Windows XP offers wonderful security features and as an administrator
of the network or the computer it’s your responsibility to check the
system’s security from every aspect.
In this article you will
learn that how to implement the security procedures in the Windows XP
Professional environment. There is not a single method, software or
hardware that can protect your computer from internal and external
security threats. Before you determine the security strategy you need to
understand that what the security risks are.
Due to the poor
default settings, Windows XP has some security holes and these holes can
be fixes by implementing the security procedures. Some of the major
security procedures that can be configured and implemented in the
Windows XP Professional are following.
- Use NTFS on all the partitions.
NTFS
provides additional security features so by converting your drives’
file system into NTFS you provide the additional security layer to your
drives.
- Disabling simple file sharing.
Both
Windows XP Home Edition and Professional system that are not a part of
the domain use Network Access model called Simple File Sharing. Set you
by default shared folders to read only.
- 3. Disable guest account.
The guest accounts are always the great holes for the hackers so disable them as soon as you install the operating system.
- 4. Installing antivirus & anti spyware software on all the computers.
Install
up-to-dated antivirus and anti spyware program on all your systems to
prevent them from viruses, spyware, adware and internal and external
threats
- 5. Using security configuration manager.
The
Security Configuration Manager is a set of tools that allows the
network administrators to define the security templates that can be
applied on the single machine or a group of computers via group policy
- 6. Limiting the numbers of unnecessary accounts.
Delete any duplicate accounts, shared accounts, test accounts and general accounts. Use group policies to assign permissions
- 7. Renaming the administrator accounts.
Many
hackers use SID to find the name of the account. Renaming the
administrator’s account will make it difficult for the hackers to make
assault on the system
- 8. Preventing last logged in user name.
When
you use the CTRL-ALT-DEL, a logon dialog box shows the name of the last
user and the last user name can be used in the password guessing
attacks
- Disabling unnecessary services.
An
unnecessary service is another unnecessary hacker’s hole so you can
stop the unnecessary services such as IIS, Remote Registry, Routing and
Remote Access, Net Meeting, SSDP discovery service in the control panel.
- 10. Install and user port scanner.
Ports are interfaces where devices communicate with each other. Scan all the open ports to find out any intrusion attempts
Encrypting the temp folder (where Windows XP Professional’s files are stored) provides an extra security layer
- 12. Disable default shares.
Windows
XP Professional creates hidden administrative shares that are used by
the operating system. These shares can be disabled in the Computer
Management Console
- 13. Enable auditing on the workstations.
Enable
auditing such as Account Logon Events, Logon Events, Object Access,
System Events and Policy change. By these events, you can investigate
any data theft and security related event
- 14. Disable dump file creation.
Dump
file is a good application tool and is used when system or application
crashes and shows blue screen. You can change the dump file settings in
the control panel.
- 15. Disable autorun for the CD ROM.
Turn the auto play feature in the Windows XP off.
- 16. Install latest service packs.
Always update your operating system with the latest service packs.
IP Sec provides the encryption for the network sessions so by using IP Sec your system gets extra security layer.
Other
security procedures includes, limiting the access to resources, booting
system from the primary hard driver. Secure internet explorer settings.
Securing outlook express. disable the services that you don’t use,
regularly update your operating system with latest security patches,
using firewall router that supports the options of ports blocking NAT,
stateful packet inspection and Virtual Private Network, disable the
option of boot from floppy or CD-ROM, enable EFS, use firewall software
or hardware on the gateway computer and on all workstations.
