Hardening your WinXP Box.

By tek8
Apr 7, 2007
  1. Hey everyone, just thought I'd put up a quick tutorial on how to harden up your WinXP machine. I use no third party utilities, and my OS is Windows XP x64 with Service Pack 2. I am using Windows Firewall from the Security Centre.

    Basically, what you want to do is disable HOSTS/LMHOSTS poisoning, stop your computer from broadcasting NetBIOS information (Your computer name, what domain/workgroup you belong to, etc.), and finally enable TCP/UDP port filtering on your connection.

    First thing's first, lets disable HOSTS/LMHOSTS file poisoning. The HOSTS file is a pre-dated name resolution method, where you would resolve an IP address to a hostname. That is why if you open up your cmd.exe console, and type "ping localhost", it will show "pinging". You are pinging your loopback number, but instead of putting in the ip address, you can simply put in localhost. But this presents a security issue. Suppose you run a program, and it does what it is supposed to do, in the foreground. But in the background, it changes your HOSTS and LMHOSTS lookup file to point something like www.gmail.com to their own website, that looks exactly like the gmail site. So when you open up your browser, and go to check your email, you log into a fake site, and the hacker now has your username and password. To prevent this, do the following:

    Go to Network Connections, find your connection, right click > properties > TCP/IP > Properties > Advanced > WINS Tab

    in the WINS tab, disable LMHOSTS lookup, and disable NetBIOS over TCP/IP.

    Simple as that, right? Now lets do some port filtering. Go to the Options tab, and find TCP/IP Filtering, and hit Properties. Check Enable TCP/IP Filtering.

    Following ports should be opened if you are just doing basic web browsing.

    TCP/80 (HTTP)
    TCP/443 (HTTPS)
    TCP/20 (FTP)
    TCP/21 (FTP)
    TCP/53 (DNS)
    UDP/53 (DNS)
    TCP/7 (PING)

    There you have it, a basic tutorial on hardening your Windows XP box.

  2. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    >First thing's first, lets disable HOSTS/LMHOSTS file poisoning.

    There are valid reasons to have both of these files. To stop the poisoning,
    just mark both of the R/O :)
  3. tek8

    tek8 TS Rookie Topic Starter


    there are many ways to achieve that, i just prefer disabling the lmhosts lookup.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...