Basic Steps to Installing XP Safely con't

Configure your firewall router

Every firewall router is different and you'll have to consult the user guide for your product as to the specifics as to how and what you can configure. The basics are:

• Change the default password - make it hard to guess!
• Disable remote administration - ensures people on the outside of your home network can't access your router.
• Get the latest firmware - Firmware contains the router's operating instructions. Periodically these instructions are update to provide better security. Check with your manufacturer's web page to see if you need to update your firmware.
• Enable port blocking and enable stealth mode if the firewall router supports it.

Configure your firewall software

Every software firewall is different. Some will have wizards to walk you through the process. Nonetheless, here are some general rules to follow to "harden" your firewall protections:

General rules for configuring software and hardware firewalls

Baseline test your current firewall configuration. There are a number of sites which test your firewall, GRC is one. Click on the ShieldsUp link in the middle of the page. Then after doing the following re-test your new configuration:

1. Block everything you can at the hardware level before it reaches your system, i.e., at the firewall router.
2. Close everything, all ports/protocols as default. Open only those ports/protocols that you actually need to have open.
3. Prohibit all inbound connections entirely unless you are running a secure VPN.
4. To protect open ports/protocols, always get a hardware router/firewall that has Stateful Packet Inspection.
5. If your router provides MAC address selection, exclude all MAC addresses except those MAC address actually on your LAN.
6. Do exactly the same with software firewalls, but add to that outbound program control.
7. Limit the NAT address range at the router to only enough internal IP addresses to accommodate the systems on your LAN.
8. If your firewall has a "stealth" setting, use it.

Wireless 801.11x Settings

Wireless presents a slightly different set of security considerations. Most modern wireless firewall routers or Access Points have some additional important security features that should always be set. One important point is that you should generally disable XP's "Wireless Zero" service, and use connectivity software provided by your wireless hardware manufacturer. You should read your hardware's manual for more complete instructions specific to your firewall router or Access Point. Again, always update the firewall router or Access Point firmware to the latest versions.

The most critical settings are as follows:

1. Change the "SSID" of your device from the manufacturer's pre-designated name. Disable SSID broadcasting if possible.
2. Always password protect your device with a difficult to duplicate password (discussed earlier), and change the login name if this is supported.
3. If the device has MAC Inclusion/Exclusion (most devices made these days do), exclude all devices by default and permit only the MAC addresses of your wireless devices.
4. Enable wireless encryption at the highest level supported for WEP (usually 128 bit encryption), and remember to set the same access code for all your devices.  Note, recently more experienced crackers have found easy and fast ways to "break" WEP protection and to emulate MAC addresses, so be careful when using wireless devices where those are the highest levels of security.  Better yet, look for a wireless device and NIC that supports WPA-PSK a more modern, harder to break wireless encryption protocol.  We recommend that readers consider replacing older wireless devices with their more modern counterparts that provide higher levels of security.  While older wireless devices may have adequate protection from casual crackers, they cannot protect wireless LANs, or wired LANs to which an older wireless device is attached, from more serious cracking.
   

Disabling Services

These services are by default set to either Automatic or Manual. Disabling these services can help make your computer more secure. ***Important! - Read what every service does before you disable it or your computer may cease to function properly!

The description of these services has come from Microsoft. It has become a game to try and find these on the Microsoft web site because they have been slow to update the descriptions for SP2. It seems they would rather delete the pages than update them. As of this moment you can find them here and here.

After reading the descriptions, choose the ones you wish to disable and follow these steps:

• Press the Windows + R keys, in the resulting box type services.msc and the services snap-in will appear. Scroll down to each service you wish to disable. You disable it by double-clicking on the service, a new window will appear. In that windows go down to the box next Startup type and use the arrow on the right to choose Disabled. Go down to the bottom of that windows and choose Apply and then OK. Restart when you've finished disabling all the services that you desire to.