Lockdown Steps

You can take many steps to further increase the security of the operating system. In a home environment, implementing more security features will have less of an impact than might be possible in an office networked environment. In an office, many computers need to communicate with each other, and too many internal restrictions can lead to administrative problems. Many of the security measures can also be applied in the NT environment:

• Rename the Administrator account— For a sophisticated attacker, a renamed Administrator account does pose a serious obstacle. However, as we have mentioned, many attackers are unskilled, or they are just script kiddies who use publicly available tools for attacks and don't really understand the underlying principles of how exploits work. Simple steps such as renaming the Administrator account can easily fool tools.

• Create a fake administrator account— If you rename the Administrator account and then create an account called Administrator that has no privileges, an attacker will go after the fake Administrator account. Attackers usually launch brute force attacks against the Administrator account.

• Disable the guest account— The Guest account is a default account in Windows 2000. It should be disabled because all attackers know the account exists and can be a source of possible brute force attacks.

• Replace the “Everyone” group— The “Everyone” group gives anyone who gets into your network access to data that is assigned to the Everyone group. The group Authenticated Users should be used for file share access.

• Disable unnecessary services— By default, Windows has many services installed that might not be necessary to the function of your home system. In an office network environment, more services such as Terminal Server or DNS Server might be needed. For your home, however, you can turn off many services. To turn off services, you can access the service listing by selecting Start, Settings, Control Panel, Administrative Tools, Services. You see the window shown in Figure 10.31. You can double-click a service and stop it and change the startup option to Manual or Disabled at startup. Several services that can be disabled include Distributed Link Tracking Client, Distributed Transaction Coordinator, Alerter, Internet Connection Sharing, Fax Service, Net Logon, Remote Access Connection Manager, Remote Registry Service, Run As Service, Simple Main Transport Protocol, Simple TCP/IP Services, SNMP Service, SNMP Trap Service, and Telnet.

  Figure 10.31. Service listing.