In our days all of us, we use a computer in a small network connected to internet, in our home or in a biggest network in our job for work, information or just entertainment.
However, over time the security risks are increasing but a lot of simple users or small companies, they don't know how to protect themselves from viruses, internet computers attacks, or data abstractions.
At this post, i 'll try to give some personal advices, for your own protection in Windows XP environment , from my experience until today.
1. First of all choose the Windows XP Professional Edition instantly Windows XP Home Edition, for operating system in your computer.
And this, because unfortunately Windows XP Home Edition, doesn't have all of the security features of Windows XP Professional Edition.
2. Use a strong password for each user account you have at your computer. A big security risk at Windows XP installation, is that Administrator account already exists but has a blank password. If a little expert user tries to log on in your machine using this account in safe or normal mode, then he will have full access in your data and in all of your computer settings and information.
3. Password protect your screensaver. If your workstation exists in an place where other people can access, then define a strong password in your screensaver to prevent other users to taking advantage of an unlocked console and then access to your files.
4 Think and choose carefully the users, who wanted to administrate your computer and define them in Administrators Group.
5 Make sure that the "Guest" user account, who created by default from Windows installation, is disabled via the "Users" option in control panel.
6 Check if your "Remote Assistance" and "Remote Desktop" features are disabled in Widows XP Professional (Control Panel > System > Remote). These features are very helpful if you have a problem in Windows XP Pro but if they are unnecessary is a security "hole" in your computer, because if an attacker compromised one of your accounts, he can easily log on at your system from a remote location. By default these features are not enabled and they are unavailable in Windows XP Home Edition.
7 Keep up to date your operating system with services packs and security updates.
8 Install an Anti-virus program in every workstation you use. In the market you can find many anti-virus programs and some of them are totally free, but they do excellent their work, like Avira Antivir, AVG Antivirus or Avast Antivirus.
9 Enable the Windows XP Firewall service from "Windows Firewall" option in control panel.
If you are a more familiar user and understand some of security settings, i suggest you to buy and install a third party personal firewall program from the market. There are always free reliable editions to try like Zone alarm or Comodo firewall.
For the biggest companies i suggest to use a Hardware firewall device solution and assign on it all the security settings required for their needs.
10 Always have installed a malicious and spy ware removal program and check/clean frequently your computer. Some effective programs is Spybot - Search & Destroy and Lavasoft AdWare.
10 Always have installed a malicious and spy ware removal program and check/clean frequently your computer. Some effective programs is Spybot - Search & Destroy and Lavasoft AdWare.
11 Always check your computer for unwanted programs, installed without your own permission. These programs may include viruses, Trojans, key-loggers etc. An excellent removal program for all these, is Malwarebytes Anti-Malware.
12. Always clean your computer from temporary internet files, cookies and stored passwords. By doing that, you keep your computer clean, you release space on your hard drive, and it is impossible from someone else to steal your passwords e.g. in your bank accounts. A program that offers more than enough features and makes it easy to doing all these is CCleaner.
13. Secure your wireless network by defining a wireless password key to access it. Many of ISP's router's comes without a wireless password or they have a default wireless password already defined on them. The best practice is to define a new password at your ISP's router and by doing that, you 'll make it harder to an attacker to compromise your network and your workstations.
14. Define who user on your network can access your shared folders.
This is for the Windows XP Professional Edition only, because unfortunately Windows XP Home doesn't have these feature.
First of all, disable the "Simple File Sharing" feature by visit Control Panel > Folder Options > View and at the end of Advanced settings list uncheck the "Use Simple File Sharing" box and then click OK.
The second step is to remove the Group "Everyone" for accessing your share's folders data following these steps:
a. Right click on each share folder on your workstation and choose "Sharing and Security"
b. In the windows that opens, click "Permissions" and remove the group "Everyone" from the list.
c. Then click "Add" and securely define the users that should be allowed to access your shared folder.
In the Select Users or Groups window, click Object Types > and Uncheck "Built-in security principles" and Click OK. Now type the user(s) account name or Group name with access permissions or click "Advanced" > "Find Now"and then select the user(s) you want and press "OK". Then give the desirable folder rights for each user or Group (Read, Full control etc.) and click "OK".
15. Turn Autorun functionality OFF. When you insert an external hard disk, flash disk or a cd rom in your computer there is a windows functionality that automatically run a set of commands that enable applications to start, start installation programs, or start other routines on the system without requiring user intervention. This is a security risk because malicious code may be executed without user's knowledge. (see Microsoft's article: 967715).
To disable this functionality follow these steps:
a. Click Start > Run > and type "Gpedit.msc" in the Start Search box, and then press ENTER.
b. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
c. In the Details pane, double-click Turn off Autoplay.
d. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
e. Restart the computer.
16. Secure your backups. Always keep a recent backup of your importantly files and store them somewhere away from your workstation's location.
