hammermtl Posted April 9, 2005 Posted April 9, 2005 I'm trying to find ways to secure my system. I'm currently thinking about doing a fresh install with only the administrator account, installing all my applications and then changing the settings of the administrator account to be only a user account (taking away the admin priviledges). Is this worthwhile? what benifits would i have by doing this?If anyone has any suggestions on how to secure a system please let me knowI've read alot of info from the forums and i've tried using security software and setting the group policy editor but im not really finding anything that makes me feel like my computer is trully secureThanksJosh
Takeshi Posted April 9, 2005 Posted April 9, 2005 The OS needs at least one administrator account.The built-in Administrator account can be disabled if there is another admin account.It can be renamed.
purewaveform Posted April 9, 2005 Posted April 9, 2005 To start, first the only way to make you coputer secure is to never connect to the internet.If you want to lock it down there are a number of things. First you need to weigh in how much microsfit "functionality" are you willing to scrafice. Remember that for a worm to get into your computer you have to have an open port. from prompt run netstat -aon do this when no other programs are running and then mark down all the open ports. Should be like 135, 445, 1025, and maybe a few others. Then just google on each port how to close it and you will find directions on each port, and what keeps it open etc. They should solve almost any problems from worms. As for viruses useually you have to do something to get them. Like open an email etc. I personally use ClamAV, and have it scan on a regualar basis. That should prevent almost all viruses. Also make sure that you email get scanned. I have my own servers so I have all the emails scanned. There are a number of services that I like for that. I recommend mailmop.com THey have a nice service, and will remote pop any number of accounts that you want so you can have all in one email. Also will send confirmations, es a little annoying in the beginning, but you will NEVER get spam! For trojans etc get spybot and do regualr scans. That should take care of the OS infections. Use a firewall to prevent inside access to outsise. I perfer jetico.com their firewall is free, and very powerfull, almost on par with checkpoint. As for OS security, you can very easily use a tool like ntpasswd to disable all accounts except for one that has limmited security. That way not much can be done. Then you just need to prevent people from booting to a floppy etc. You can do that by password protecting the bios, and removing the CD-ROM, and Floppy drives, depending on how extreme you want to be. Preventing from USB isnt too big a problem, just prevent it in the BIOS. AS for people loading stuff, just make a group policy that dictates which are allowed programs, and everything else isn't Now people can run any other programs. Then you get to physical security. Make sure that you can lock the room, be creative, if you dont want someone being able to get into the bios from resetting it, unsolder the jumpers on the motherboard. This was meant to be in fun, but If you want to be specific, then ask one questions and you can get all the clarifications that you want. Have Fun!
hammermtl Posted April 10, 2005 Author Posted April 10, 2005 Thanks for your responsesIn group policy, i set it to restricted and only let ms office and internet explorer work as a test.it works great for everything on the computer but i can still load programs from the net. how can i prevent installing programs from websites? I would think that it would automatically be stopped since i restricted all programs but office and IE.Is there a way to prevent access to folders?And to prevent files from being renamed?I really appreciate all the help you guys are giving me.I consider myself to be very knowledgeble about computers but keep in mind i work in finance I'm very interested in learning the inner workings of the systemJoshwhile playing around i was able to remove all users and turn the computer into a paper weight. The user account was remouved and the administrator account is disabled. I tried doing a ctrl+alt+del to get in but i assures me the admin account is disabled. I always had a feeling this would happen and i know i now it does
inom123 Posted April 10, 2005 Posted April 10, 2005 Have a look at these 2 programswww.computersecuritytool.comand Drop my rights. http://msdn.microsoft.com/library/default....ure11152004.aspboth may help you.
purewaveform Posted April 10, 2005 Posted April 10, 2005 It is pretty easy to secure files and folders. when you right click on the folder, select properties, go to the the security tab, you will see only part of the security list, selct advanced then select a user and select edit, and you will see the complete list of files, in that list is change permission, if that is revoked you cant chagne the name, and then some other controls will control the read access to the folder etc.
what3v3r Posted April 10, 2005 Posted April 10, 2005 keep in mind that some programs need administrative privileges in order to run.
MRGCAV Posted April 10, 2005 Posted April 10, 2005 Hello, I am a computer engineer and security expert. Sorry to tell you but while your idea it secure your computer is good, you are going about it the wrong way.If you need yo use the internet...1. Get a hardware router with a hardware based firewall. Lynksys is a good brand.2. Spoof your IP address. No one will be able to find you when online unless you tell them .3. Use FireFox browser Stop using IE. Use IE only for updates.4. Get all updates for your OS.5. Set all user accounts with a password.6. Create a seperate DATA partition or even better, get a external USB or hot swappable IDE hard drive. Do not store sensitive Data on your, take it with you.7. Encrypt your data. Use Advanced Encode-Decode Tools setup.exe or Folder Security Personal 2.50 setup.exe8. Store your data on a hidden partition.9. Store your data in a obscure foreign language or code before encrypting.10. Maintian several anonomous free email accounts. Hotmail, Gmail etc... Do not download you email. Copy, cut and paste it into MS word instead.11. also use a software based firewall like Zonealarm.I suspect your need is not for financial information but rather for storing some data related to some illegal activity you are involved in.Noone will bother you.MRGCAV@hotmail.com
RyanVM Posted April 10, 2005 Posted April 10, 2005 keep in mind that some programs need administrative privileges in order to run.<{POST_SNAPBACK}>Quoted for truth.
hammermtl Posted April 11, 2005 Author Posted April 11, 2005 @MRGCAVThe illegal data im trying to secure is financial. I used to work at Enron and now I work at your bank.but seriously i have a linksys router and i use symantec client securityAll my prgrams are up to date What do you mean by IP spoofing?Thanks for your advice
purewaveform Posted April 11, 2005 Posted April 11, 2005 Ok, final security way! Go get an Asus Pundit-R. It has built in encryptionHardware Encryption for High Data Security Ever lost your data? Ever had someone use your PC when you are away? An optional X-Wall security function provides the best protection for your data and privacy by encrypting the entire hard drive bit by bit with a NIST certified DES/TDES real-time encryption engine. Once encrypted, only the person with the correct security key can access the hard drive, even if the drive has been removed from your PC.I have one and it works great, but if you lose the little key, then you are screwed because all the data on the machine is useless. Then all you have to do is keey the little key with you, and the machine isnt even bootable.
hammermtl Posted April 11, 2005 Author Posted April 11, 2005 is the key physical or simply a password?When using the computer is the whole drive decrypted or only the sectors in use at the moment?Does it work with RAIDDoes it have any adverse performance effects on either the pagefile or the system in general?Thanksjosh
purewaveform Posted April 12, 2005 Posted April 12, 2005 The key is physical, looks like a usb flash drive, only smaller, about an inch long. And the computers comes with two. I put one in my safety deposit box at the bank. And the whole drive is encrypted, actually the whole IDE channel is encrypted. And I hve not been able to see any adverse affects on the system. Yet I do have two gigs of ram. As for raid, no it doesnt work directly. You also dont have space in the case. There is only one 3.5 inch bay, and one cd-rom bay. So I dont do the raid thing in this system. Only my file server is RAIDED and for that I use jetico server edition, and I dont notice a slowdown on the network using it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now