Guidance for Securing Microsoft Windows XP Home Edition: a NIST Security Configuration Checklist

Total Page:16

File Type:pdf, Size:1020Kb

Guidance for Securing Microsoft Windows XP Home Edition: a NIST Security Configuration Checklist Special Publication 800-69 Sponsored by the Department of Homeland Security Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist Recommendations of the National Institute of Standards and Technology Karen Kent Murugiah Souppaya John Connor NIST Special Publication 800-69 Guidance for Securing Microsoft Windows Reports on Computer Systems Technology XP Home Edition: A NIST Security Configuration Checklist Recommendations of the National Institute of Standards and Technology Karen Kent Murugiah Souppaya John Connor C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 September 2006 U.S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Robert C. Cresanti, Under Secretary of Commerce for Technology National Institute of Standards and Technology William Jeffrey, Director GUIDANCE FOR SECURING MICROSOFT WINDOWS XP HOME EDITION Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-69 Natl. Inst. Stand. Technol. Spec. Publ. 800-69, 175 pages (September 2006) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experiment al procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are nece ssarily the best available for the purpose. ii GUIDANCE FOR SECURING MICROSOFT WINDOWS XP HOME EDITION Acknowledgements The authors, Karen Kent and Murugiah Souppaya of the National Institute of Standards and Technology (NIST) and John Connor of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Elaine Barker, Tim Grance, and Larry Keys of NIST; Chan Lee, Steven Sharma, and Victoria Thompson of Booz Allen Hamilton; and Rob Campbell of Microsoft Corporation for their keen and insightful assistance throughout the development of the document. The National Institute of Standards and Technology would also like to express its appreciation and thanks to the Department of Homeland Security for its sponsorship and support of NIST SP 800-69. Trademark Information Microsoft, Windows, Windows XP, Windows 2000, Windows NT, Internet Explorer, Microsoft Office, Outlook, Outlook Express, and Microsoft Word are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. All other names are registered trademarks or trademarks of their respective companies. iii GUIDANCE FOR SECURING MICROSOFT WINDOWS XP HOME EDITION Table of Contents Executive Summary....................................................................................................................1 1. Introduction ......................................................................................................................1-1 1.1 Authority...................................................................................................................1-1 1.2 Purpose and Scope .................................................................................................1-1 1.3 Audience ..................................................................................................................1-2 1.4 Document Structure .................................................................................................1-2 1.5 Quick Start ...............................................................................................................1-3 2. The Need to Secure Windows XP Home Edition Computers.......................................2-1 2.1 The Roles of Computers ..........................................................................................2-1 2.2 Common Threats .....................................................................................................2-2 2.3 Security Protections .................................................................................................2-4 2.4 Threat Environments................................................................................................2-5 2.5 Summary..................................................................................................................2-6 3. Overview of Security Protections...................................................................................3-1 3.1 Reducing Weaknesses ............................................................................................3-1 3.1.1 Software Updates .........................................................................................3-1 3.1.2 User Accounts and Sessions........................................................................3-5 3.1.3 Networking....................................................................................................3-9 3.1.4 File Extensions and Associations ...............................................................3-12 3.1.5 Services......................................................................................................3-13 3.2 Protecting Privacy ..................................................................................................3-14 3.2.1 Web Browsers ............................................................................................3-15 3.2.2 Files............................................................................................................3-17 3.3 Stopping Attacks ....................................................................................................3-19 3.3.1 Malware Protection.....................................................................................3-20 3.3.2 Personal Firewalls ......................................................................................3-22 3.3.3 Content Filtering .........................................................................................3-24 3.3.4 Popup Blocking...........................................................................................3-25 3.3.5 Security Software Suites ............................................................................3-25 3.3.6 Application Configuration............................................................................3-26 3.3.7 Data Execution Prevention .........................................................................3-28 3.4 Preserving Data .....................................................................................................3-28 3.4.1 Backup or Restore Wizard..........................................................................3-29 3.4.2 Files and Settings Transfer Wizard ............................................................3-29 3.4.3 Third-Party Backup and Restore Utility ......................................................3-30 3.4.4 Third-Party Remote Backup Service ..........................................................3-30 3.4.5 File Copy to Media......................................................................................3-30 3.5 Summary................................................................................................................3-30 4. Installing Windows XP Home Edition.............................................................................4-1 4.1 Prepare for the Installation.......................................................................................4-2 4.2 Back Up Data Files and Configuration Settings.......................................................4-3 4.3 Install Windows XP Home Edition............................................................................4-6 4.4 Secure the Computer...............................................................................................4-9 4.5 Restore the Data Files and Configuration Settings................................................4-10 iv GUIDANCE FOR SECURING MICROSOFT WINDOWS XP HOME EDITION 4.6 Summary................................................................................................................4-11 5. Securing a New Windows XP Home Edition Installation..............................................5-1 5.1 Prepare to Secure the Computer .............................................................................5-1 5.1.1 Gather Needed Materials .............................................................................5-1 5.1.2 Set the Default View for Control Panel .........................................................5-2 5.1.3 Identify
Recommended publications
  • Text File Converted with Freeware Acropad
    XP Tips & Tweaks These tips and tweaks have come from hundreds of individuals across the internet. I have included some of web sites links (below) that cover this popular topic. I have not tried most of these tips, so let me know if some don't work or have mistakes. Tips & Tweaks Links TipsDr Paul Thurrott's Supersite for Windows - XP Tips & Tricks Microsoft WinXP Support Center Microsoft WinXP Professional Microsoft WinXP Home Microsoft WinXP Knowledge Base Articles Microsoft Power Toys for Windows XP Microsoft Windows XP Tips Microsoft Windows XP User Tips Archive Microsoft Windows XP Professional Tips Microsoft Windows XP Home Edition Tips Microsoft Tips & Tricks for Windows XP Professional Microsoft Tips for Techies Stop Jerky Graphics If you are connected to a LAN and have problems with jerky graphics, this might be the solution: ·Right-click "My Computer". ·Select "Manage". ·Click on "Device Manager". ·Double-click on your NIC under "Network Adapters". ·In the new window, select the "Advanced" tab. ·Select "Connection Type" and manually set the value of your NIC. (Not "Auto Sense" which is default.). ·You should reboot. Shutdown XP Faster Like previous versions of windows, it takes long time to restart or shutdown windows XP when the "Exit Windows" sound is enabled. To solve this problem you must disable this useless sound. ·Click Start button. ·Go to settings > Control Panel > Sound, Speech and Audio devices > Sounds and Audio Devices > Sounds. ·Then under program events and windows menu click on "Exit Windows" sub-menu and highlight it. Now from sounds you can select, choose "none" and then click Apply and OK.
    [Show full text]
  • Windows Phone App Security for Builders and Breakers
    Windows Phone App Security for builders and breakers Luca De Fulgentis ~ [email protected] May 22nd, 2015 | Amsterdam About /me . Luca De Fulgentis ~ @_daath . Chief Technology Officer at Secure Network . OWASP Mobile Project Contributor . Nibble Security co-founder - blog.nibblesec.org . Consuming brain-power with InfoSec since 2001 2 Agenda . Introduction – Research overview and motivations . Mobile Top Ten for Windows Phone – Examples of real-world vulnerable code – Discussion on potential insecure APIs usage – Secure coding tips for builders . Final considerations Windows Phone App Security 3 Introduction . In 2014 we collected examples of insecure code for Windows Phone apps – Set of 60+ samples, of which 30% of mobile banking apps – Mostly developed with the Silverlight 8.x technology . Statistics on the initial study has been shared with the OWASP Mobile Project for the MTT 2015 definition . Later, we extended our research developing an automated script that allowed downloading 160+ AppX from US and IT regions of the WP Store – We needed to cover WP 8.1 Windows Runtime (WinRT) security as well Windows Phone App Security 4 Introduction – motivations . Too few (public) resources on WP apps security – MWR’s «Navigation a Sea of Pwn?» (SyScan, 2014) - pretty amazing paper on the topic – XDA Forum represents an invaluable source of information . We want both builders and breakers to be happy! – Provide a wide range of common APIs (MSDN) categorized on the basis of MTT 2014 and also define methods and strategies to mitigate these risks . We defined a public catalog of potentially insecure APIs – Focus on C#/XAML apps, still the most relevant development technologies .
    [Show full text]
  • Pass Microsoft 70-697 Exam with 100% Guarantee
    https://www.certbus.com/70-697.html 2021 Latest certbus 70-697 PDF and VCE dumps Download 70-697Q&As Configuring Windows Devices Pass Microsoft 70-697 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: https://www.certbus.com/70-697.html 100% Passing Guarantee 100% Money Back Assurance Following Questions and Answers are all new published by Microsoft Official Exam Center 70-697 Practice Test | 70-697 Study Guide | 70-697 Braindumps 1 / 13 https://www.certbus.com/70-697.html 2021 Latest certbus 70-697 PDF and VCE dumps Download QUESTION 1 You provide IT support for a small startup company. The company wants users to have Read and Write permissions to the company\\'s shared folder. The network consists of a workgroup that uses Windows 10 Enterprise computers. You add each user to a group named NetworkUsers. You need to grant permissions to the share. You have the following requirements: All users must have Read and Write access to existing files. Any new files must allow the creator to modify the new file\\'s permissions. Which two actions should you take? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Grant Modify permissions to the NetworkUsers group on the shared folder. B. Grant Full Control permissions to the Domain Admins group on the shared folder. C. Grant List and Execute permissions to the NetworkUsers group on the shared folder. D. Grant Full Control permissions to the Creator Owner group on the shared folder.
    [Show full text]
  • Scala Infochannel Player Setup Guide
    SETUP GUIDE P/N: D40E04-01 Copyright © 1993-2002 Scala, Inc. All rights reserved. No part of this publication, nor any parts of this package, may be copied or distributed, transmitted, transcribed, recorded, photocopied, stored in a retrieval system, or translated into any human or computer language, in any form or by any means, electronic, mechanical, magnetic, manual, or otherwise, or disclosed to third parties without the prior written permission of Scala Incorporated. TRADEMARKS Scala, the exclamation point logo, and InfoChannel are registered trademarks of Scala, Inc. All other trademarks or registered trademarks are the sole property of their respective companies. The following are trademarks or registered trademarks of the companies listed, in the United States and other countries: Microsoft, MS-DOS, Windows, Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, DirectX, DirectDraw, DirectSound, ActiveX, ActiveMovie, Internet Explorer, Outlook Express: Microsoft Corporation IBM, IBM-PC: International Business Machines Corporation Intel, Pentium, Indeo: Intel Corporation Adobe, the Adobe logo, Adobe Type Manager, Acrobat, ATM, PostScript: Adobe Systems Incorporated TrueType, QuickTime, Macintosh: Apple Computer, Incorporated Agfa: Agfa-Gevaert AG, Agfa Division, Bayer Corporation “Segoe” is a trademark of Agfa Monotype Corporation. “Flash” and “Folio” are trademarks of Bauer Types S.A. Some parts are derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. JPEG file handling is based in part on the work of the Independent JPEG Group. Lexsaurus Speller Technology Copyright © 1992, 1997 by Lexsaurus Software Inc. All rights reserved. TIFF-LZW and/or GIF-LZW: Licensed under Unisys Corporation US Patent No. 4,558,302; End-User use restricted to use on only a single personal computer or workstation which is not used as a server.
    [Show full text]
  • Repair up to 32 Major Windows Errors Using a Single Tool R 400/1
    R 400.qxp_March 2018 30/01/2018 14:07 Page 15 Repair Your Windows System R 400/1 Repair Up to 32 Major Windows Errors Using a Single Tool Using the information given in this article you will be able to: Create a restore point to protect your system against damage, Repair up to 32 different errors with just one mouse click, Select and correct a specific Windows problem. No Windows system is error-free! Most people are content to simply tolerate minor Windows bugs, because they don’t have the time to hunt for the cause of the error. But small bugs can quickly spiral out of control, so it is important you deal with them fast. There are many tools on the market that claim to help you fix errors, but lots of them are expensive and don’t actually work. In my PC workshop, I use the Windows Repair tool. You can use this tool to look for errors, correct problematic settings and configure Windows to be more stable. And the best thing is that this tool is completely free. In this article, I’ll show you which errors Windows Repair can solve and how to successfully use this tool in practice. • Perform a Professional Error Check on Your Windows System .............................................................. R 400/2 • Important: Create a System Restore Point Before Applying Any Fixes ........................................................... R 400/3 • Use Windows Repair to Quickly Fix Your System ......... R 400/4 • Additi onal Repair Options in Windows Repair .............. R 400/5 • Back up Your Registry and Create a Restore Point ......
    [Show full text]
  • Windows Messenger Live Msn Download
    Windows messenger live msn download Windows Live Messenger latest version: See. Hear. Share. Instantly.. Windows Live Messenger previously known as MSN Messenger, was renamed as part of. MSN Messenger is an instant messaging program that lets you send instant messages to your friends, and much more. Previously known as MSN Messenger, Windows Live Messenger is Microsoft's answer to instant messaging. While largely the same as its predecessor. Windows Live Messenger free download. on their MSN or Hotmail account, as the integration with the email accounts can be. Mobile and web: Using a public computer without Messenger? No problem! You can chat on the web from Windows Live Hotmail or use. Share photos: Look at photos together, right in the conversation window and Messenger tells you when people you know post new photos on Windows Live. Microsoft Windows live messenger free Download Link: Latest Version. Old Version of MSN (Live) Messenger. Website. Developer. Microsoft Corporation. Latest Version. Windows. Messenger, which offers the user the same functionalities as Windows Live Messenger. Windows Live Messenger Final Deutsch: Der Windows Live Messenger, Nachfolger des MSN Messenger, in der Version​: ​ - vom How to Download and Install Windows Live Messenger. Windows Live Messenger is a great way to talk to people online. You can now have a personal picture. Windows 7 by default is installed without Windows Live Messenger. So to get it, we will need to download and install it. select, like setting Bing as the default search provider and setting MSN as your browser home page. is a free, personal email service from Microsoft.
    [Show full text]
  • IBM Endpoint Manager for Remote Control Installation Guide Chapter 1
    IBMEndpointManagerforRemoteControl Installation Guide Version 9.0.0 IBMEndpointManagerforRemoteControl Installation Guide Version 9.0.0 Note Before using this information and the product it supports, read the information in “Notices” on page 115. This edition applies to version 9, release 0, modification level 0 of IBM Endpoint Manager and to all subsequent releases and modifications until otherwise indicated in new editions. Contents Chapter 1. IBM Endpoint Manager for Installing Windows broker support .....63 Remote Control Installation Guide . 1 Installing Linux broker support.......64 Audience ...............1 Versions ................1 Chapter 5. Utility for extracting the Terms used in this guide ..........1 component installation files .....65 Using the additional setup utility .......65 Chapter 2. Overview of the IBM Endpoint Manager for Remote Control system . 3 Chapter 6. Managing the component Using this guide .............5 services ..............67 IBM Endpoint Manager for Remote Control operating Starting, stopping, or restarting the Windows requirements ..............5 components ..............67 A Basic installation ...........6 Starting, stopping, or restarting the Linux Installation with support for firewall and NAT components ..............67 traversal ...............7 Installation with support for remote control Chapter 7. Performing required sessions over the internet .........8 configuration ............69 Server requirements ...........9 Enabling email .............69 Server environment guidelines .......10 Configuring
    [Show full text]
  • Case Study: Internet Explorer 1994..1997
    Case Study: Internet Explorer 1994..1997 Ben Slivka General Manager Windows UI [email protected] Internet Explorer Chronology 8/94 IE effort begins 12/94 License Spyglass Mosaic source code 7/95 IE 1.0 ships as Windows 95 feature 11/95 IE 2.0 ships 3/96 MS Professional Developer’s Conference AOL deal, Java license announced 8/96 IE 3.0 ships, wins all but PC Mag review 9/97 IE 4.0 ships, wins all the reviews IE Feature Chronology IE 1.0 (7/14/95) IE 2.0 (11/17/95) HTML 2.0 HTML Tables, other NS enhancements HTML <font face=> Cell background colors & images Progressive Rendering HTTP cookies (arthurbi) Windows Integration SSL Start.Run HTML (MS enhancements) Internet Shortcuts <marquee> Password Caching background sounds Auto Connect, in-line AVIs Disconnect Active VRML 1.0 Navigator parity MS innovation Feature Chronology - continued IE 3.0 (8/12/96) IE 3.0 - continued... IE 4.0 (9/12/97) Java Accessibility Dynamic HTML (W3C) HTML Frames PICS (W3C) Data Binding Floating frames HTML CSS (W3C) 2D positioning Componentized HTML <object> (W3C) Java JDK 1.1 ActiveX Scripting ActiveX Controls Explorer Bars JavaScript Code Download Active Setup VBScript Code Signing Active Channels MSHTML, SHDOCVW IEAK (corporations) CDF (XML) WININET, URLMON Internet Setup Wizard Security Zones DocObj hosting Referral Server Windows Integration Single Explorer ActiveDesktop™ Navigator parity MS innovation Quick Launch, … Wins for IE • Quality • CoolBar, Explorer Bars • Componetization • Great Mail/News Client • ActiveX Controls – Outlook Express – vs. Nav plug-ins
    [Show full text]
  • How to Use Rules in Outlook and Outlook Express to Forward Email
    How to use rules in Outlook and Outlook Express to forward email. In Outlook Express (6) 1. Click on the Tools menu and select Options. 2. In options select the Send tab. 3. Make sure the settings for Mail Sending Format has the Plain Text radio button selected. 4. Then click the Plain Text Settings button. 5. Leave the Message format on “MIME”. 6. Uncheck the box at the bottom that says “Indent the original text with…”. 7. Click OK. 8. Now click on the Signatures tab. 9. Make sure if you have a signature(s) listed that the box labeled “Don’t add signatures to Replies and Forwards” is checked. Then click OK. 10. Click on the Tools menu and select Message Rules, and then select Mail. 11. Click on the Mail Rules tab. 12. Click the New Button. 13. In the area labeled 1. Select the Conditions for your rule: Select the box next to Where the Subject line contains specific words (in this example we will use the subject but you could use account or email address if desired). 14. Then in the area labeled 2. Select the Actions for your rule: Select the box next to Forward it to people. 15. In the area labeled 3. Rule Description… click on the blue link that says “contains specific words” then type your member code in the box and click on the Add Button and then click OK. 16. Then in the same area click on the blue link that says “people”, then type in the email address of where you want the email to automatically forward to and then click OK.
    [Show full text]
  • Planning for Internet Explorer and the IEAK
    02_Inst.fm Page 15 Monday, October 16, 2000 9:40 AM TWO 2Chapter 2 Planning for Internet Explorer and the IEAK LChapter Syllabus In this chapter, we will look at material covered in the Planning section of Microsoft’s Implementing MCSE 2.1 Addressing Technical Needs, Rules, and Policies and Supporting Microsoft Internet Explorer 5 by using the Internet Explorer Administration Kit exam MCSE 2.2 Planning for Custom (70-080). After reading this chapter, you should be Installations and Settings able to: MCSE 2.3 Providing Multiple • Identify and evaluate the technical needs of business Language Support units, such as Internet Service Providers (ISPs), con- tent providers, and corporate administrators. MCSE 2.4 Providing Multiple Platform Support • Design solutions based on organizational rules and policies for ISPs, content providers, and corporate MCSE 2.5 Developing Security Strategies administrators. • Evaluate which components to include in a custom- MCSE 2.6 Configuring for Offline ized Internet Explorer installation package for a given Viewing deployment scenario. MCSE 2.7 Replacing Other Browsers • Develop appropriate security strategies for using Internet Explorer at various sites, including public MCSE 2.8 Developing CMAK kiosks, general business sites, single-task-based sites, Strategies and intranet-only sites. 15 02_Inst.fm Page 16 Monday, October 16, 2000 9:40 AM 16 Chapter 2 • Planning for Internet Explorer and the IEAK • Configure offline viewing for various types of users, including gen- eral business users, single-task users, and mobile users. • Develop strategies for replacing other Internet browsers, such as Netscape Navigator and previous versions of Internet Explorer. • Decide which custom settings to configure for Microsoft Outlook Express for a given scenario.
    [Show full text]
  • Yahoo Messenger Error Code 7 Softpedia
    Yahoo Messenger Error Code 7 Softpedia Available now for Linux, Mac OS X, and Microsoft Windows. Mozilla Thunderbird 38.0 Arrives with GMail OAuth2 and Yahoo Messenger Support. DESKTOP Windows Messenger, Google Talk, ICQ, Skype), but it can also directly access social with red highlights), or change font to code style (which is especially useful if you're trying There are tons of emoticons you can play with (smiley faces, objects and symbols), and some of them are compatible with Yahoo! Clear Yahoo Messenger cache in Windows. Caution: These steps apply to 32-bit and 64-bit versions of Windows XP, Windows Vista, Windows 7, and Windows. ManyCam also allows you to broadcast four video windows simultaneously or picture in picture video. wont finish downloading, gets stuck everytime and Im on an i7 the exe file runs (and I assume pulls more code down from web) Norton says Trojan. Operating Systems, Windows XP/Vista/7/8 Yahoo Messenger. Yahoo! Messenger can be run on various versions of the Windows operating Download Skype 7.1 Offline Installer Latest Version 2015 Download Skype. -Softpedia.com can add not only keystrokes and mouse actions to your scripts but also manage windows, Facebook, Yahoo, AOL, Hotmail So im using this for a game and it works great but theres one issue it doesnt June 19 at 7:32am. Yahoo Messenger Error Code 7 Softpedia >>>CLICK HERE<<< Telegram Desktop is a powerful, cross-platform messenger app that enables iOS (known as Telegram Messenger) and Windows Phone, but also desktop a valid mobile phone number, which is used for generating a security code.
    [Show full text]
  • Getting Started with Outlook Express for Windows 2000/XP Author Marcie Matsuo Revised by Darren Kato
    WIN9X015 November 2005 Getting Started With Outlook Express For Windows 2000/XP Author Marcie Matsuo Revised by Darren Kato Introduction.................................................................................................................................1 What is Outlook Express ............................................................................................................1 Requirements ..............................................................................................................................2 Where do I get Outlook Express.................................................................................................2 Issues...........................................................................................................................................2 POP and IMAP ...........................................................................................................................2 Installing Outlook Express..........................................................................................................3 Configuring Outlook Express .....................................................................................................3 Using Outlook Express ...............................................................................................................9 Importing Messages From Other Mail Programs .....................................................................12 Using the Address Book ...........................................................................................................14
    [Show full text]