7.1 Closing Back Doors in Windows XP

Windows XP includes several features that will enable you to implement a reasonable level of security without purchasing additional software or hardware. Unfortunately, Windows is not configured for optimal security by default. The following steps will help you close some of these back doors:

1. By default, the file sharing service is enabled for Internet connections, but in most cases, there's no reason for this. Open the Network Connections window, right-click the icon corresponding to your Internet connection, and select Properties. In the General tab, clear the checkbox next to the "File and Printer Sharing for Microsoft Networks" option. If you have more than one Internet connection icon, repeat this for each of the others, but leave it enabled for the connection to your workgroup (if applicable ).

2. One of the main reasons to set up a workgroup is to share files and printers with other computers. But it's wise to share only those folders that need to be shared, and disable sharing for all others. A feature called Simple File Sharing, which could allow anyone , anywhere , to access your personal files without your knowledge, is turned on by default in Windows XP. Go to Control Panel Folder Options View tab, and turn off the "Use simple file sharing" option.

3. Another feature, called Universal Plug & Play (UPnP), can open additional vulnerabilities on your system. UPnP is a collection of standards that allow such devices to announce their presence to UPnP servers on your network, similarly to how your PnP sound card announces its presence to Windows when you boot your system.

   Windows XP supports UPnP out of the box, but UPnP is a service that most users don't need. Unless you specifically need to connect to a UPnP device on your network, you should disable UPnP on your system immediately or risk exposing your system to several security threats.

   To disable UPnP, open the Services window ( services.msc ). Find the SSDP Discovery Service in the list and double-click it. Click Stop to stop the service and change the Startup type to Disabled to prevent it from loading the next time Windows starts. Click OK and then do the same for the Universal Plug and Play Device Host.

4. The Remote Desktop feature is enabled by default in Windows XP. Unless you specifically need this feature, it should be disabled. Go to Control Panel System Remote tab, and turn off both of the options in this window.

5. Make sure each and every user account on your system has a unique password. Even though you may not be concerned about security between users, unprotected accounts can be exploited by an attack over a network.

6. Use the Internet Connection Firewall (ICF) feature, or, better yet, obtain a router with a built-in firewall, to further protect your computer by strictly controlling network traffic into and out of your computer.

   Open the Network Connections window, right-click the connection icon corresponding to your Internet connection, and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device. (If you're using a DSL or cable connection that requires a login with a username or password, the icon to use is the Broadband connection icon corresponding to your PPPoE connection.) Choose the Advanced tab, and turn on the "Protect my computer and network by limiting or preventing access to this computer from the Internet" option.

   TIP If you find that some things stop working after enabling the firewall, return to the Advanced tab of the Properties dialog, and click Settings. Each checked entry represents a port through which communication is allowed . Click Add to add a new rule, and specify 127.0.0.1 for the Name or IP address. See the next section for details on which port number correspond to which services; for example, specify port 123 to get the Internet Time feature to work while the ICF is enabled.

7. The messenger service (different than Windows Messenger) allows users to send text messages to others on their local network. Unfortunately, this feature is sometimes exploited by spammers who use a command like net send * Hello World , which results in a pop-up window to appear on the Desktops of all computers in the subnet. To disable this, open the Services window ( services.msc ), and double-click the Messenger entry in the list. Click Stop to close the service, and then select Disabled from the Startup type list to prevent it from loading automatically the next time Windows starts.

8. Finally, look for vulnerabilities in your system by scanning for open ports, as described in the next section.