 |
|
|
|
Next: registry doesnt allow me to add enviromental vari..
|
| Author |
Message |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 16) Posted: Wed Jan 23, 2008 8:35 am
Post subject:
|
|
|
http://img297.imageshack.us/img297/2240/52041100vo6.png
That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.
A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...
* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):
http://www.xtremepccentral.com/forums/showthread.php?t=28430
APK
P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk |
|
| Back to top |
|
 | |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 17) Posted: Tue Feb 05, 2008 7:24 pm
Post subject: Enjoy a
|
|
|
As regards the "Russian Business Network" (RBN) who has been @ the heart of MANY online
attacks (or, things like Zlob trojan & IDTheft related attacks, etc. et al)? Use this information to protect yourselves, from them.
( RELIABLE/REPUTABLE SOURCE USED = http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7465 )[/b]
----
FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1"
(That is simply because iirc, the zero's based one leads to a NULL port type of request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple of reasons (which it took me some time to come up w/ & testing as to which is "better" to use)).
SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses + loads FAR faster, PLUS, it has LESS MEMORY OCCUPANCY too once loaded - a more efficient structure & faster to init. too
----
USING NOTEPAD.EXE
ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):
# === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
0.0.0.0 rxpharmacy-support.com
0.0.0.0 ns3.cnmsn.com
0.0.0.0 thecanadianmeds.com
0.0.0.0 officialmedicines.com
0.0.0.0 psxshop.com
0.0.0.0 10000xing.cn
0.0.0.0 222360.com
0.0.0.0 adslooks.info
0.0.0.0 bnably.com
0.0.0.0 eqcorn.com
0.0.0.0 familypostcards2008.com
0.0.0.0 freshcards2008.com
0.0.0.0 happy2008toyou.com
0.0.0.0 happysantacards.com
0.0.0.0 hellosanta2008.com
0.0.0.0 hohoho2008.com
0.0.0.0 kqfloat.com
0.0.0.0 ltbrew.com
0.0.0.0 mymetavids.com
0.0.0.0 obebos.cn
0.0.0.0 parentscards.com
0.0.0.0 postcards-2008.com
0.0.0.0 ptowl.com
0.0.0.0 qavoter.com
0.0.0.0 santapcards.com
0.0.0.0 santawishes2008.com
0.0.0.0 siski.cn
0.0.0.0 snbane.com
0.0.0.0 snlilac.com
0.0.0.0 tibeam.com
0.0.0.0 tushove.com
0.0.0.0 wxtaste.com
0.0.0.0 yxbegan.com
0.0.0.0 iframedollars.biz
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 RUSOUVENIRS.COM
0.0.0.0 RBNNETWORK.COM
0.0.0.0 NS1.INFOBOX.ORG
0.0.0.0 NS2.INFOBOX.ORG
0.0.0.0 NS1.RUSOUVENIRS.COM
0.0.0.0 NS2.RUSOUVENIRS.COM
0.0.0.0 NS1.RUSOUVENIRS.NET
0.0.0.0 NS2.RUSOUVENIRS.NET
0.0.0.0 SBTTEL.COM
0.0.0.0 AKIMON.COM
0.0.0.0 AKIMON.NET
0.0.0.0 EEXHOST.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 VALUEDOT.NET
0.0.0.0 ns0.valuedot.net
0.0.0.0 ns1.valuedot.net
0.0.0.0 1000WATT.BIZ
0.0.0.0 2SOVKA.NET
0.0.0.0 AIDEN-GROUP.COM
0.0.0.0 AKIMON.COM
0.0.0.0 ALEKC.NET
0.0.0.0 ANDREY-STUDIO.INFO
0.0.0.0 AUTOKUBAN.INFO
0.0.0.0 AVIATRAVELAGENCY.COM
0.0.0.0 AVTOMOBILEY.NET
0.0.0.0 BAGATITSA.COM
0.0.0.0 BAIKERGROUP.COM
0.0.0.0 BALTICDOORS.COM
0.0.0.0 BALTMONOLIT.COM
0.0.0.0 BRIGADA-EL.COM
0.0.0.0 CARPRIVOZ.COM
0.0.0.0 CHILLERU.COM
0.0.0.0 CVETOVODSTVO.COM
0.0.0.0 E-GOLD-CHANGER.COM
0.0.0.0 ELECTRONOV.NET
0.0.0.0 FASHIONER.BIZ
0.0.0.0 FFFFFF.ORG
0.0.0.0 FIFACUP06.INFO
0.0.0.0 FISHTORG.COM
0.0.0.0 FKGARANT.COM
0.0.0.0 FOTORETUSH.COM
0.0.0.0 FREGATSOFT.COM
0.0.0.0 FROLROMANOFF.COM
0.0.0.0 FULLVER.INFO
0.0.0.0 GAKKEL.COM
0.0.0.0 GARANTSERVICE.ORG
0.0.0.0 GDEDENGI.INFO
0.0.0.0 GLAZKI.NET
0.0.0.0 GOLD-DRAGON.INFO
0.0.0.0 GORODM.COM
0.0.0.0 GRAYZI.NET
0.0.0.0 GRIFFINFLY.COM
0.0.0.0 HEAT-ENERGO.COM
0.0.0.0 HITEMA.NET
0.0.0.0 HYIPREVIEW.INFO
0.0.0.0 HYIPSMAP.COM
0.0.0.0 ILOXX.ORG
0.0.0.0 IMYA.INFO
0.0.0.0 INFODOSKA.COM
0.0.0.0 INTERNETWORLDBOOK.COM
0.0.0.0 KLIMATA.NET
0.0.0.0 KOMOV.NET
0.0.0.0 KOSMETICHKA.NET
0.0.0.0 LIDTRADE.COM
0.0.0.0 LIFE-RU.ORG
0.0.0.0 LPSPB.COM
0.0.0.0 M-OST.NET
0.0.0.0 M-UNLOCK.COM
0.0.0.0 MAMRU.COM
0.0.0.0 MAPSERV.COM
0.0.0.0 MASTERDOKS.COM
0.0.0.0 MIRMED.COM
0.0.0.0 MOOSEMUSE.COM
0.0.0.0 MOREPRODUCT.NET
0.0.0.0 MUSEMOOSE.COM
0.0.0.0 NESTRONICS.COM
0.0.0.0 NESTRONICS.NET
0.0.0.0 NOFUN.INFO
0.0.0.0 OIL-GAS-MINERALS.COM
0.0.0.0 OKOSHKA.NET
0.0.0.0 OPTIMUS.BIZ
0.0.0.0 OTKRITKI.NET
0.0.0.0 OTKRITOK.NET
0.0.0.0 PARALLELSIXTY.COM
0.0.0.0 PASSOMONTANO.COM
0.0.0.0 PETROBALT.NET
0.0.0.0 PHARMACY-MD.COM
0.0.0.0 PISKUNOV.NET
0.0.0.0 POIGRAI.INFO
0.0.0.0 PROETCONTRA.ORG
0.0.0.0 PSOLAO.ORG
0.0.0.0 ROSEL.INFO
0.0.0.0 SBTTEL.COM
0.0.0.0 SECONDAPPROACH.COM
0.0.0.0 SMARTSOFTLINE.COM
0.0.0.0 SMESHNOY.COM
0.0.0.0 SQUAREDREAM.COM
0.0.0.0 STROIINFORM.COM
0.0.0.0 STROYBRIGADA.COM
0.0.0.0 TANK-HOBBY.COM
0.0.0.0 TECHNONORDIC.COM
0.0.0.0 TELEUNITED.NET
0.0.0.0 TEPLOCOM.COM
0.0.0.0 THERMOCAUTERY.COM
0.0.0.0 TIARU.COM
0.0.0.0 TRADEFINANS.COM
0.0.0.0 TRADEFINANS.NET
0.0.0.0 TRAININGS-TRIUMPH.ORG
0.0.0.0 TSAR-SUVENIR.COM
0.0.0.0 UEFACUP08.INFO
0.0.0.0 UMNIKSOFT.COM
0.0.0.0 UNDERCOOLED.NET
0.0.0.0 VALIDBIT.COM
0.0.0.0 VERESC.ORG
0.0.0.0 VOROLAIN.COM
0.0.0.0 WHITENIGHTSHOSTELS.COM
0.0.0.0 WORLDFONDS.NET
0.0.0.0 XRUST.NET
0.0.0.0 YAHOCHU.COM
0.0.0.0 Z-GROUP.INFO
0.0.0.0 ZDRAV.INFO
0.0.0.0 ZHESTOV.NET
0.0.0.0 ZOOSPB.COM
0.0.0.0 goldenpiginvest.com
0.0.0.0 goldenpiginvest.net
0.0.0.0 pharmacy-viagra.net
# === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
Also - You can (AND SHOULD) verify your HOSTS file location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe
& going here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc
(Unless you KNOW that YOU move it, as I do!)
I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!
That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).
----
FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):
I.P. address block for Russian Business Network:
81.95.144.0/20 #SBL43489
(81.95.144.0 - 81.95.159.255)
And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:
85.255.112.0/20 #SBL36702
(85.255.112.0 - 85.255.127.255)
69.50.160.0/19
(69.50.160.0 - 69.50.191.255)
194.146.204.0/22 #SBL51152
(194.146.204.0 - 194.146.207.255)
Lastly/Optionally - You should block all IPs starting with these if you do not care about Russia and China:
193.
194.
195.
213.
217.
62.64.
62.76.
(AND, A few major Internet providers that provide services to RBN including)
Tiscali.uk
SBT Telecom
Aki Mon Telecom
Nevacon LTD
Frame Cash
76service
Noc4Hosts
APK
Last edited by APK on Mon Apr 07, 2008 12:02 am; edited 1 time in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 18) Posted: Thu Feb 21, 2008 8:47 pm
Post subject:
|
|
|
So you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above?
Well, I strongly suspect "they're @ it again" & here is why:
Cyber-attack launched from 10,000 web pages:
http://itnews.com.au/News/71994,cyberattack-launched-from-10000-web-pages.aspx
"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
(AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)...
APK
Last edited by APK on Mon Apr 07, 2008 12:07 am; edited 3 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 19) Posted: Thu Feb 21, 2008 8:48 pm
Post subject: Heh, popped in to see viewcount 5 days after my last: 500++
|
|
|
"New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:
SECOND MASS HACK EXPOSED:
http://www.itnews.com.au/News/72214,second...ck-exposed.aspx
AND, the source I used for this list:
http://ddanchev.blogspot.com/2008/03/more-...ame-attack.html
And, the salient portion that notes that my suspicion was correct:
"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"
------
So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:
START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
0.0.0.0 do-t-h-e.com
0.0.0.0 rx-pharmacy.cn
0.0.0.0 m5b.info
0.0.0.0 hotpornotube08.com
0.0.0.0 hot-pornotube-2008.com
0.0.0.0 hot-pornotube08.com
0.0.0.0 adult-tubecodec2008.com
0.0.0.0 adulttubecodec2008.com
0.0.0.0 hot-tubecodec20.com
0.0.0.0 media-tubecodec2008.com
0.0.0.0 porn-tubecodec20.com
0.0.0.0 scanner.spyshredderscanner.com
0.0.0.0 xpantivirus2008.com
0.0.0.0 xpantivirus.com
0.0.0.0 bestsexworld.info
0.0.0.0 requestedlinks.com
END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:
do-t-h-e.com (69.50.167.166)
rx-pharmacy.cn (82.103.140.65)
m5b.info (124.217.253.6)
hotpornotube08.com (206.51.229.67)
hot-pornotube-2008.com (206.51.229.67)
hot-pornotube08.com (206.51.229.67)
adult-tubecodec2008.com (195.93.218.43)
adulttubecodec2008.com (195.93.218.43)
hot-tubecodec20.com (195.93.218.43)
media-tubecodec2008.com (195.93.218.43)
porn-tubecodec20.com (195.93.218.43)
scanner.spyshredderscanner.com (77.91.229.106)
xpantivirus2008.com (69.50.173.10)
xpantivirus.com (72.36.198.2)
bestsexworld.info (72.232.224.154)
requestedlinks.com (216.255.185.82)
Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):
89.149.243.201
89.149.243.202
72.232.39.252
195.225.178.21
* Enjoy, stay safe, & keep surfing!
APK
Last edited by APK on Mon Apr 07, 2008 12:13 am; edited 4 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 20) Posted: Thu Mar 13, 2008 8:23 am
Post subject: UPDATE ON RBN (04/07/2008) - more servers to add to HOSTS!
|
|
|
The "RBN"'s still @ it (per earlier in this guide/last page)
&
Gaining more servers to attack folks with online!
(Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):
http://ddanchev.blogspot.com/
He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).
APK
Last edited by APK on Mon Apr 07, 2008 12:20 am; edited 10 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 21) Posted: Fri Mar 14, 2008 11:31 am
Post subject: HOW TO SECURE ADOBE ACROBAT READER (ANY VERSION) vs. JScript
|
|
|
For users of Adobe Acrobat Reader (of any version or patch level today - safety hint):
Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears truly "ill will")?
Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY?
(I say this, & simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)
Plus, like I had stated earlier in this guide?
I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??
Try this FOR ADOBE ACROBAT READER ALSO:
TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER!
Simply to be safe vs. attacks in it that are javascript-based in nature!
----
Use Adobe Acrobat's EDIT menu
PREFERENCES submenu
Javascript section (in left-hand side column of options)
& uncheck "Enable Acrobat Javascript" in the right-hand side option for that.
----
What boggles MY mind, moreso in webbrowsers &/or email programs though (as far as javascript is concerned)? Browser makers are working on speeding up its processing, first, rather than securing its weak/exploitable DOM (document object model) behind it.
Speeding up javascript in webbrowser programs, for example?
WELL - That's only speeding up how FAST you can be infected by misuse of javascript then, really, & this is all (not good!).
(AND, anyone reading here now can simply take a read over @ SECUNIA.COM &/or SECURITYFOCUS.COM & see that a GOOD 95% of today's attacks are hitting users via the indiscriminate use of javascript (misuse of it) on every website they go to).
----
Imo @ least, but, one based on the data in this guide (plus that from security websites I noted above)?
Javascript should be turned off by DEFAULT in a webbrowser!
Why??
Well, because most times, if a site needs it???
The site errs out & signals the user javascript is required. Turn it on @ that point, IF you absolutely NEED it to be running (& only then, for useful tasks you wish to perform online, such as data access like you see on shopping &/or banking websites)
I mean, hey: Even adbanners have been abused this way & proofs of that abound in this guide no less.
In fact, when I noted this over @ slashdot?
I was "modded down" for it, & just for telling the truth to javascript (& other scripting languages) developers... just for telling the truth! Boggles the mind. Secure that DOM behind javascript first, for security, AND ONLY THEN, work on speeding it up afterwards. That's not how it's being done though, unfortunately.
----
10 Forces Guiding the Future of Scripting:
http://developers.slashdot.org/comments.pl?sid=994291&threshold=-1...p;comme
----
Another bonus (for speed this time though, not security), also exists in turning off javascript processing in webbrowsers: Speed.
I.E.-> You're not using CPU cycles processing scripts that you probably don't actively directly use, yourself (such as ARE needed on e-commerce/shopping + banking websites, where you DO need it mostly to do actual useful tasks), & you're also not "hauling in" data from other servers (slowing you down even moreso, if not compromising your system (such as have been seen the past 4++ yrs. now or so, in bad adbanners that house javascript misuse)) that you don't really need, or want, around on your webpages you view...
APK
P.S.=> That assures you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)...
So, evidence as to WHY one should do this to Adobe Acrobat Reader (until it's patched vs. this type of thing):
Critical Vulnerability In Adobe Reader:
http://it.slashdot.org/article.pl?sid=08/11/05/2042211
(Dated 11/06/2008, 8 months after I noted this here no less - if/when Adobe secures THIS particular exploit in their program? Turning off javascript processing (enabled by DEFAULT in that program no less, mind you) can help protect vs. other exploits like this one, in the future, that misuse javascript)...
----
Turning off javascript in this program, & also webbrowsers + email programs simply assures you that you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)... apk
Last edited by APK on Thu Nov 06, 2008 8:12 am; edited 3 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 22) Posted: Tue Mar 18, 2008 5:59 am
Post subject: ADD-REMOVE CONTROL PANEL APPLET (know YOUR APPS!)
|
|
|
USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET!
This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area.
IF you don't recognize a ware?
Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).
APK
Last edited by APK on Mon Apr 07, 2008 12:41 am; edited 3 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 23) Posted: Sun Mar 23, 2008 2:47 pm
Post subject: TELNET SERVICE & GROUP/USER SECURITY!
|
|
|
SECURING THE TELNET SERVICE & USER GROUPS:
And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).
http://www.markusjansson.net/exp.html
Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm
He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).
APK
P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:
=================================
APK "A to Z" Internet Speedup & Security Text!
=================================
http://www.neowin.net/news/main/01/11/29/a...--security-text
=================================
Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk
Last edited by APK on Mon Apr 07, 2008 12:48 am; edited 7 times in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 24) Posted: Mon Mar 31, 2008 4:13 pm
Post subject: ACCURACY CHECKS & SUPPLEMENTARY INFORMATION SOURCES
|
|
|
I also "took the liberty" of contacting a well-known "security-pro" (in Don Parker of "SecurityFocus.com" fame, whom I post with @ Security Forums online with whose URL is below & I referred he to it, as it is the same content as the one here)!
This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:
**********
Hello apk,
I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.
--Don
That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all) in the arena of computer security, & DO realize that though this person has a certification in this area, it does NOT make him the "voice of God" - certs are NICE, but they are not the same as actual degrees in this field + decades of hands-on experience. Musical folks will tell you the diff. between TABLATURE & READING MUSIC, for instance (as an analogy) is WORLDS apart in terms of know-how...
--------------
ALSO - DO please check this page out, for even more security points:
http://csrc.nist.gov/itsec/download_WinXP_Home.html
Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf
----
The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?
That also lists a "6.32 Removing Malware" section as well!
So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!
(In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)
Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!
E.G.->
Securing wireless networks
Securing MS-Office apps better
Script file extensions associations with notepad.exe for instance (for safety vs. scripted attacks)
More on email & webbrowser security
The SIGVERIFY utility (file signature checker)
Disabling unneeded accounts
That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).
APK
Last edited by APK on Thu Jun 26, 2008 12:24 pm; edited 1 time in total |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 25) Posted: Mon Apr 07, 2008 3:08 am
Post subject: NICE TOOL TO KNOW ABOUT
|
|
|
|
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 26) Posted: Mon Apr 07, 2008 3:19 am
Post subject: I think it's done @ last (at least from MY contribution)
|
|
|
To all interested/reading:
I think this is it guys, I know of NO MORE to secure a Windows System... & again - IF any of you have ponits to add, please do so, but, I only ask that you keep it @ a technical computer security level (per my 1st initial post here's "P.S." section @ its termination).
* ENJOY A FASTER & SAFER Windows based system of modern variety (2000/XP/Server 2003 & even VISTA) online today (especially TODAY!)...
APK
P.S.=> In other words, please - no "grammar & spelling" English "writing style" critiques, as they do NOT help to secure a system further... I did try to keep it as SHORT as possible, & to have folks use the CIS Tool to help make it easier + more fun. HOWEVER, @ times, the material is complex & I could not "shorten/condense it" anymore w/ out losing critical details & such! Please bear with that much, & gain by this thread by getting those 90++ scores on CIS Tool, surfing safely & F A S T E R online as a bonus once you apply the points I layered ontop of CIS Tool's guidance points (based on "industry best practices" & such)... thanks! apk |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 27) Posted: Wed Apr 30, 2008 1:32 pm
Post subject: Re: HOW TO SECURE Windows 2000/XP/Server 2003 & make it fun [Login to view extended thread Info.]
|
|
|
More security tools/info. (04/28/2008), for APPLICATION LEVEL SECURITY:
(I.E.-> For checking for apps you have that may be security vulnerable OR have been patched vs. said vulnerabilities, etc.):
----
SECUNIA PSI (checks for outdated OR apps that are known to be insecure):
https://psi.secunia.com/
NEW VERSION (released very recently too).
A good program, by a trusted & WELL-KNOWN security-oriented website online (I tried version 1 earlier on last year, it needed work. This one is solid though, so far @ least, imo!)
(It works, & sometimes catches things FILEHIPPO UPDATE CHECKER below, won't - good "2nd Doctor's opinion" etc.)
----
FileHippo's Update Checker (checks for outdated OR apps that are known to be insecure, supplement's PSI above):
http://filehippo.com/updatechecker/
Decent program as well, & good to use as a supplement to the SECUNIA PSI Tool as well (from a well-known file downloads site also in filehippo).
(It works, & sometimes catches things SECUNIA PSI above, won't - good "2nd Doctor's opinion" etc.)
----
Windows Vulnerability Scanner:
http://www.pspl.com/download/winvulscan.htm
Nice program for checking Microsoft Operating Systems &/or Ms-Office versions vs. missing security patches, & it works, very well!
----
APK Registry Cleaning Engine 2002++ SR-7:
http://www1.techpowerup.com//downloads/389/foowhatevermakesgooglehappy.html
* Yes, "shameless plug" on MY part on the last one, but, it does have "security benefits"...
(& more than potentially useful forensics ones, because it shows you what files a user calls upon via its lists (it does check recently used filelists, but, will also list those files the user attempted to delete (this assumes he may have been attempting to hide them)))... it is 100% proven SAFE on all 32-bit versions of Windows (see its description & feedback by users on the download page) 9x-VISTA as well)).
APK |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 28) Posted: Thu Jul 03, 2008 2:58 pm
Post subject: For those interested in custom HOSTS file usage: [Login to view extended thread Info.]
|
|
|
For those of you interested in using custom HOSTS files (for BOTH added security & added speed online)?
"APK Hosts File Grinder 4.0++"
http://www.thenewtech.com/forums/attachment.php?attachmentid=58&st...&d=
(Sorry, this board does NOT allow "dynamic image tags" so, if you wish to see a screenshot of it, where I documented its development? See here -> http://www.thenewtech.com/forums/chit-chat/today-4378/index32.html#post16080 )
----
The application above has been built by myself, for folks just like YOU, & of course, myself!
----
It allows you the end-user, the ability to:
1.) DO very EASY Integrating the HOSTS files of others, such as MVPS.ORG & others noted @ wikipedia, here -> http://en.wikipedia.org/wiki/Hosts_file (even if in other internal line-by-line formats) "scrubbed into" the MOST EFFICIENT format there is (allowing less memory &/or disk space occupancy for loading, of 0<singlespace>URL<cr+lf> ), first, & then...
2.) Speed up access to your fav sites, via 1st pinging them (so their IP Address IS up-to-date/current), & adding them to the normalized non-repeat line items list on the right above
3.) Add/remove sites from a hosts file, but by first checking for their pre-existence inside the HOSTS file on ADDS, & rejecting if there already (& adding if NOT present)
4.) Lastly, it will FULLY NORMALIZE (accurately 110%) a HOSTS file (normalize = removal of duplicates)...leaving you with one in the MOST efficient format line-wise there is (noted above, which consumes less memory & faster loadtime from disk)
----
It has allowed me to:
A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area) , & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even) , reduce its size that way (1/2 the intial size almost from all that date) , first...
B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!
C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).
-----
* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:
apk4776239@hotmail.com
APK
P.S.=> General statistics on its, while in operation:
700k-5900k memory occupancy prior to load of HOSTS file data...
( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)
Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)
PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)
(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))
+
A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)
Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 29) Posted: Mon Jul 14, 2008 6:14 pm
Post subject: ANOTHER REASON TO KEEP JAVA/JAVASCRIPT & THE LIKE, OFF! [Login to view extended thread Info.]
|
|
|
Researcher to demonstrate attack code for Intel chips:
http://www.infoworld.com/article/08/07/14/Researcher_to_demonstrate_at...k_code_
SALIENT/PERTINENT EXCERPT:
----------------------------------------------------
"Kaspersky says CPU bugs are a growing threat, with malware being written that targets these vulnerabilities... Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel's microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running."
----------------------------------------------------
* Now can anyone see WHY I recommended turning off Java/Javascript (& other browser addons/extension languages) for "every site you use under the sun" + IFrames etc.? Personally, this one's pretty bad, worse than what is out there/here now, worse than rootkits even in some ways...
However, I also think worse are on the way even moreso...
(... & I mentioned the architecture they could possibly use, quite "terminator-like", for rootkit delivery systems & such here earlier. Especially ones that can flash your BIOS, &/or other updateable PROMS (mainly because if usermode tools from vendors like ASUS + GIGABYTE & doubtless others can do it, from inside Windows, so can malwares & same way (via drivers & bios img files))
APK
P.S.=> There are more examples inside this guide, & of this SAME type of idea (crank off the java/javascript etc. et al & ONLY keep it active on sites you ABSOLUTELY need it for, to have the site function properly - lessening your potentially attackable surface online basically).. heck, even adbanners have exploits of this nature in them lately...
The examples I put in this guide ARE far older too, dating back 1-3 yrs. but the point is only here, again, & moreso (far more dangerous this time, imo @ least)... apk |
|
| Back to top |
|
| |
Joined: Dec 12, 2007
Posts: 33
|
(Msg. 30) Posted: Fri Aug 29, 2008 9:29 am
Post subject: [Login to view extended thread Info.]
|
|
|
Well, @ this point?
I think this guide's PRETTY SOLID, because nobody has been able to "add points" to it, from across 27 other forums online (many are "serious geek" oriented sites too)!
(... & the fact that some folks from "THE PLANET" (a large website & hosting provider online) offered to hire me on as a remote security specialist @ this point (pretty cool) for Win2k3 servers they use, as well as what appears to be their personally managed or owned sites also (KTInteractive)).
In any event?
@ People Reading:
This IS your "Iron Man Armor Online"!
So, have @ it ('snap it on') - & enjoy a F A S T E R, & FAR MORE S E C U R E online setup on your Windows NT-based OS' of today (Windows 2000/XP/Server 2003 & yes, even VISTA to a good extent) via applying CIS Tools' suggestions & my own that "layer ontop of it"...
* I am FAIRLY certain it's done - As I can't think of any more points & methods to secure your Windows NT-based rigs, & thus, I close this post off... she's all done as far as I am concerned... this same message will go across ALL others like it that I am still able to edit/add to online, @ some point today in fact.
APK
P.S.=> Sorry for the 'closing note' but, if anyone's interested, this is the "final model" of this guide & its points... enjoy! apk |
|
| Back to top |
|
| |
| Related Topics: | Windows Live Onecare and Windows Defender - I use Windows Vista and I'm currently trying the Windows Live Onecare. Before this I was using the Windows Defender an...
Windows Firewall will not start in Windows Vista - I had the same problem: service wouldn't start and all kinda errors. It happened right after my machine joined the doma...
Windows Defender Enough? - The only spyware protection I am running is Defender. Would it be redundant to run Spybot S&D also? Is it necessar...
Windows Defender - For some reason Windows defender will not up date itself with new definitions, I have Norton Anti Virus and all was ok...
Windows Defender - Do I need to download any spyware software when I already have windows defender?
windows security alerts - l keep getting a pop up when loadind vista.automatic settings for updates is turned off and will not allow me to updat... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
Windows