Reproduction permitted for personal use only. For reprints and reprint permission, contact firstname.lastname@example.org.
Document on Microsoft XP addresses vulnerabilities
We have all seen or heard the security expert stand in front of the seminar audience, hold up his or her laptop and ask, "How can we make this secure?" Responses could include: encrypted files system, better passwords and physical cabling. The expert agrees with all of the suggestions, but replies, "Not good enough. All those suggestions can be bypassed." Finally, he or she unplugs all of the cabling, places the laptop back in the plastic, tapes it up and puts it back into its original box. "Now, your laptop is secure."
A bit of impracticality, but it does prove a point. From the moment you network your computer you are more vulnerable. Unfortunately, in today's home and small-business environment, it is hard to get any work done without a connection to a network. Many PCs purchased come with the operating system preloaded. There may be an occasion when a restore will not work, or, for whatever reasons, one decides to install Windows from scratch. For such occasions, I offer my findings from a recent Windows XP and Windows 2003 install.
With the prevalence of security issues in the news coupled with tales of un-patched operating systems being infected within 39 seconds, I wondered what steps would be needed to ensure a patched, virus/vulnerability-free install, ready for networking. After much research, I came upon an excellent resource, "Windows XP: Surviving the First Day
," by the SANS Institute Internet Storm Center.
The document essentially details the necessary steps to set up XP, without a firewall in place, to get the operating system up to date and more secure. Even the smallest office can afford some sort of firewall. For the home user, relatively inexpensive firewalls are available and should be used as well.
"Windows XP: Surviving the First Day" addresses the vulnerabilities of an un-patched operating system in a very streamlined and effective manner. The document takes the user through the initial install of the OS. The paper has the reader power on the PC without being connected to a network. The guide then has the user proceed through the install, reminding the user of the need for strong passwords.
As the installation proceeds to the networking package, the user is instructed by the document to disable all options in the "local area connection" properties screen. The reader is then advised to disable the "client for Microsoft networking" as well as "file and printer sharing." The guide then recommends the Internet connection firewall be enabled.
Lastly, the reader is told not to activate the copy of Windows, agreeing to do so later. The computer is then connected to the network and Windows Update is run twice. After a successful update and reboot, the user may enable both the "client for Microsoft networks" and "file and printer sharing" as well as register their copy of Windows.
Having done three installs last weekend, I can say the process worked without issue.
"Windows XP: Surviving the First Day," was first published back in November 2003. Many of the threats that existed eight months ago are still with us today, as well as new threats. Microsoft has also gone through several iterations of their security Web site and I have been especially pleased with their technet site
Dan Barker is an Inacom Systems Engineer
. This piece was originally printed in Inacom's newsletter, Interface
The opinions expressed herein or statements made in the above column are solely those of the author, & do not necessarily reflect the views of Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.