Need help closing security holes in my Windows XP home system!

I have a two-computer home network system. I only recently learned how to setup a network system, and now I'm concerned about having opened up new portals of access to internet hackers, because of all the configuring I had to do to get this system to work. Here's a list of some of those possible security holes:

  1. My router came with a default MAC address printed on the bottom. Should I change this, if so, to what? (Can you tell I don't know what the heck a MAC address is?)

  1. I had to enable the GUEST ACCOUNT in XP Pro in order to get the printer sharing to work. Can hackers off the net use this now enabled account to access the computer? What about the ADMINISTRATOR account?

  2. The remote computer in my 2-comp network is "supposed" to have its IP masked because the router is a NAT router (with SPI), that supposedly shields all remote computers in the network because it uses what it calls a built in "DHCP" server to assign its own internal IP addresses to the remote computers. If this is so, why then can I go on the net with the remote computer, and any header analysis site will show me my real IP address?!

  1. When programs on my system call out to the net, they are initially blocked by my software firewall (which is an SPI firewall). After a few adjustments to the personal firewall, they have no problem communicating with the net. The router also has an SPI firewall. Why doesn't it block the programs as well? Given that it has never impeded access to or from anything on my system, it acts like it doesn't even exist!

  2. I set the RPC (Remote Procedure Call) service to avoid rebooting in all 3 circumstances, to prevent hackers from rebooting my machine from the net. Will this really prevent reboots, and if so, is there any other way these cyberscum can automatically reboot my computer?

If you have any other important tips on closing security holes to prevent hacker access, don't be shy!

Reply to
Bob Ladbury
Loading thread data ...

I think Bob really needs to read up on routers and networks as from here it seems he doesn't really know anything about them. Why? Cus he asked about the router blocking apps why it doesn't and the software firewall did, to me this says he doesn't really know anything about this stuff and i hope he'll read info on it all to learn it.

Reply to
Joe

I run OE with no problems ever, IE, no problems ever. I don't like it that people always tell you to do that when at least for me I've never had a problem. I do not use OE right now, but have and never had an issue, I also like firefox much better and use it way more then IE. To tell someone to stop using the admin account in windows i say bull shit!! it really ticks me off when people say that cus they are fine. to tell a user like Bob, someone who doesn't seem to know anything really, stop using the win xp user account with admin, that makes it even harder for him and 99.9% of the time he won't ever have a problem running with admin rights. dang, i just freaken hate it when people say don't use windows as the admin, there's nothing wrong with it. again, i never have issues and won't ever run as a limited user, that's just bull crap.

checking for router firmware, lol, if it aint broke dont fix it. most companies, I'll bet none do that often of an update. maybe once every few months is ok and only when having issues. otherwise it's fine.

don't let others use the pc is like telling you lock yerself in yer home and don't go out and dont let people in.

adaware and stuff i guess is ok, but again, i never have to and never have problems. and i have tried them before and guess what. no problems,. it only finds cookies and they are harmless.

the only thing i really agree with you on Leythos is apply all updates to all programs.

anyway im not going to reply again to this thread since you now will reply to me in a rage or fight me, so i don't want conflict, i just got annoyed at you for a lot of stuff you said and i wanted to reply. im sorry, :(

Reply to
Joe

Unless you have forwarded any ports in your router then you won't be exposed to any problems. Go to

formatting link
and run the ShieldsUp! test and see if any ports are visible to the internet, there are other sites that provide the test a quick google will get them.

If you have any questions about ShieldsUp! and your results go to the grc news groups at news.grc.com and post there.

Regards

Bill

Reply to
phoenix

No, leave it alone - the MAC address is a physical code that relates to your unique hardware as in your segment of the network - no other device in your segment should have the same MAC.

This is a big screw-up, you never enable GUEST, NEVER! What you needed to do was setup the same users/passwords on both machines - so that if you have user s,d,f,g on machine one you have user s,d,f,g with the EXACT SAME PASSWORDs on machine 2,3,4,5,6....

NAT only blocks unsolicited INBOUND access, it does not stop your browser from running a script that can report back to a web site that you visited what your real, internal, IP address is. What you need to do is visit one of the network scanner sites that will scan all 65535 ports on your public IP to see if you have any holes.

Using IE to browse the Internet in a default config, with GUEST enable, or even using an Administrator level account, is asking for your machine to be compromised. Visit the Windows site and seek out the info on how to secure IE, high-security mode. You could also start using Fire Fox as your browser, it's not anywhere near as exploited as IE is.

The router is just a router, it's basic function is to ROUTE TRAFFIC ONLY. If you choose to make a outbound connection the ROUTER will let ANY traffic out to where it wants to go, that's how routing works. As for inbound traffic, since the router doesn't see an internal machine requesting the communication, it blocks those unsolicited inbound sessions, there is no path back for them.

As for outbound, since a router is not a firewall, there is no real outbound blocking.

Your computer has a lot of ways it can be compromised, RPC is insignificant once you're not live on the internet.

Stop running Internet Explorer Stop using Outlook Express / Outlook Stop browsing questionable sites Stop sharing files with anything outside your internal network Stop file sharing programs Stop loading browser helper tools - not even google/yahoo bars Stop using the Administrator level account unless making system changes Stop using GUEST Apply ALL Windows Updates Apply ALL MS Office Updates (if you have OE/MS Office) Apply ALL Antivirus updates, run the update daily Use a quality Antivirus program Install AdAwareSE and SpyBot Search & Destroy and run them Use FireFox and ThunderBird for Browsing and Email Stop/Don't forward ports through the router to your internal network Don't let others use your computer Check for router firmware updates once a month

Reply to
Leythos

Joe wrote: "to tell a user like Bob, someone who doesn't seem to know anything really, stop using the win xp user account with admin, that makes it even harder for him and 99.9% of the time he won't ever have a problem running "

Look you ignorant moron, I've been using computers for nearly 25 years, back when DOS was in version 3, and you were sucking on your mother's teet, no doubt. So it's more than a little insulting when you write that I don't know anything about computers, simply because I'm new to home networking and have questions about it. I thought the whole point of newsgroups was to inform and be informed. I have already done a LOT of research on routers and security in the last few weeks, and they haven't answered my questions. So you insulted me a second time. Furthemore, your ignorant replies about how IE and OE are "just fine" and not security issues, which goes against the entire world's opinion (including Bill Gates), puts you in the category of a complete dufus who "doesn't know anything about anything, really". Why you think anyone is going to listen to you babble about computer security here is beyond me. As to your other remarks about "hating" advice on using Admin rights, you have serious mental issues. Deal with them. You already said you were staying out of this thread. I'll go you one better and suggest you stay away from this group. Or computers, in general.

Reply to
rladbury

Leythos:

Thanks for your input. I found your response to be helpful. Could use some clarification though...

"This is a big screw-up, you never enable GUEST, NEVER! What you needed to do was setup the same users/passwords on both machines - so that if you

have user s,d,f,g on machine one you have user s,d,f,g with the EXACT SAME PASSWORDs on machine 2,3,4,5,6.... "

Sorry! I had to enable GUEST account because even though I had set up an account with the same user name/password, seems I couldn't get it to print unless GUEST was enabled as well. I'll have to double check, but I'm 90% sure of this. "Phoenix" above said so long as all my little boxes are green in ShieldsUp test, "I won't have problems". So who's right here? Can hacker's get past my router and access my GUEST account? (BTW, I stopped putting much weight in the ShieldsUp test, after I proudly displayed a screen full of green boxes, and hackers managed to hack into my system despite it).

"Using IE to browse the Internet in a default config, with GUEST enable, or even using an Administrator level account, is asking for your machine to be compromised. Visit the Windows site and seek out the info on how to secure IE, high-security mode. You could also start using Fire Fox as your browser, it's not anywhere near as exploited as IE is."

Sorry, but I don't use IE (or OE) and never did, unless a site won't work in Opera or Firefox. And even if I have to use IE, I use Avant. But this is precisely why I posted this message, because I'm not sure what default configs on my system need to be changed. I don't find it very practical to have to keep changing accounts every time I want to use one app or another (ie. log into one account surf the net, log into another account to write letters, etc) But if I do set up a limited account and do my work from there, and use the Administrator when I want to install programs, does this really mean a trojan can't run or that a hacker can't hack into my administrator account, simply because I'm using a limited account to surf the net?

"Your computer has a lot of ways it can be compromised, RPC is insignificant once you're not live on the internet."

Although I'm quite aware there are security issues with being both online and offline, RPC is VERY significant to me, since that is what hackers have used to reboot my system and activate trojans or whatever else they can do once the system reboots. My question was, does my playing around with the properties in the RPC service prevent it from rebooting, and are there other means they can reboot the computer when I'm online?

Reply to
rladbury

Trust me, I'm doing him a favor. If he doesn't learn now, how's he ever going to learn when he finally turns 16 and needs to get a job somewhere?

Reply to
rladbury

Well, I didn't TELL him what to do, he ASKED for options to make his entire experience more secure.

If you really think that using the Admin level account don't expose the user to a higher level of risk all the time, and that it's fine to run as a Admin level account, then you really don't understand security for the masses of ignorant users. It's a simple fact that running as an Administrator level account user is the easiest way to compromise your computer while browsing or reading email. You can "freaken hate it", but the fact is that few people have problems running as a Limited User account type as there are only a couple commercial apps that don't comply with basic security.

To make a blanket statement that there is nothing wrong with running as an Admin is to be completely ignorant of the different threats, to ignore what MS suggests, and to ignore what all the security people around the world suggest, and to put users that listen to you into a vulnerable situation.

Now, as an example, I run as a local admin on all of my Windows computers, but I also have a real firewall appliance, filter HTTP sessions to remove malicious content, use Outlook with Exchange, but also remove all malicious scripts and attachments from email before it reaches the mail server, and I also have quality AV software on my machine. I'm also a security expert, so I know what to look for, don't run crap/P2P apps, don't visit questionable web sites, don't open/review questionable email, don't really do anything to put myself in harms way - the same can not be said for the general public.

If you don't check how do you know if it's broke or not - They don't produce firmware to change the colors of the interface, they produce new firmware to fix issues in the old version. While a router with 5 year old firmware may appear to be working fine, there may be an exploit or some other vulnerability that you are unaware of in your blissfully ignorant state.

No it's not, a limited use account that's been locked down is fine, but more times than not, a guest (not guest account) using a computer will compromise your machine since they don't have as much concern about it as the owner would.

Again, we're talking about the masses, and those products are very good at determining if you are clean and in helping one stay clean. Not all cookies are harmless.

If you don't care to learn from your mistake then you don't have to reply, but it's obvious that either you don't understand threats in the real world or that your trying to help people compromise their machines.

Don't forget, the OP asked for advise, it was not posted without being asked. While you may not care about security of systems many others do, and there is nothing wrong with what I posted. Even MS, for several month, recommended that users stop using IE 6.

I don't post to fight, just to state facts, you might try learning about security.

Reply to
Leythos

I'm far from 16 and been using computers for 10 years dude. Take care.

Reply to
Joe

Geez, I hope I don't get on your bad side :)

Reply to
Leythos

Do you have SIMPLE FILE/PRINT SHARING enabled? If so, disable it. This will give you normal network sharing ability.

I setup workgroups all the time, make sure they are all the same workgroup name, make sure that you have the SP2 firewall disabled as it's not doing you any good behind the router, disable simple file sharing, disable GUEST, and make sure that all computers have the same set of User Names and that each of those has matching passwords on each computer.

Now, share a printer on computer 1, give permission for Everyone to have full access and permission (so they can delete their own documents remotely if needed). Now open Network Neighborhood from computer 2, browse to computer 1, open the printers folder, see the printer you shared, right click and select CONNECT, it should install the shared printer on computer #2 without any problem. As you browser from Computer 2 to Computer 1 it should not ask you for a user/password if you have them matching between computers.

Since you're on a router, unless you ask for a conversation, the hacker can't invite themselves into your computer. Now, there are other means they can get in, such as using an insecure browser of any type and visiting a site with malicious code - there was an exploit for Linksys routers that when a user clicked on a web link a script would run and reset the router and password and allow the hacker to have control of the router - for users that didn't have a default IP Subnet and used a non-default password this didn't work.

Scanning your network, even using ShieldsUp, is a good thing, it will tell you if you've got any gaping holes in your router.

The real threat is what you do from your computer on the Internet, meaning email, browsing, FTP, https, etc... Anytime you leave your local network you risk running something on your local computer that can compromise your security - that's why MS has a clear method to secure IE, even if it breaks most websites.

Just consider the router as a 1 way filter, it only blocks inbound connections from external users that your computers have not contacted - now, this doesn't mean you always know when your computers are contacting external users.

If you have a compatible router you can download WallWatcher and monitor your real-time in/out bound traffic, remember to download the program and it's second set of files (libraries).

formatting link

I have a mother in-law, before I could setup her computer (Windows XP) she and her son (40) put it online directly on the net, it was compromised in less than an hour and I was out of two for two weeks at the time. When I came back there were dialers, spyware, trojans, worms, and even a couple viruses - it was the spyware and dialers (she was on cable) that bothered me - luckily she didn't connect a phone line to the modem. I wiped her machine, setup the Administrator account and her account as Admins, installed all her apps, setup everything, got it all working and then set her login to limited. She can run everything except QuickBooks and play online games using IE at POGO.COM. All of the MS Office suite, once it was initialized as Admin level works fine as a limited account, as do all of her apps and such. I installed FireFox and Thunderbird for her browser/email and she's been online for more than 6 months without any problems. Oh, almost forgot, I also bought her a Linksys router BEFSR41 and set it for 192.168.10.0/24, she's behind it. Between the router with NAT and the user account limitations (and I forgot that I remove file/printer sharing as she only has one computer) she's not had any problem. She logs on as Admin to run QB and play POGO, but she's religious about not going anywhere else while on Admin. She even setup her granddaughter as a limited account and the GD didn't even notice.

Once a user compromises your system they can reboot it by issuing a command or my just using your own interface (screen) to reboot it, RPC does not stop them.

As a side note, I've been working with, coding, designing, etc... computer systems since the 70's and I've never personally had a compromised computer under my control and none of our clients have either, but I'm very strict on security and use quality firewall appliances and I know how to limit exposure while not impeding the ability to do work.

Reply to
Leythos

Ack, that's twice today I've missed an OP stating they were using XP Home. I apologize for the error. Since we don't use Home Edition I can't be of any help with it, sorry.

Reply to
Leythos

Yea, with OEM XP Prof being about $140, I can't understand anyone really using home edition, but since Home OEM is $99 I guess I can see where some people would want to keep the $40 for memory or a couple sacks of White Castles :)

Reply to
Leythos

I wasn't trying to be mean but you sounded in your first message like you didn't really know much at all, so don't blame me for anything. It's not my fault that you took my message so bad as you did.

i am sorry.

Reply to
Joe

Again, thanks for your considered responses. A correction is necessary: I do not have XP Home. Both of my computers have XP Pro. The reference to Home in the title was in relation to home networking, not the OS. I mention this because your instructions about disabling the guest account still doesn't work for me. The error I get when I search for the printer in a command box from Comp 2 (\\\\PRINTER) is this:

"Login failure. User account restriction."

This error goes away just as soon as I enable the GUEST account on Comp

  1. (The GUEST account on COMP 2 doesn't matter whether its enabled or disabled). This is what I have done to try to set up my printer sharing system to work with the GUEST account disabled:

I disabled simple file print sharing. I created accounts on Comp 2 with the same user name / passwords as those on Comp 1. They all have Admin rights. Comp 1 & 2 both have the same workgroup name. SP2 PFW is Disabled. Printer hooked to Comp 1 is set up to be shared, with access to Everyone. (There is no CONNECT command when I right click the printer, though).

Now are you absolutely certain that printer sharing works under XP Pro with the GUEST account disabled? If so, how do I tell it to access the printer from another account, and to stop identfying the printer with the GUEST account (ie. \\\\PRINTER\\Guest)?

Reply to
rladbury

Just one problem: One of his PC's is XP Home. You cannot disable simple file sharing under XP home. For a lot of passthrough stuff like printing and share access the Guest account does need to be enabled. This doesn't apply to XP Pro, W2K or NT4 - Just Home. E.

Reply to
E.

No need to apologize, we all do it ;-)

I sincerely wish you never have the displeasure of working on XP Home, or have to deal with business clients that bought Home instead of Pro to save themselves a measly $80-odd bucks on a system. E.

Reply to
E.

Yes, I'm 120% sure it works, as I do it in several clients locations and in my home with my laptops.

The proper method is to open Network Neighborhood, open ENTIRE NETWORK, Open the workgroup, find the computer that you want to use the printer on, double click on the computer, select the PRINTERS folder and double click it, you should see the "shared" printer, right click and CONNECT or INSTALL.

If you got a network error anywhere along the path to the printer you didn't have your network setup properly or the User/Pwd on both computers is not the same.

Reply to
Leythos

NETWORK,

printer on,

computers

After racking my brains on this for a couple of hours, I finally solved it! Of course, I had to get over the first hurdle of why I didn't have a "CONNECT" function on my printer's right-click menu. Not to mention an "ENTIRE NETWORK" icon. (The convoluted solution to that problem was to open up Network Places in Explorer, and press "F5" to bring up "ENTIRE NETWORK").

The main problem I was having with being unable to connect my printers without enabling the Guest account, was due to the fact that contrary to your experiences and to what I recall you saying to me, the Guest account IS necessary for file & printer sharing (according to Microsoft). Which is why it wouldn't work every time I disabled it. It's necessary under the "simple printer sharing" scheme. Thing is, I had disabled simple file & printer sharing on both machines, as per your advice, but it still didn't work. This turns out to be because on the main computer, although the feature was unchecked, I didn't click on "Apply to all folders". Apparently, just unchecking it is too simple for Microsoft. Why this important function is only found in "folder options" and not under a network component is beyond me, though...

I forgot to ask why you are against the idea of Windows updates? I've been religious about staying far away from Microsoft's site and Windows Updates, up until today, when I finally decided to enable the updates. Every security site and computer enthusiast site mentions the importance of windows updates patches. The logic is simple: there are parts of the OS that are exploited, the (security-related) patches are designed to plug up 'some' of these holes. NO piece of 3rd party software can do what all these patches can do, for numerous reasons. At best, they might use workarounds, if such a thing is possible.

But as you know, there are two different areas of computer security: exterior and interior. You can try to stop some attacks from going through the wall, but others are going to get in sooner or later (unless maybe you just use the net to visit Barney the Dinosaur's web site, and you hope Barney's site hasn't been taken over by hackers. Or that an OS exploit hasn't blasted your connection while you were visiting Barney's site). After the firewall router and 3rd party security software, the windows update patches protect the interior against some security issues. (That's the theory anyway). What evidence do you have that these updates are not helpful? (I need intelligent opinions from both sides before I decide whether I will continue with the updates).

Reply to
rladbury

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.