Thursday, November 04, 2004

Configuring a Microsoft Windows Machine for secure internet access

Having done this a few times recently and produced a list, I thought I'd share some of the essentials with you.


  • This refers to a stand alone machine but most of it is transferable to a networked machine.

  • Alot of this requires an internet connection at all stages so if you don't have another machine with an internet connection handy then make notes from this list and do all of your downloading from somewhere secure.

  • The best source for information on configuring Windows is the Black Viper website. One of the unsung heros of the internet, this guy constantly updates his site with a stream of information regarding Windows Services and machine configuration.
    If you're ever unsure about what a service does, or how to configure it come here. He advocates turning off many services, in addition this makes your machine faster by releasing memory. Some services most people can do without are Remote registry
    (allows Mr Hacker to change your registry settings) and Secondary Logon (allows multiple logons at the same time on the same machine).
    In any case here are my contributions to Windows OS configuration.

First we need to configure the machine so it is resistant to attack. So after installing Windows and your apps and before connecting to the internet.

  1. Turn off terminal services.
  2. - unless you really need it. (This turns off fast user switching for logon but who wants that?)
  3. Turn off shared folders.
  4. - unless you really need it.
  5. Disable remote assistance.
  6. - unless you really need it. Remember, you can always turn this stuff on at a later point.
  7. Set the RPC Service to restart the service not the computer on failure.
  8. - personal bugbear. The hacker needs to do two things to get control of your machine.
    One, get the code on your machine. Two, get it to execute.
    A favourite method is to set up the Trojan so it is run when your machine starts and then restart your machine by breaking the RPC service.
    If you've ever been the victim of one of these attacks you'll know how frustrated it leaves you feeling.
    The machine reboots and often the Trojan is backed up in the system restore folder and runs merrily away from there screwing with your machine, life and sanity.
    For just that reason, some more extreme persons including the Black Viper
    suggest disabling system restore and only turning it back on whenever you install or update programs and drivers but for the rest of us just resetting RPC to restart the service and not the machine is probably safer.

  1. Install an anti-virus program. I use AVG antivirus (personal edition is free on registration) - professional, effective resident anti-virus app for free!
  2. Install WinPatrol - Windows Task Monitoring Utility that protects your machine from nasty trojans, worms and hijacks, also has good help and support.
  3. Either turn on the Microsoft Windows Firewall (only available with Win XP Service Pack 2) or install Sygate Personal Firewall - Never connect to the internet without a firewall, not even for a second without your machine being professionally locked down and secured as you will be attacked.
  4. Ensure File and Printer Sharing is disabled on your internet connection unless you mean to use it and configure your system to control access.

After connecting to the internet and before doing any surfing other than to visit recognised vendor update sites Microsoft, AVG etc.

  1. Get the latest patches from Microsoft and install them.

  2. Ensure windows update is turned on.

  3. Update your antivirus software with the latest virus definition file and run a complete test.

  4. Install and run MBSA Microsoft Baseline Security Analyzer - follow the recommendations.

  5. IISLockdown. If you must have IIS running then run the IISLockdown App

  6. Run the Security Tests from Sygate Personal Firewall or go to and run them from there
  7. - this will show up any obvious vulnerabilities
  8. Get an anti-spyware utility. I use Ad-Aware SE Personal.
  9. Get the latest reference file and run it. This utulity needs to be run regularly to ensure any level of privacy. Seriously.

Malware Glossary

  • Virus
  • - A self-replicating program that spreads by inserting copies of itself into other executable code or documents.
  • Trojan
  • - A harmful piece of software that is disguised as legitimate software.
  • Worm
  • - A type of virus that propagates itself using inter machine communication, usually the internet.
  • Spyware
  • - Software that gathers information about a computer user and then transmits this information to an external entity without the knowledge or informed consent of the user.
  • Application Hijack
  • - Software that usually affects Internet Explorer or another browser and changes its default settings to constantly access a webpage or pages usually of dubious content.

Look at Bruce Schneiders Security Blog for further suggestions.

No comments: