Hardening your WinXP Box.

By tek8
Apr 7, 2007
Topic Status:
Not open for further replies.
  1. Hey everyone, just thought I'd put up a quick tutorial on how to harden up your WinXP machine. I use no third party utilities, and my OS is Windows XP x64 with Service Pack 2. I am using Windows Firewall from the Security Centre.

    Basically, what you want to do is disable HOSTS/LMHOSTS poisoning, stop your computer from broadcasting NetBIOS information (Your computer name, what domain/workgroup you belong to, etc.), and finally enable TCP/UDP port filtering on your connection.

    First thing's first, lets disable HOSTS/LMHOSTS file poisoning. The HOSTS file is a pre-dated name resolution method, where you would resolve an IP address to a hostname. That is why if you open up your cmd.exe console, and type "ping localhost", it will show "pinging 127.0.0.1". You are pinging your loopback number, but instead of putting in the ip address, you can simply put in localhost. But this presents a security issue. Suppose you run a program, and it does what it is supposed to do, in the foreground. But in the background, it changes your HOSTS and LMHOSTS lookup file to point something like www.gmail.com to their own website, that looks exactly like the gmail site. So when you open up your browser, and go to check your email, you log into a fake site, and the hacker now has your username and password. To prevent this, do the following:

    Go to Network Connections, find your connection, right click > properties > TCP/IP > Properties > Advanced > WINS Tab

    in the WINS tab, disable LMHOSTS lookup, and disable NetBIOS over TCP/IP.

    Simple as that, right? Now lets do some port filtering. Go to the Options tab, and find TCP/IP Filtering, and hit Properties. Check Enable TCP/IP Filtering.

    Following ports should be opened if you are just doing basic web browsing.

    TCP/80 (HTTP)
    TCP/443 (HTTPS)
    TCP/20 (FTP)
    TCP/21 (FTP)
    TCP/53 (DNS)
    UDP/53 (DNS)
    TCP/7 (PING)


    There you have it, a basic tutorial on hardening your Windows XP box.

    -tek8
  2. jobeard

    jobeard TS Ambassador Posts: 13,275   +280

    >First thing's first, lets disable HOSTS/LMHOSTS file poisoning.

    There are valid reasons to have both of these files. To stop the poisoning,
    just mark both of the R/O :)
  3. tek8

    tek8 Newcomer, in training Topic Starter

    :)

    there are many ways to achieve that, i just prefer disabling the lmhosts lookup.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.