Got tw33x? If yours is big, phat and hard(core) then mail it into phr33xtw33x@atomicmpc.com.au for a proper going over. We'll whip it into shape and display it in all its gory glory here. Simon Peppercorn, aka Phr33x, leads the charge by tweaking Windows Security where it hurts. . .
Tweak0ring your Windows Security - part 1
Windows 2000 and XP, in their default states, are not terribly secure. There are a bunch of things wannabe hackers can do to access your precious mpegs and jpegs and other stuff you would rather keep hidden, particularly at the leech fests that are often called LANs.
Here are a number of tweaks and adjustments you can perform to lock down your system from all but the most gifted hackers. Many of these require that you use NTFS partitions, instead of FAT32, as NTFS provides controls and security features that are not available with FAT32.
If not authenticated to a domain, Windows XP Professional uses 'simple file sharing'. This means that network requests that rely on RPC (Remote Procedure Call), such as file and print access, remote registry access and remote management, can all take place through the Guest account. As such, Microsoft would rather you didn't disable it, even though that account, combined with 'simple file sharing' is a security risk. It can allow unprotected access to any of your shared resources, such as folders, printers, etc.
Just disabling the Guest account is no good, as Simple File Sharing explicitly depends on that account. Without it, you will run into some serious network problems. So we need to tell Windows not to use 'simple file sharing' at all, and instead, force all network requests through authenticated user accounts. Do this by going to the 'Tools' menu in Windows Explorer and selecting 'Folder Options', then 'View' and 'Advanced Settings' then clear the tick box for 'Simple File Sharing'. Simple, hey?
Just removing it from the 'User Accounts' folder in Control Panel only removes it from the login page, but leaves it available for network shares. So if you decide you want to disable it properly, you should do it under Control Panel / Administrative Tools / Computer Management in the Users folder, under Local Users and Groups. Double click on the Guest object and check the box to disable it.
The Administrator account is an obvious target for hackers. With Administrator privileges, they have full access to anything they want and can do anything they please. As the account name is already known, it's just a matter of finding the password. This can often be achieved with a simple brute force attack, and numerous tools exist to do this, even for more complex passwords. You can make life miserable for hackers by either just renaming the Administrator account to something only you will remember, or better still, piss them off completely and create a dummy Administrator account, then give it no privileges. Oh, enable auditing, so you can see what the buggers are up to.
Be careful though. Before you take administrator rights away from the Administrator account, make sure you assign such a role to another account, or you will be scratching for that Windows installation CD quicker than you can say 'frucking Phr33x!' It is very easy to lock yourself out of your own system. Believe me, I've been there.
The NET SHARE command, entered from a command prompt, will show you all of your shared folders. 'But I dun have any folders shared' you cry. Wrong. Windows 2000/XP create a couple of administrative shares for various default user groups. These shares are generally named C$, D$, E$ (depending on your various drive assignments) etc. for Administrators, Backup Operators, and so on. There is also ADMIN$, which is used during remote administration and usually the 'Windows' or 'WINNT' folders. Also, you will probably find IPC$, FAX$ and NetLogon. Others can misuse these shares, so you might want to disable them. Do this in the Registry at HKeyLocalmachine/SYSTEM/CurrentControlSet/Services/LanManServer/Parameters. For Windows 2000 Professional or XP Home/Professional, give the AutoShareWks a REG_DWORD value of 0. If you are running Windows 2000 Server, then set the value for AutoShareServer to 0.
You may discover that some applications depend on these shares, particularly in the case of Windows 200 Server. If you experience problems, you will need to change them back again.
Microsoft, in its wisdom, turns on a number of services by default. Some of the services have the potential to make your PC an easy target for l337 haX0r's. If you don't actually use them, turn them off. The following services:* Netmeeting Remote Desktop Sharing;* Remote Desktop Help Session Manager;* Remote Registry;* Routing and Remote Access;* SSDP Discovery Service;* Universal Plug and Play Host; and* Telnetall open handy little doors into your system for possible misuse. This list also includes IIS, although it isn't installed by default. Unless you specifically need IIS, don't install it.
For Registry n00bs
The Registry is basically a database which Windows relies on for all its settings and information on your software, hardware, system preferences and anything else Windows needs to know to make it work.
Remember to treat the registry with respect. It is very easy to render your system inoperable if you mess around with settings you are unsure of. If you haven't ventured in there before, don't be scared -- go and have a peek, but don't delete bits that look like they don't mean anything, or change anything you aren't familiar with. Go to START / Run and type regedit into the dialog box, and browse away. You can't hurt it just by looking at it.
If you wanna become intimate with your registry, have a look at www.winguides.com/registry for a huge range of registry hacks, as well as a registry tutorial.
It is advised that before you make any changes you export any keys you edit to a file by right clicking on the key and selecting export. At least then if your tweaking goes awry, you have a chance to restore things to their pre-fiddled state.
Issue: 137 | June, 2012