Securing Windows XP

[TweakHound]

Fellow ABXZone members!
Our own computer security guru PCBruiser and I have written a guide:
Securing Windows XP
by
Allen C. Weil
&
Eric W. Vaughan

Quote:

Introduction

This guide will show you how to secure Windows XP. While it covers the basics it also goes beyond them without going into "paranoid" mode. Protecting yourself from all the “bad guys” on the Internet requires a multi-tiered approach. There is no single product, either hardware or software based that will adequately protect you from the perils of being connected to the Internet. Only you can protect yourself and that will require some effort to understand the nature of the threats, the potential ways to protect yourself, and how these protective measures can be integrated together.

This guide is for home users in a stand-alone or workgroup environment. It is intended as a step-by-step guide and we highly suggest you read through the entire article before taking any action. We welcome suggestions and feedback.

This article is available as a download also and is ONLY AVAILABLE TO ABXZONE MEMBERS!!!

http://www.abxzone.com/abx_reviews/tweak_al/secure_p1.html

Download Page

[PCBruiser]

Please use this thread to post any comments, suggestions or responses to the document.

And, my personal thanks to Tweakhound for starting this project, and asking me to become involved. So, thank you Tweaskhound, it was a great pleasure working with you on this project.

[TweakHound]

Back at ya buddy!

[BlendNo27]

Nice to see all the security info in one place. Good job guys.

[PCBruiser]

...bump for members who might not have seen this in the queue.

[(Bullwinkle)]

Very Impressive! Great Job guys! Very informative, even for a non-geek.

[DBoone]

Read the first page from work. Great work guys! I'll be downloading it just as soon as I get home.

Thanks to you both for the effort that went into it.

[PCBruiser]

To the several dozen new members who joined today to read this document: Welcome to ABX. And, stay a while, there is a lot of excellent information on many subjects here. We welcome new members here and encourage their participation.

And, to those who have posted comments here, thanks as well.

[opaper]

I haven’t read the whole article yet but it looks excellent. Very decent of you two guys.

[SupDawg]

Wow, nice article. I did notice that in the Windows XP firewall, you guys said that it does not provide outbound protection. Is that still the case on SP2. I know when I access certain programs that connect outside the network, it aks me to unblock.

Very nice articla indeed!!!!

Two thumbs way up!!!!

[switch_abx]

I just downloaded your publication. I didn't go through it yet, but I thank you both for all the efforts you have put into it!

[switch_abx]

Use a password for your account - Page 7

Many years ago I read that a password containing the character "space" is undetectable by a cracking program.

So, I always recommend to include "space" as character in a password. What's your opinion on what I read many years ago? If it's a valid issue, may be you can include it in that Paragraph??

[Monkey Hanger]

A well written article. Thanks guys!

[k0NG0]

Quote:

Originally Posted by switch

Use a password for your account - Page 7

Many years ago I read that a password containing the character "space" is undetectable by a cracking program.

So, I always recommend to include "space" as character in a password. What's your opinion on what I read many years ago? If it's a valid issue, may be you can include it in that Paragraph??

For all I know, that's nonsense unless the implementation of the password system is abysmal.

The normal way of storing passwords in any type of environment is by using a cryptographic hash function and create a digest of the password. That results in a binary string which is non-reversible, i.e. you can't obtain the original password if you know the hash of the password. From a hash function's point of view, the input is binary data, and in the case of passwords I would imagine it's ASCII data, or perhaps Unicode if the application's modern enough. In that setting, a space is not different from a '3', a 'ß' or an 'A' in that they are all binary strings representing a graphical character.

Linux's password system uses the *nix crypt() function, which is a one-way function. Others use the MD5 hash, and the good ones today use SHA-1 or a variant of the SHA family.

Edit: SHA-1 is the Secure Hash Standard which is a NIST standard (FIPS 180-1). It produces a 160-bit hash. MD5 is older and creates a 128-bit hash, but a Chinese scientist has created collisions in full round MD5, which means it's not useful to put in new systems, as manufactured collisions is a sign of the hash's death.

[grsamf]

Tweakhound and PCBruiser,

A truly amazing piece of work. Concise, simple, to the point. Thanks for your efforts.