PDA

View Full Version : General security and efficiency with WinXP Pro



ISAWHIM
08-12-2008, 21:45
Ok, I recently picked-up another computer. Default with WinXP Pro, used as a server/workstation. I believe I have secured most of what I can remember, but a second sight is always welcome. (When you look at something long enough, you tend to overlook some things.)

This setup was an OEM install, with SP3 updates, and extended to include MSIE 7.
I have disabled most of the "Default Auto/Manual" services which are not needed, and will not be needed. This closed all open TCP and UDP ports, that are normally open and listening. (These are where most viruses and unauthorized hacks enter.)

Open ports = 0 (Netstat -an) or TcpView confirmed.

The 40GB hard drive has been partitioned into 4x 10GB sections. (I will be developing on this, and browsing the net, so I need some play space.)

Partition 1 is for Windows XP Pro, and normal installed programs.
Partition 2 has a 2GB-4GB swap-file, and all temp-paths have been directed there through the registry. (D:\%USERNAME%\TEMP) For example.
Partition 3 will be dedicated for my development environment of the Client/Server/DataBase.
Partition 4 is dedicated as the back-up and archives. Heavily compressed, and non-critical at the moment.

The swap-file is on a second drive, due to the traffic and notorious slow-downs related to resizing around fragmented system files and temp-net files. This is also the reason I made it so large, as I expect to use a good chunk of it for the developing server program.

Exterior USB-2 drive 40GB, has the entire system mirrored. (This is for quick restore purposes, where "Windows Restore" is completely useless.)

CD drive is a hot-swap, which will eventually house a second 40GB hard drive for extended development, and for developed running programs. (The "Live-Public" server.)

I will list all installed services, and the states, if you think that may be of importance to any observation related to security. (Any other pertinent info will also be listed.)

Just keep in mind... This will NOT be using a commercial server, for communication. This setup will not use the crippling IIS, or the Web-Specific Apache. The server-type, will be game/data specific, and not require such bloated and slow connections that MS attempts to offer for use. On that same respect, it will not offer the highly bloated and system-complex offerings that Apache offers. It's for a game, so it needs speed, an little thinking. Security beyond exploited services, can be handled after the fact, and are not as critical.

Thank-you, Jason D

Petr Schreiber
08-12-2008, 22:47
Hi Jason,

congrats on new PC, is this related to your Z-FATE game networking project?
Is SP3 okay?

Thanks,
Petr

ISAWHIM
08-12-2008, 23:06
List of services, and states.

Name, Status, Startup Type
Alerter, Off, Disabled
Application Layer Gateway Service, Off, Disabled
Application Management, Off, Manual
Automatic Updates, Off, Disabled
Background Intelligent Transfer Service, Off, Manual
ClipBook, Off, Disabled
COM+ Event System, Started, Manual
COM+ System Application, Off, Manual
Computer Browser, Off, Disabled
Cryptographic Services, Started, Automatic
DCOM Server Process Launcher, Off, Disabled
DHCP Client, Started, Automatic
Distributed Link Tracking Client, Off, Disabled
Distributed Transaction Coordinator, Off, Disabled
DNS Client, Started, Automatic
Error Reporting Service, Started, Automatic
Event Log, Started, Automatic
Extensible Authentication Protocol Service, Off, Manual
Fast User Switching Compatibility, Off, Disabled
Google Updater Service, Off, Manual
Health Key and Certificate Management Service, Off, Manual
Help and Support, Off, Disabled
HID Input Service, Started, Automatic
HTTP SSL, Off, Manual
IMAPI CD-Burning COM Service, Off, Manual
Indexing Service, Off, Disabled
IPSEC Services, Off, Disabled
Logical Disk Manager, Started, Automatic
Logical Disk Manager Administrative Service, Off, Manual
Messenger, Off, Disabled
MS Software Shadow Copy Provider, Off, Manual
Net Logon, Off, Disabled
NetMeeting Remote Desktop Sharing, Off, Disabled
Network Access Protection Agent, Off, Manual
Network Connections, Started, Manual
Network DDE, Off, Disabled
Network DDE DSDM, Off, Disabled
Network Location Awareness (NLA), Off, Disabled
Network Provisioning Service, Off, Manual
NT LM Security Support Provider, Off, Manual
Performance Logs and Alerts, Off, Manual
Plug and Play, Started, Automatic
Portable Media Serial Number Service, Off, Disabled
Print Spooler, Off, Disabled
Protected Storage, Started, Automatic
QoS RSVP, Off, Manual
Remote Access Auto Connection Manager, Off, Disabled
Remote Access Connection Manager, Started, Manual
Remote Desktop Help Session Manager, Off, Disabled
Remote Procedure Call (RPC), Started, Automatic
Remote Procedure Call (RPC) Locator, Off, Manual
Remote Registry, Off, Disabled
Removable Storage, Off, Manual
Routing and Remote Access, Off, Disabled
Secondary Logon, Off, Disabled
Security Accounts Manager, Started, Automatic
Security Center, Started, Automatic
Shell Hardware Detection, Started, Automatic
Smart Card, Off, Disabled
SSDP Discovery Service, Off, Disabled
System Event Notification, Started, Automatic
System Restore Service, Off, Automatic
Task Scheduler, Started, Automatic
TCP/IP NetBIOS Helper, Off, Disabled
Telephony, Started, Manual
Telnet, Off, Disabled
Terminal Services, Off, Disabled
Themes, Started, Automatic
Uninterruptible Power Supply, Off, Disabled
Universal Plug and Play Device Host, Off, Disabled
Volume Shadow Copy, Off, Manual
WebClient, Started, Automatic
Windows Audio, Started, Automatic
Windows Firewall/Internet Connection Sharing (ICS), Started, Automatic
Windows Image Acquisition (WIA), Off, Manual
Windows Installer, Off, Manual
Windows Management Instrumentation, Started, Automatic
Windows Management Instrumentation Driver Extensions, Off, Manual
Windows Time, Off, Disabled
Wired AutoConfig, Off, Manual
Wireless Zero Configuration, Started, Automatic
WMI Performance Adapter, Off, Manual
Workstation, Off, Disabled

NOTES:
- DCOM over TCP/IP disabled in REGISTRY
- LMHOST lookup disabled in TCP/IP settings
- NetBEUI disabled in REGISTRY and TCP/IP settings
- NetBT disabled in REGISTRY and TCP/IP settings
- File and Printer Share removed and disabled
- File Indexing removed
- Guest account passworded, limited, and disabled.
- Admin account passworded.
- User accounts passworded and limited
- Logging of "Success" events removed.
- Admin selection turned on for the login screen.
- Restore service killed.

All "Remote" programs and services disabled and blocked
- Terminal
- Server
- Fast User Switching
- Remote user
- Remote help
- Remote registry
- Remote assistance
- Multiple users

I can't think of anything else, off the top of my head.

ISAWHIM
08-12-2008, 23:17
LOL, I used Z-Fate as an excuse to get another computer. (The other computer was not "Mine", so this was a requirement for self destruction.)

I am developing things related to Z-Fate on it, and CWAD. (I have extended my programming into Lcc-Win32 C, for part of this.)

The family got tired of me "Experimenting" and attempting to "Limit" the other computer. They used a few of those services that I needed off. Damn I-Pods and chats require some of them. (Yummy, volunteer spyware and exposure, for disposable novelty!) Not to mention, that the other computer is about 1/2 the speed of this, as it is a laptop, which self-regulates itself, depending on internal heat and various other things.

The next one I get, will be dual-boot, for developing and for personal use. This one will eventually be the front-end server, paired with a back-end server, and the development/personal computer. (Adding another network card to the front-end, and moving the switch between the front-end and the other computers.)

SP3 is fine, in a native OEM install. It re-opens a lot of damn ports again, that were originally closed. (I guess they feel that they fixed them, but I feel safer with them off.)

I also don't have anything "Unique" here in my setup. All standard hardware, and a standard setup that is about as common as AIR, in the business world. (HP D530 Ultra-Slim, 3GHz P4, 512 DDR RAM, 40GB WD Hard Drive, NetXtreme GigaBit NIC, Intel Extreme 2 Video, AC97 Sound, and a Serial/Parallel PCI plug-in card that is going to be ripped out and replaced with another NetXtreme GigaBit NIC.)