Page
7 of 13
Windows
XP
Securing
Windows XP Vol. 1 - Version 2
File Sharing
- Turn
off Simple File Sharing (This
applies to Windows XP
Professional only): Windows XP has 2 modes for
sharing. The
first is called "Simple File Sharing" and the other is referred to as
the "Classic security model". Simple File Sharing allows (actually
forces) that users access those shares under the Guest account. As you
can surmise this isn't the most secure solution even though the Guest
account has limited privileges. The Classic security model forces users
to have an account on your computer and to authenticate by using the
password associated with that account.
- How to Turn off Simple File Sharing: Go to Start > Control Panel > Folder Options. In the resulting window, click on the View tab > Under Advanced Settings: scroll all the way to the bottom and uncheck Use simple file sharing (Recommended), click Apply and OK and close out all the open windows.
- Add
Users : Now that we forced
users to authenticate
themselves, we need to add accounts for them.
- Go to Start > Control Panel > User Accounts > and choose Create a new account > in the resulting screen enter a name for this account and click Next > in the resulting choose Limited account > now click Create Account.
- This takes you back to the User Accounts screen. Click on the account you just created > in the resulting screen choose Create a password > fill in the blanks with the appropriate information.
- VERY IMPORTANT: The user name and password should be EXACTLY the same as the account on the other machines for them to access your shares!
Maintain Your Computer
- Cache Cleaners: In this instance the term "cache" refers to temporary files that are stored on your computer. In the past it meant only things like temporary internet files, history, and cookies. Programs that are (or include) cache cleaners now go far beyond these simple functions. Using these programs can not only improve your privacy but can aid in speeding up (or maintaining the speed of) your computer. There are many programs that can do cache cleaning. CCleaner is a free and excellent cache cleaner.
- Use the IPX/SPX protocol on your home network: This is an optional step. There are 2 reasons we consider this to be optional. The first is that there is no support for IPX/SPX on 64-bit versions of Windows. The second is that a number of self-described experts complained about the addition of this step in the first version of this guide. It should be noted that none of the complaints ever cited anything beyond theory as to why you should not use IPX/SPX in a home environment. As for the authors of this document... Al uses IPX/SPX on his home network. Eric does not use IPX/SPX because he also has Linux and Mac computers on his network. On with this step... A protocol is a language that computers speak to one another. The main language (protocol) of the Internet is TCP/IP and this is also the language that by default Microsoft networks speak. The problem with this is that computers on the Internet can listen in to the conversations in your home network. This means it can not only overhear your computers talking to one another but can join the conversation.
- Remove all shares. This includes drive, folders, files, and printers.
- Next install
IPX/SPX.
From the default type screen:
- Right-click on My Network Places and choose Properties.
- If you do not have a My Network Places in your menu, let's add it now! Right-click on the Start button and choose Properties. In the resulting screen click the Customize next to Start menu. In the resulting screen click on the Advanced tab up top. In the box that says Start menu items: scroll down until you see My Network Places and put a check mark in the box next to it. Click OK to exit out of the screens.
Home Networking
For instance: Say you want to share your mp3 folder with the computer in another room. When that folder is shared it will announce to everyone that it is shared and even give directions on how to reach itself. It will make these announcements whenever your computer starts or whenever another computer asks if it is sharing anything.
To prevent this from happening you can tell your computer to stop speaking TCP/IP for your internal home network and speak IPX/SPX instead. The advantage of this is that the routers that control the Internet are specifically told NOT to speak IPX/SPX leaving your home network conversations private.
To do this we are going to start from a clean slate (all these steps must be done on all computers in your network!!!):
- From the "Classic" type screen: Right-click on My Network Places and choose Properties.
- Find your Local Area Connection icon, right-click on it and choose Properties
- In the resulting screen click the Install button
