Securing a home PC running W2K
I have been using the Internet for one year now. I have been hit by three hacker attacks and four virus attacks, all of them successful (My disks have been checked from another PC). My PC had to be reinstalled each time. I have tested and bought both antivirus and firewall software.
Are there any user guides, or do you know how to set up Windows 2000
Professional in a safe way (user rights, policy, Internet connection)? This is for home use with four users who have their home folders on a separate NTFS partition. I want to implement good security both for their privacy and on the Internet (passwords and bank services).
I am thinking of doing all of this in a correct manner, then implementing both the antivirus and firewall software.
There are several ways someone can invade your system:
* They can exploit an open port on your system that has a vulnerability. Windows is known for having a number of these, such as the IIS Web server. There's also the file sharing system. You should turn any and all of these off.
* Or an intruder can put some sort of hostile program on your system. Viruses are an
example of a hostile program. You can get others through ActiveX on Web
pages, Web scripting and so on.
The good news is that that is really it -- those are the two ways someone can hurt you.
You absolutely *must* run a virus checker. It doesn't really matter whose you use. McAfee, Symantec and Trend are all perfectly good. They all update themselves automatically, too. Get one, especially if you've been hit before. You don't need me to tell you that.
You can also get personal firewall software, from the antivirus people, and from other companies like Network Ice.
To find out what you might have running that you didn't realize, Gibson
Research has a free service they call Shields Up!
It is a Web-based scanner that will
check your system for open TCP/IP ports that may have vulnerabilities.
Systems that are known to be secure are secure by simple means -- they
don't run any servers that can be exploited. The odds are that you don't
want to do so either, so you should turn them off. Not running that
software is the best way. It wouldn't surprise me if you installed IIS
without knowing it, and people used that Web server to hack into your
Knowing what to do to turn things off is easier said than done. You need to do a bit of reading. Microsoft
has some resources.
Since you have been attacked, you should also read up some general articles on how to secure Windows 2000. Look at the SANS library
< > for a lot of good information. Also look at SecurityFocus
. Some more articles can be found at
, and another
good article at System Experts
I hope all this helps. Remember the basics:
* Don't run any server software you don't need. If you need it inside your house, use a firewall or something else to make sure only specific people can use it.
* Don't run strange programs. Yeah, that's hard, but get a virus scanner, turn off ActiveX in your browser. That takes care of most everything.
This was first published in May 2001