Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #17 - Windows XP & Vista Security

Published: 2007-10-17
Last Updated: 2007-10-17 14:50:14 UTC
by Mari Nichols (Version: 1)
0 comment(s)

[welcome our new handler, Mari Kirby Nichols! JBU]

One of the first ways to start a security discussion is with physical security.  Yes, I know this is a technical forum, but really, is the system secure physically?  Make sure the location can be secured.  Utilize some type of locking mechanism to keep the machine safe.  This may be a cable lock for a laptop computer or a lock on the CPU case.  This is a pretty basic rule, but surprisingly many people forget this essential component of cyber security.  One of the ways to increase your information security effort is to combine your program with the physical security department.  Have you met with them and pooled your resources?  Are you able to obtain audit logs of physical access as easily as you are able to pull up an event log? 

Second, remember to configure the administrator password.  Most likely the system will come with no administrator password, or a default password common to many systems.  Before you go ahead, think about a good password.  A good password is long and uses a diverse set of characters, numbers and special characters (~!@#$%^&*()_).  One approach to a good password is a pass-phrase.  A pass-phrase is a short, easy to remember sentence. No worries, it’s easy.  Just think of a phrase that is on your mind like: 

No hurricanes for Norfolk!
Your password could be:   (Nh4ORF!)
See, the first N is capitalized, lower case h for hurricanes, a numeral 4 = “for”, ORF is the airport code for Norfolk and a special character exclamation mark.

Here are some other ideas I like:

Use a food or product they like then modify it.  Like Roast Beef
Your password would be:  (R0@s1b33f)

Use a thing, like a USB Device
Your password would be:  usbdevice (uSBd3^1ce)

It’s easy to come up with a complex though easy to remember pass phrase. If you need help remembering your password, just write down a word (hint) that reminds you of the phrase, NOT the password.  Next, don’t forget to write down your administrator password and keep it in a safe place (for example a safe, safety deposit box or store it in a sealed envelope with a friend or relative).  It makes sense to keep one copy of the password in your safe and another copy off site.

While we on the subject of the administrator account, let’s discuss the idea of having two accounts.  While you may need an administrator account to accomplish loading software and making updates, do you really need administrator access to write e-mail and surf?  No.  So make yourself a regular account without administrator access and use it as your “normal day-to-day” account.  Only use your administrator account to accomplish administrative duties. 

Well, now that I have droned on about pass phrases and administrative accounts, let's get on to XP Vista specific tips.  We would like to hear from you warriors out there in MS land, especially for Vista.  E-mail your tips here and we will keep posting them here all day.
 


XP Tips from one of our Canadian readers:

-install latest patches, and enable Windows Update
-disable file and print sharing, disable DCOM
-turn off several Windows services
-use autoruns and msconfig to disable more stuff
-disable extension hiding and file sharing in Explorer
-secure IE, then install and use Firefox & noscript plugin
-install a firewall (PCTools Firewall Plus, or Comodo)
-install antivirus, antispyware, and Security Task Manager
-install a new hosts file (MVPS, accs-net, yoyo) to block ads and malicious sites
-create and always use an unprivileged account
-if my kids will be using the computer, then I use Microsoft's SRP (Software Restriction Policies)

Vista Tip from Boris:

  • Don't turn off UAC (User Access Control).  It's annoying sure, but isn't your data and your machine worth that little bit of hassle.

Keywords:
0 comment(s)
Diary Archives