02:53
Muhammad Umair
1. Fake out hackers with a dummy Administrator account
Since the default account in
Windows 2000 is always named
Administrator, an enterprising
hacker can try to break into
your system by attempting to
guess the password on that account. It you never bothered
to put a password on that
account, say your prayers.
Rather than be a sucker to a
hacker, put a password on the
Administrator account it you
haven't done so already. Then
change the name of the
Administrator account. You'll still be able to use the account
under its new name, since
Windows identifies user accounts
by a back-end ID number rather
than the name. Finally, create a
new account named Administrator and disable it. This
should frustrate any would -be
break-ins. You can add new accounts and
change the names of existing
accounts in Windows 2000
through the Local Users and
Groups snap in. Right-click on My
Computer, select Manager, open the Local Users and Groups
subtree, look in the Users folder
and right-click on any name to
rename it. To add a new user,
right-click on the containing
folder and select New User. Finally, to disable an account,
double-click it, check the Account
is disabled box and click OK.
Don't ever delete the original
Administrator account. Some
programs refuse to install
without it and you might have to
log in under that account at
some point to setup such software. The original
Administrator account is
configured with a security ID
that must continue to be
present in the system.
2. Set the Hosts file to read-only to prevent name hijacking.
This one's from (and to a
degree, for) the experts. The
HOSTS file is a text file that all
flavors of Windows use to hold
certain network addresses that
never change. When a network name and address is placed in
HOSTS, the computer uses the
address listed there for that
network name rather than
performing a lookup (which can
take time). Experts edit this file to place their most commonly-
visited sites into it, speeding
things up considerably.
Unfortunately hijackers and
hackers also love to put their
own information into it -
redirecting people from their
favorite sites to places they
don't want to go. One of the most common entries in HOSTS is
local host which is set 1770.0.1.
This refers to the local machine
and if this entry is damaged the
computer can behave very
unpredictably. To prevent HOSTS from being
hijacked, set it to read-only. Go
to the folder %Systemroot
%system32driversetc, right-click
on HOSTS, select Properties
check the Read-Only box and click OK. If you want to add your
own entries to HOSTS, you can
unprotect it before doing so, but
always remember to set it to
read-only after you're done.
3. Turn off unneeded Services Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter, Messenger, Server (If you're running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting), Remote Registry,
Routing and Remote Access (if you're not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host.
A good resource and instruction on which of these services can be disabled go to /http:// www.blkviper.com/WinXP/
4. Disallow changes to IE settings through IE This is another anti hijacker tip.
IE can be set so that any
changes to its settings must be
performed through the Internet
icon in the Control Panel, rather
than through IE's own interface. Some particularly unscrupulous
programs or sites try to tamper
with setting by accessing the
Tools, Options menu in IE. You can
disable this and still make
changes to IE's settings through the Control Panel. Open the Registry and browse to
HKEY_CURRENT_USER
SoftwarePoliciesMicrosoftInternet
ExplorerRestrictions. Create or
edit a new DWORD value named
NoBrowserUptions and set it to 1 (this is a per-user setting). Some
third-party programs such as
Spybot Search And Destroy allow
you to toggle this setting. You can also keep IE from having
other programs rename its
default startup page, another
particularly annoying form of
hijacking. Browse to
HKEY.CURRENT USERSoftwarePolicies
MicrosoftInternet ExploreControl
Panel and add or edit a DWORD,
Homepage and set it to 1. 10. Disable simple File Shares. In Windows XP Professional, the
Simple File Sharing mode is easily
exploited, since it抯 a little too
easy to share out a file across
your LAN (or the NET at large).
To turn it off, go m My Computer, click Tools, Folder
Option and the View tab, and
uncheck Use Simple file sharing
(Recommended). Click OK. When
you do this you can access the
Security tab in the Properties window for all folders; set
permissions for folders; and take
ownership of objects (but not in
XP Home).
Share it with your frnds and Feel Free To Comment.
.
Posted in:
0 comments :
Post a Comment