Change the NAT security options in WinRoute by selecting Settings, Advanced, Security Options, as shown in Figure 13.17.

Enable the rules shown in Table 13.1. The rules that restrict access to TCP 139, TCP 445, and UDP 445 are covered in other rules; however, you might want to enable blocking of these ports and logging to watch access on these ports because they are so critical to a Windows installation. The reason we log into the window is because it's unlikely you will watch your logs. Companies might monitor logs religiously, but most consumers do not have the time or inclination. You can watch activity in the window if you so choose. The reason we use drop instead of deny as the action is because a denied packet can send back denial information to the attacker, letting the attacker know that your system is alive and blocking certain ports. The last rule in our filter list, IP - Any - Any - Drop, is a catchall; it stops any traffic that is not specifically allowed by all previous rules. If you do not specifically allow something in the previous rules, the deny all rule will block all traffic. This might stop some functionality, but it will force you to specifically allow a function.

We disabled the proxy server by selecting Settings, Proxy Server and the mail server by selecting Settings, Main Server. Those servers were not necessary.

We disable remote administration by selecting Settings, Advanced, Remote Administration. It was not necessary. If you were to use the Web Administration option, ensure that you select the Require User Authentication option.

A password was added on the Admin account by selecting Settings, Accounts. Be sure you have a strong password that includes letters, numbers, and special characters.