The New Tech - View Single Post - HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA

**APK** · 09:41pm

IF you have a HOME LAN/network? You skip this/leave this alone!

(... & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well).

2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!

E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection! You can either UNCHECK THEIR CHECKBOXES (if say, you do decide to bind this machine to a network of somekind one day, OR have to occasionally (with family/friends' PC's or LAN parties for example))... OR, wholesale uninstall them.

NOTE - sometimes, even TROJANS/SPYWARES/MALWARES HIDE HERE ALSO - the std. set is:

Client For Microsoft Networks (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}

File and Printer Sharing (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}

QoS (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}

Tcp/IP Internet Protocol (need it to get online AND for Active Directory Networks too)

(That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use - sometimes, they're OK! So... look up others you MAY see here & decide if you need them or not, or if programs you do use that are LEGITIMATE need the others I do not list that are not std. w/ Microsoft OS', as those are above)

So, other than Tcp/IP typically, it gets removed here if I have no LAN (via either uninstall OR uncheck).

(I also disable NetBIOS over Tcp/IP in the WINS section of Tcp/IP Properties ADVANCED button section also - see, if you don't have a HOME or WORK LAN you can & go faster + be potentially more secure also. Again, for my single machine setup currently here, I certainly don't need anything more than Tcp/IP running, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN).

Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc)

Also regarding the HOSTS file (which I also mention in this article as it yields HUGE security and speed benefits, more than this does by far imo)?

IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of:

127.0.0.1 localhost

In the HOSTS file, more on it below (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!).

APK

Dec 6, 2007, 08:06pm	Disable unneeded Network Clients &/or Network Protocols
APK Elite Member Posts: 367 Name: The Duke of URL Karma:	IF you have a HOME LAN/network? You skip this/leave this alone! (... & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well). 2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)! E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection! You can either UNCHECK THEIR CHECKBOXES (if say, you do decide to bind this machine to a network of somekind one day, OR have to occasionally (with family/friends' PC's or LAN parties for example))... OR, wholesale uninstall them. NOTE - sometimes, even TROJANS/SPYWARES/MALWARES HIDE HERE ALSO - the std. set is: Client For Microsoft Networks (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs} File and Printer Sharing (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs} QoS (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs} Tcp/IP Internet Protocol (need it to get online AND for Active Directory Networks too) (That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use - sometimes, they're OK! So... look up others you MAY see here & decide if you need them or not, or if programs you do use that are LEGITIMATE need the others I do not list that are not std. w/ Microsoft OS', as those are above) So, other than Tcp/IP typically, it gets removed here if I have no LAN (via either uninstall OR uncheck). (I also disable NetBIOS over Tcp/IP in the WINS section of Tcp/IP Properties ADVANCED button section also - see, if you don't have a HOME or WORK LAN you can & go faster + be potentially more secure also. Again, for my single machine setup currently here, I certainly don't need anything more than Tcp/IP running, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN). Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc) Also regarding the HOSTS file (which I also mention in this article as it yields HUGE security and speed benefits, more than this does by far imo)? IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of: 127.0.0.1 localhost In the HOSTS file, more on it below (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!). APK Last edited by APK; May 23, 2008 at 09:41pm.