98/ME you need to remove MS Network services - "Start" > "Settings" >
"Control Panel" > "Network", remove "Netbeui" and "File and Printer Sharing". If
you are on NTWS or Win2K and would like to go berserk here are some guides:

http://secinf.net/info/nt/hard/hard.html
http://www.systemexperts.com/win2k/HardenWin2K.html
http://www.giac.org/practical/Dean_Farrington_GCNT.doc


Step Two: Install Antivirus software.
You really do need antivirus software, get some, even if you have to go out and buy it.
Install then update to the latest virus definitions. (Update once a week)
Links:
http://www.nai.com
http://www.sophos.com
http://www.symantec.com/
etc, etc... the list is endless


Step Three: Update Windows.
Open Internet Explorer, click on "Tools" > "Windows Update". Install all critical
updates. On subsequent visits (yes, every week) you will need to click on the
"Product Updates" link as it will not load automatically after your first visit.



Step Four: Install a personal firewall.
There a several personal firewalls available, some of the free ones are -

Tiny - www.tinysoftware.com/pwall.php
Sygate - http://www.sygate.com/swat/default.htm
Zone Alarm - http://www.zonelabs.com/

If you would prefer to pay for one try this -
http://www.google.com/search?hl=en&q=personal+%2B+firewall

Get one and install it, don't forget to read the manual, firewalls can be tricky. :confused:



So thats it.

In summary, update virus definitions and check for windows updates at least once a week,
these steps will reduce the chances of shit happening to you.
As in all things, you can go as extreme as you want but this is for those of you who just
want to get on with things, not become a security expert.

Krang

hahah kewl.. nice post, considering we always get newbies askin "where do i start?" so yeah.. hehe next time, ill juz give them the link to your posts..

hey well done ..this is a very good post from a newbie well u should get the
credit for this ... good job done keep up the good work..

intruder...

Question in regards to step one -

remove "Netbeui" and "File and Printer Sharing"

What do these settings affect? Will removing these disable any file sharing software I have installed? (IMESH, etc.)

Netbeui is Microsoft protocol for talking on a network. If you're stand-alone computer, you can disable it or un-installing it. If you're in a network, I suggest you leave it like that. File and Printer Sharing allow you share file and printer. Again, if you're in a stand-alone computer, you can disable it. If you want other people to access your file or printer, you need option install.

Thanks for your reply!

establish your system password might help too.another option is to secure the basic and important files by encrypting them.Just dont do this with a weak encryption program or in a way that may impossibilitate the os to use these files.Anyway i liked your tutorial.Simple but good.The way i like it.keep it up.

As far as firewalls go, users using windows xp with broadband internet can also implement the built in firewall by going to My Network Places -> View network Connections and right-clicking on their network card, going to the "advanced" tab, and checking the checkbox next to the firewall options.

hello??? any one notice that this thread is almost 2 years old? :p :D :p

LOL, no I didn't. Sorry about that, I just saw it on the first page of posts and assumed it was recent. I'll be more careful next time ;).

And still just as relevant ......lol

BTW...did you realise that NT4 is coming up on 9 years old?

Krang

I've just found this thread ? does the fact that it is getting on a bit detract from the fact that it IS still relavent ? I am fairly safe in saying that I have knowledge beyond that given, but we all had to start somewhere !!! for me somewhere was a state of the art 486DX2 66MHz beastie, with a whole 300 MB on the hard drive, and a whopping 16 MB of RAM, running that devil's brew of an OS W3.11 !!!!!!

This tutorial is seriously flawed.

Under the few rare instances you can start from scratch as the author suggests... bring the system current first! Then lock it down. Frequently the bigger updates may change functionality of not only the system but of any third party tools you've added to it.

Plus if you are using AV software it is likely that you will need to disable it to do updates anyhow.

catch

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=219446#post703365) by catch
This tutorial is seriously flawed.

Under the few rare instances you can start from scratch as the author suggests... bring the system current first! Then lock it down. Frequently the bigger updates may change functionality of not only the system but of any third party tools you've added to it.

Plus if you are using AV software it is likely that you will need to disable it to do updates anyhow.

catch

So if you're using the net to bring the system current first, do you just assume you are going to be okay connected to the net while spending a few hours downloading patches.

I suggest your advice is seriously flawed if you are bringing your system current by using the internet.

Also you can download the updates/patches with AV switched on, disconnect from the internet before turning off AV and then update.

Just my 2c

What good is the AV software going to do you while you update your system? Can you not hold out on downloading suspect files for two minutes?

Typically systems will connect to an update proxy, but if we are talking about home systems, it still makes sense to configure after the system is current. If the system is in its default state it will have no sensetive information on it, so confidentiality isn't an issue. Nor is data integrity and system integrity can be checked once the updates are done, no reason defending a file that you are about to replace. So your only real concern is availibility of a system that isn't even considered live yet.

Your risks are minimal and the rapidly changing (and typically rebooting) system will make it exceptionally difficult for an attack as you either have some sort of dhcp dial-up or you have a permanent connection which allows you to filtering incoming connections from outside the computer.

Considering these points and the time you will save as well as the accuracy of your lock down techniques, I stand by my original argument. Which happens to be part of the recommended security guide of every OS I've seen and part of the new system procedure at every company I've worked at.

catch


Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=219446#post703497) by steve.milner


So if you're using the net to bring the system current first, do you just assume you are going to be okay connected to the net while spending a few hours downloading patches.

I suggest your advice is seriously flawed if you are bringing your system current by using the internet.

Also you can download the updates/patches with AV switched on, disconnect from the internet before turning off AV and then update.

Just my 2c

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=219446#post457167) by krang
Hi All,


Step One: Harden your operating system.
Best done from scratch, i.e backup your data and perform a new installation.
For those on 95/98/ME you need to remove MS Network services - "Start" > "Settings" >
"Control Panel" > "Network", remove "Netbeui" and "File and Printer Sharing". If
you are on NTWS or Win2K and would like to go berserk here are some guides:

http://secinf.net/info/nt/hard/hard.html
http://www.systemexperts.com/win2k/HardenWin2K.html
http://www.giac.org/practical/Dean_Farrington_GCNT.doc


Krang

I THINK ITS NOT THAT NECESSARRY BRO....

I THINK THIS IS NOT A TUTORIAL GUYS
THIS MORE ON DETAILED INFO
NAHHHHHHHHH!!!
BUT ANYWAY THANKS FOR THE WEBSITES
AND THE LINKS DUDE !!!
I APPRECIATE IT!!!

As Maddox said:

"Seven sixteenths of one inch. That's the distance you'd have to move your pinky in order to not sound like an idiot."

This tutorial is 2 years old. But thank-you for your input :)

So if you're using the net to bring the system current first, do you just assume you are going to be okay connected to the net while spending a few hours downloading patches.

heres my responce to that