What else would you recommend?
What do you do to secure your own system?
What would you add to this list?
Securing Windows XP (paranoid security):
*Only crucial system services running (less exploitable processes + performance improvement),
*Hardened Hosts files (blacklists),
*Uninstalling Telnet/Net meeting/Messenger/WMP/DCOM vulnerabilities, what else?, etc (generic Windows bloatware),
*Disabling UPnP, Administrative shares (IPC$,etc), LMHash, Null sessions, epmap (port 135), SMB (port 445), SSDP (port 1900), etc
*Disabling DCOM, paging from executives, remote desktop, remote registry, TCP/IP NetBIOS Helper (NetBT), etc
*Secure file deletion (DOD 5222.20-M),
*Any server based network hosting capabilities unavailable,
*Group Policy Enforcement set in place (based on NSA checklists)
*Latest Windows Patches,
*Running small apps sand boxed or in VM
*Firewall + AV + Peerguardian (ipblock lists) + IDS app, etc
*Registry tweaks (which?),
*HDD encryption (which?),
*User without Admin privileges,
*etc etc...
What do you do to secure your own system?
What would you add to this list?
Securing Windows XP (paranoid security):
*Only crucial system services running (less exploitable processes + performance improvement),
*Hardened Hosts files (blacklists),
*Uninstalling Telnet/Net meeting/Messenger/WMP/DCOM vulnerabilities, what else?, etc (generic Windows bloatware),
*Disabling UPnP, Administrative shares (IPC$,etc), LMHash, Null sessions, epmap (port 135), SMB (port 445), SSDP (port 1900), etc
*Disabling DCOM, paging from executives, remote desktop, remote registry, TCP/IP NetBIOS Helper (NetBT), etc
*Secure file deletion (DOD 5222.20-M),
*Any server based network hosting capabilities unavailable,
*Group Policy Enforcement set in place (based on NSA checklists)
*Latest Windows Patches,
*Running small apps sand boxed or in VM
*Firewall + AV + Peerguardian (ipblock lists) + IDS app, etc
*Registry tweaks (which?),
*HDD encryption (which?),
*User without Admin privileges,
*etc etc...